Happens a lot, mostly when US Companies with a majority of their customers in the US make changes without thinking about other countries/ taking them seriously.
Additionally, ToS really don't count for much in the EU, they're usually not enforcable anyway, if there's anything out of the ordinary at all. There's a whole lot of stuff in ToS nobody is ever going to be able to enforce at all.
They probably expected to fly under the radar, without making sure it's even okay everywhere. Well, that's not going to happen I guess.
I suppose it doesn't make a material difference if it's enforceable, since if you have personal data on their platform right now you have to assume it's been accessed or consumed in some form.
They obviously had an inent to start using the data for something, and given what I know about tech businesses, I wouldn't assume they only started once the ToS change was made. I would consider my data compromised.
Additionally, ToS really don't count for much in the EU, they're usually not enforcable anyway, if there's anything out of the ordinary at all. There's a whole lot of stuff in ToS nobody is ever going to be able to enforce at all.
They probably expected to fly under the radar, without making sure it's even okay everywhere. Well, that's not going to happen I guess.