[RafiqM]

So to my understanding, the law does not actually refer to EU Citizens, and rather it refers to people within the EU (citizen or not).

I found this excerpt from https://cybercounsel.co.uk/data-subjects/ informative:

A Data Subject under GDPR is anyone within the borders of the EU at the time of processing of their personal data. However, they can also be anyone and anywhere in the context of EU established Data Controllers an Data Processors.

If the Data Subject, moves out of the EU border and say becomes an expat, or goes on holiday then their personal data processed under these circumstances is not covered by the GDPR and they are no longer a Data Subject in the context of the GDPR, unless their data is still processed by an organisation “established” in the EU.

[Swizec]

So an EU business has to treat me under GDPR if I’m a EU citizen even if I’m abroad but a US business does not.

That kinda makes sense?

[Symbiote]

Seems so, but the EU business has to treat all citizens under the GDPR, regardless of nationality.

I wonder if this could be attractive? "By EU law, we won't sell your data" is stronger than an American company's promise.