That's a great question that I wish I had a clear answer to. I would (hesitantly) assume that it would be the location which you are accessing the website from. I base this on the assumption that it would be similar to GDPR laws, where US companies serving EU customers must comply with EU laws (or non-California companies serving Californians having to comply with CCPA). Sorry I can't be of more help - it might be worth asking r/legaladvice or somewhere similar with a higher concentration of lawyers.