The legislation in the US is permissive, not compulsory. American consumers should hassle the fuck out of their ISPs to ensure they don’t implement data mining passthrough to third parties.
Here, the threat is to encryption. Again. Whenever an application which promotes end-to-end encryption is compromised, the marketplace generally provides an alternative, which everyone can and should switch to. However, the likelihood of vendors accommodating the UK’s threat of enabling government backdoors (setting aside the feasibility of such a feat without compromising the encryption in other ways) seems minimal, especially when those vendors are based overseas. Do you really think the population will wear someone like WhatsApp turning round and saying “because of the UK government’s stance on end-to-end encrypted messaging, we are blocking our service in the UK”? Because that’s more likely what will happen, at least with companies who have spines. If you find out your app’s vendor has folded and implemented backdoor access, you should move. Immediately.
With respect to VPNs, any service which does nothing more than encrypt your data between your phone jack and some endpoint somewhere on the Interwebs will likely be your best bet. Any service which advertises geoblocking workarounds and torrent privacy will likely be subject to some form of interference or legal hassles, jeopardising your service provision (oh, hi Netflix.
So yeah, I dunno