this is (slightly) less of a problem in other countries than the US. The real problem in the US is that after they demonstrably screw everyone else over, politicians pass many questionably effective laws - and then immediately start rolling it all back because "regulation hurts Americans".
In the EU GDPR was a response to the abject failure of companies to actually self regulate - there was an actual consequence of a failure of self-regulation: the GDPR adding financial penalties for abusing consumers.
If the companies had actually self regulated, and actually self-limited their collection of data, and if only they hadn't sold off everyone's data to anyone and everyone, then they wouldn't have to deal with the GDPR.
So if the companies think it /is/ too aggressive, they've only got themselves to fault.
