Let’s say a site declares itself OpenPD compliant on its homepage. If you go to another page on that site and it doesn’t declare compliance, are you still protected? You’d think so. But let’s imagine you go to a different product by the same company that doesn’t declare compliance. You probably aren’t protected. Where to draw the line of jurisdiction so that users are best protected but services aren’t scared to use OpenPD?