Data protection regulations are various. While research has found regulations to be an effective means for privacy in some data disclosure contexts, the ineffectiveness of most cookie banners is a negative example. Therefore, we investigate which contextual factors cause these differing results. Over a series of workshops with legal experts, we identified two main types of regulatory measures: measures with and without user action. Based on dual-process theories, we propose in this research-in-progress that regulations should involve users only in privacy decisions in high-effort contexts and should mandate privacy in low-effort contexts. To investigate this proposition, we plan to conduct a scenario-based survey where participants from six countries disclose data in a high- versus a low-effort context. By applying a hierarchical linear model, we want to group individual differences by regulatory differences of countries. The expected results will show whether effects of different regulatory measures on individual behavior are context-dependent.