Protecting consumers’ personal information is no longer a by-product of business operations. Since 2018, adoption of General Data Protection Regulation (GDPR) Regulation EU 2016/679 has pushed countries to revamp their data privacy laws and regulations. However, many countries are still adopting or lack such privacy laws, leading to an inequality in handling users’ data privacy as a fundamental right. We argue that it is possible for users to develop different IT identities with different IT, based on their salient privacy expectations formed by the place where they are interacting with these IT. We plan to apply a mixed methodology for data collection and data analysis. This research will contribute to the current IS literature in a variety of ways by examining how organizations’ compliance and non-compliance to GDPR, as well as better understanding how countries’ adoption and non-adoption of data protection regulations and privacy laws can generate inequality in organizations’ privacy practices. In addition, the study will extend the established IT Identity theory by examining the impact of the data protection regulations in shaping users’ different IT identities and trust.