[_-___________-_]

Can you provide a source? All information I'm able to find says that it applies to EU & EEA residents, with no mention of citizenship being relevant.

Edited to add: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_gui... (it's not even residency that is key - just being present in the EU+EEA)

[s_dev]

Here is the official source -- you aren't exactly providing many sources yourself beyond repeating what you've "seen":

https://ec.europa.eu/info/law/law-topic/data-protection/refo...

[vonmoltke]

That page has no reference to citizenship, and multiple to location. It contradicts what you claim it supports.

[_-___________-_]

It took a while to find a primary source, but there is a good set of guidelines laying out how the regulations should be interpreted here: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_gui...

They are very clear - the GDPR protections apply to those that are "in the Union", and the guidelines clarify that citizenship (and, in fact, legal residency) are irrelevant. One must simply be present in the territory that the regulation applies to (which is EU+EEA). Being a citizen of a EU country and being outside the union, the GDPR protections would not apply to you. Being a citizen of a third country and being inside the union, they would.

[_-___________-_]

Uh... did you read the page you linked to? The word "citizen" does not appear anywhere on it, and it finishes with this pretty clear line:

> Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.

(note in the EU - no mention of citizenship)