You're not wrong, but purely from a practical standpoint, your data is out there and without a service like this to hold these companies to account, they could cover things up/downplay the situation/be too incompetent to know they've leaked data.
An operation like this levels the playing field and lets us collectively hold companies to their responsibilities.
"The regulation applies if the data controller (an organisation that collects data from EU residents), or processor (an organisation that processes data on behalf of a data controller like cloud service providers), or the data subject (person) is based in the EU. Under certain circumstances,[2] the regulation also applies to organisations based outside the EU if they collect or process personal data of individuals located inside the EU. The regulation does not apply to the processing of data by a person for a "purely personal or household activity and thus with no connection to a professional or commercial activity." (Recital 18) "
The EU laws apply to people and entities outside of the EU, he is not immune from these EU laws because he is affecting the lives of every European who has an email address in this website.
