1. Public legal process for data requests
2. Now that I think about it, there are no requests for data at all (they don't have to ask, it's just given)
3. Ability for any Chinese company to say no to gov requests
Surely you don't view these circumstances as the same?
Want to look like a lion? They scan your face, use their algorithm to stretch the lion face on you, and because you're moving, it's a compute intense thing so done more in the cloud than on-device.
But as it's off device biometrics, it falls into the Illinois BIPA category (only focused biometrics law in the USA) so they collect consent up front.
Let's not forget OFAC lists, anti money laundering laws and FATCA requirements. These are driven primarily from the USA but the penalties are felt globally. Your employer likely has to get all your details to ensure you can get legally paid, otherwise they may be severely penalized.
Yes, if the organizations are targeting consumers in the EEA (EU + a few extra countries). It's part of the reason why these companies are required to have an Article 27 EU Rep resident in the EU: to interact with regulators.
The three have a lot in common, with key differentiators e.g. the backbone connectivity of GCP is far different than that of AWS.
What worked for me is that I went deep into one of them, then uses this resource to 'map' what I learned on GCP to AWS: https://cloud.google.com/docs/compare/aws (use the table mid way down the article), and this gave me a great framework on which to build my AWS knowledge.
When any other country has a law like that, they are obviously the bad guys.