This case can be framed more like "an american company suspended an american account of an american citizen to comply with Chinese local law." Operating in China doesn't necessarily expand its jurisdiction into the US. What Zoom should have done is blocking participants in China from the meeting created by Zhou and Wang rather than suspending a US citizen's account.
For the case of Gitlab, Google and Gitlab are both US based companies so it makes sense to comply with the US law.
Almost every multinational companies have some level of presence in China, even Google has offices there. If we apply your logic, China should be allowed to order search and seizure warrants to those companies for any user information that might related to their national security. Of course, this is absolutely non-sense.
Well isn't it just a matter of what penalties China can enforce on the presence there if they refuse to comply? If the majority of their tech team is there it gets hard to argue that they have no access. Maybe they just threatened someone with the access and with not enough time to speak to legal?
I already told you how to appropriately handle the situation without provoking PRC that much, which is supposed to be just a common sense to multi-national companies. And even PRC probably doesn't want it to get this level of Western media attentions given the political landscape. Even a mere software engineer myself know this; but Zoom just simply messed it up by deciding not to do so.
For the case of Gitlab, Google and Gitlab are both US based companies so it makes sense to comply with the US law.