I'm saying if that you argue that country-a service provider is required to follow the laws of a user from country-b, perhaps because you agree with the laws of country-b (regarding "protection of privacy" in this case), then that logic creates a problem when you don't like the laws of country-b or when they in fact conflict with the laws of country-a.
I was specifically responding the the assertion that "If a company wants to operate in Europe and accept European customers, they abide by the law" and pointing out that accepting that logic may not lead where you want it to lead.
Sure you can refuse to do business with customers from other countries, but now you have to have some process for determining what jurisdiction the user is from including figuring out how to protect yourself from a foreign jurisdiction that decides that you didn't do enough to discern the true jurisdiction of the user (who may have given incorrect information, clicked through the form, etc).
It is not obvious exactly what would be the best way to manage that risk.
