I don't know where you're from, but on this side of the pond we have GPDR.

In the US, we don't.

How is GDPR enforced though? With enough disregard for the law, the service provider can just lie about the data they have. I don’t know of a mechanism where you can actually force an audit to confirm that. You can basically ask the provider for all the data they have about you, but you can’t find out if they’re lying.