RE: Regulation arbitrage... Facebook again. own your data!
The General Data Protection Regulation (GDPR), which will apply from 25 May 2018, creates consistent data protection rules across Europe. It applies to companies that are based in the EU and global companies that process personal data about individuals in the EU.
While many of the principles build on current EU data protection rules, the GDPR has a wider scope, more prescriptive standards and substantial fines. For example, it requires a higher standard of consent for using some types of data, and broadens individuals' rights with respect to accessing and porting their data. It also establishes significant enforcement powers, allowing a company's supervisory authority to seek fines of up to 4% of global annual revenue for certain violations.