The easiest and most reasonable option would be to honor GDPR and similar laws.
If you scam people in country A from country B, you're criminally liable to country A even if it's not a crime in country B. Same if it's espionage (cf. Assange), piracy (cf. TPB) and so on. Why should infringing on privacy rights be any different?
If you scam people in country A from country B, you're criminally liable to country A even if it's not a crime in country B. Same if it's espionage (cf. Assange), piracy (cf. TPB) and so on. Why should infringing on privacy rights be any different?