Because U.S. law and directives never affect people outside the U.S..However, to me, when it comes to GDPR, it seems ludicrous, and quite illegal, that any business in any country outside the EU should be beholden to any policy passed by the EU. EU law should have ZERO legitimacy outside of the EU. Otherwise, what's to stop any country/countries from setting international law all on their own. Crazy.