MEPs don't create laws in the EU, it's the Commission that controls that. MEPs may only rubber stamp or delay them somewhat. They aren't politicians in any normal sense.
It is true that MEPs lack the right of initiative, as in, they can't introduce laws, only the commission can. I do see this as a major democratic deficiency of the EU system. But there are some valid reasons why this is the case, which is way too off topic to go in to here.
The GDPR is widely-considered to be the state of the art privacy law, and other countries (including states in the US) are drawing inspiration from it.
I have no budget to be able to comply with GDPR, my web apps are barely break-even as it is. I don't even cater to EU citizens, and even though I don't do anything shady with personal information, I'm still at risk of running afoul of some regulator in some far off country. So my choice is to keep running this risk or just block all European IP addresses.
IMO that's not really "state of the art," and the more countries / provinces / municipalities that pass their own convoluted regulations the more risk it puts me under as a small business owner.
The net result is only huge companies have any hope of being able to afford the compliance costs with all of this bullshit.
Eh... if you don't do business in Europe and don't target EU citizens, you don't need to worry about GDPR. It only applies if you sell to EU citizens or ship products to Europe or in some way advertise that your company does business in Europe. [1]
The regulation is definitely state-of-the-art in terms of end user privacy, even if some companies don't have a state-of-the-art response to the challenges it poses.
I run commercial web apps. Literally anyone in the world with a credit card could sign up. I guess I need to put serious thought into straight up blocking Europe since I don't have budget for regulatory compliance.
You're operating under the incorrect assumption that the EU owes some individuals or companies in some far of country an existence, even at the cost of the privacy of EU citizens.
It doesn't.
Obey the law or stop serving the European market, it's that simple.
