Specific laws on data protection, and by extension, social plugins, are generally determined on a national level. Jurisprudence therefore differs from country to country. Across most European countries, however, similar data protection laws apply, although if you happen to be operating in multiple countries, you should be aware of different legislation in every country.
In contrast to the United Kingdom, American data protection laws are particularly liberal; there is absolutely no universal legislation that applies across different industries. Since 2016, a framework known as the EU-US Privacy Shield has been in place in an attempt to ensure the legal transferal of data between the USA and Europe, however, it is up to international companies that commit themselves to the agreement to comply with its standards. Furthermore, it is unclear how long the current agreement will remain in force, given the political developments in the USA, with many experts and civil rights advocates expressing doubt over the validity of the procedure. This is particularly because the agreement tends to favour Europeans and benefit them unfairly over US citizens.
The legal status of social plugins is complicated further when it comes to the matter of hosting. In general, it is only possible to ensure that specific legislation is upheld by hosting providers located in your own country. If personal data is processed via an outsourced server (as many cloud servers are), these servers comply with the data protection laws of the country in which they are situated. Concerned users should therefore inform themselves in advance about whether their webhost provides adequate data protection in line with EU regulations. In March of 2017, however, several service providers have committed themselves to an alternative ‘Code of Conduct’ through the CISPE (Cloud Infrastructure Services Providers in Europe) organisation, which offers cloud customers the option to save and process data specifically within EU countries.