Device makers may see privacy legislation in California and other U.S. states as a source of regulatory balkanization, but that very same problem is cropping up in the international arena. In addition to the European General Data Protection Regulation (GDPR), privacy requirements are popping up in Brazil and elsewhere, and Eric Bowlin, a partner at Deloitte Risk & Financial Advisory, told attendees on a virtual symposium that the best approach might be to base a compliance program on general principles.