The EU claims their law applies globally regardless of if people set foot in or do business in the EU. According to the EU, an EU citizen just needs to visit a site and the law applies, regardless of where the site is hosted.
According to the EU, the GDPR applies to some small shop owner in China with a website that harvests all data it can that isn't advertising in the EU, courting EU citizens in any way, has no business with the EU, etc.
Once privacy is considered as a fundamental human right, everything makes sense. When an EU citizen visit a site and the site collects their data in an unbounded way, their privacy is violated and any goverment should be responsible of protecting its citizen.
In my point of view, this is a difference of how much we define privacy as human right and what data are considered private.
> Once privacy is considered as a fundamental human right, everything makes sense.
Does it? I agree it should be, and I want to work towards a better world also, but pretending you have jurisdiction when you clearly do not, doesn't seem helpful in any way.
According to the EU, the GDPR applies to some small shop owner in China with a website that harvests all data it can that isn't advertising in the EU, courting EU citizens in any way, has no business with the EU, etc.