Re: Incompatible laws
Every US company that works with EU data, via subsidiaries or not, is technically breaking GDPR law at the moment.
Well, yes and no.
If that data contains personally identifying information (PID), or is not adequately anonymised to the extent that PID can be extracted, or individuals identified, and that PID is being sent to the US, then yes.
If the PID elements of the data are stored and processed in the EU, in accordance with GDPR rules, and only the outputs from the processing, which would have to contain no PID, or any way to identify individuals, or small groups, are sent to the US for processing, then that is probably okay.
If everything occurs on servers in the EU, in accordance with GDPR, and only the money goes off to the parent company in the US, then there's no problem there. This is why a lot of companies have incorporated subsidiaries in each country, or bloc, they operate in. (And, incidentally, because of the bloc bit there, yet another reason why Brexit is an act of economic self-harm for the UK)
Essentially, it's only a botherance for companies which make their business out of sweeping up as much PID as possible and analysing, in the US, it for profit. In this case, Facebook, but I'd not be surprised to see similar against the likes of Google Alphabet, Apple, et al. It makes sense, too, for the regulators to go after the most egregious offenders first, and then work their way down the list.
IANAL, of course, but this is my understanding.