I see where you're coming from, but that's not quite true.
GDPR basically puts international transfers into two buckets: Adequacy Decision, and Other. Adequacy decision means the other country's laws are "good enough," and your obligations are literally just to put the words "Adequacy Decision" in your privacy policy somewhere.
Other means you need to take "additional safeguards" to ensure data privacy is protected. This is a bit of a bother, but eminently feasible. The "standard" way to do this is put additional terms in the contracts you sign with third parties (and only use third parties where you have signed contracts).
The situation with the United States is unique: the EU have ruled that no possible safeguards are good enough. US law enforcement's needs override any contract you can sign, so it is legally literally not possible for an American company to safeguard data. This makes data transfers to the US substantially more restricted than data transfers to any other third-party country.
I'm not aware of any other country outside of Europe that competes in the tech space and doesn't have laws similar to the CLOUD act. There's been a ruling on the conflict with American law, yes, but I doubt most other jurisdictions would pass the requirements.
Everybody wants full control over the data stored in their jurisdiction but nobody wants their citizens' data to leak to other governments.
GDPR basically puts international transfers into two buckets: Adequacy Decision, and Other. Adequacy decision means the other country's laws are "good enough," and your obligations are literally just to put the words "Adequacy Decision" in your privacy policy somewhere.
Other means you need to take "additional safeguards" to ensure data privacy is protected. This is a bit of a bother, but eminently feasible. The "standard" way to do this is put additional terms in the contracts you sign with third parties (and only use third parties where you have signed contracts).
The situation with the United States is unique: the EU have ruled that no possible safeguards are good enough. US law enforcement's needs override any contract you can sign, so it is legally literally not possible for an American company to safeguard data. This makes data transfers to the US substantially more restricted than data transfers to any other third-party country.