Absolutely.
There are two things on this point. One of them is that harm is always contextual. Something can seem absolutely safe in terms of, say, data collection your doctor has, and you turn around and someone else has it. It's dangerous. It's never absent context and use, ever, so I would argue that structural categorization is incorrect.
The reason we look to Europe all the time and ask what Europe is doing.... I know it's appealing to say that what they are doing over there may be thoughtful, but geopolitically, from an economic perspective, they want their own Google, Amazon and Microsoft. When you gin up all this complexity, you protect your national industry. This is a way to enable the economy to grow, based on domestic rules.
There is, then, that broad harmonization conversation you're hearing. How well has that worked to date globally with data protection law? It has not. It has not worked with privacy either.
Those are the two pieces of a response to that.