[repolfx]

The EU has asserted it does have such jurisdiction.

The risk to local newspapers is low for now, but comes from the possibility of future agreements by the USA to cooperate with the EU on GDPR enforcement (e.g. as part of some trade deal), or their executives going to the EU for a business trip or holiday and coming under jurisdiction that way, or selling or wanting to be sold to a firm with EU presence, etc etc. Lots of ways the EU can end up with leverage over an apparently small and local firm.

[adventured]

It doesn't matter what the EU asserts. They do not have that jurisdiction, unless they're planning a military invasion of the US and plan to rob it of its sovereignty.

Just like the US does not have the ability to dictate to China what privacy laws look like in that country or how US citizen data is managed within that country (eg when I visit a Chinese site).

How could any this possibly be difficult to understand?

If South Dakota comes up with its own crazy privacy laws, that doesn't mean it gets to actually "assert" how EU sites must manage data for people from South Dakota. It doesn't matter how much South Dakota screams about it, that state has no power to dictate anything to the EU. You would only have to particularly worry about it, as an EU site, if you were eg hosting a server in South Dakota, or doing business there.

edit: replying to your comment below, because my replies are throttled

It is in fact how jurisdiction works today and yesterday and always. The exceptions require agreed upon, established laws between the parties that say otherwise, which you just admitted is the case by referencing FATCA as an example.

[repolfx]

That's not how jurisdiction works these days.

Look at FATCA. A US law that every financial institution in Europe has to comply with whether they like it or not.

The EU knows it isn't going to invade the USA. Nonetheless, it has explicitly asserted many times that everyone, globally, is expected to comply, regardless of whether they have any EU corporate presence or not. Why do you think they would do that, if they aren't intending to find ways to make it enforceable? And there are certainly many tools available to do that with that aren't military in nature.

[jacobgreenleaf]

FATCA “applies” to foreign corporations because bilateral treaties were signed, and a lot of the agreements were reciprocal.

[repolfx]

No it doesn't. FATCA applies to foreign corporations because otherwise the US financial system will freeze them out, moreover FATCA requires recursive application of this rule, that is part of FATCA compliance involves determining if your counterparties are FATCA compliant and freezing them out. It has nothing to do with bilateral treaties.