Doesn’t work that way. This issue is that CloudFlare is a US company and can be compelled to disclose information to US Govt regardless of where they hold the data.

I came here to say this. People should read at least the Wikipedia summary for CLOUD act. It's classic US legislation, 'we don't care about borders when it suits us' style.

Yes, but while the US generally wants to have their dick up your arse, GDPR makes sure your butt is protected by law.

It's not the same, because the GDPR only concerns itself with EU citizens ( based on which it claims jurisdiction). The US doesn't pretend to bother itself with such trivialities.

The same way that US sanctions are applied by the US and everyone everywhere should follow them or risk fines and sanctions. No other country does this - when France sanctions Iran, only French citizens and companies are concerned.

"These laws apply outside our borders because the data is about our citizens"

"These laws apply outside our borders because the data is stored by our companies"

...are both examples of projection of power beyond borders, just with very slightly different rationale.

You can see very clearly what's most important for each one: USA cares about money, EU about people. I don't consider it a very slightly different rationale. And it's the same abount health care, really two different ways of life.