1. The administrative/maintenance cost of complying: this is sunk if you have European users at all.
2. The cost of the measures to your business model, if personal user data is a central part of your business model.
3. The adminstrative cost of maintaining radically different user data management systems for EU -vs- non-EU users.
Doing number 3 is only worthwhile if it's a lower cost than number 2. I would guess 3 would be higher than 2 for most companies. Clearly, 2 is extremely high for Facebook.
I can imagine that there is a local minimum of costs 2 & 3 where the infrastructure is modelled so that privacy legislation is supported, but the company makes no commitment to enforcement/compliance anywhere but the relevant jurisdiction. That way you've take the sunk costs of development (technical and compliance), but drained the project of any administrative costs for the rest of the world...
1. The administrative/maintenance cost of complying: this is sunk if you have European users at all.
2. The cost of the measures to your business model, if personal user data is a central part of your business model.
3. The adminstrative cost of maintaining radically different user data management systems for EU -vs- non-EU users.
Doing number 3 is only worthwhile if it's a lower cost than number 2. I would guess 3 would be higher than 2 for most companies. Clearly, 2 is extremely high for Facebook.