[Muromec]

Jurisdiction concept is not strictly bound by territory. Classic example is two parties based in two jurisdiction dealing with each other somehow.

Imagine there is a law in your jurisdiction saying if you hire a person there are rules A, B, C which are a bit inconvenient to you, the employer. What if you incorporate in a different jurisdiction where the salaries are higher but there are no rules B and C, but there are rules B and D. Then this incorporated entity offers to hire people in your jurisdiction, but not offer the higher salaries of the other one.

Which rules should apply? The answer, as usual, is -- "it depends".

[rambambram]

I'm not talking about incorporated bodies, I'm talking EU law. EU decides what it wants in EU, not outside EU. Or am I missing something?

[Ravus]

GDPR also applies to companies that provide services to EU citizens, no matter where the company is based.

This makes a lot of sense, because otherwise you'd get situations where Multi Corp X could claim, "Oh, but our Berlin office is actually offering this service hosted in Kiribati. We just happen to have German users" and not offer access to personal data.

Seen as enforcement is through fines, companies that do not have an EU presence are completely unaffected. So even if technically true, in practice claiming that there's global reach is false. Concretely, no one is going after a hypothetical Baton Rouge Herald for not providing an opt-out of data harvesting on their news website.

[rambambram]

I know about that. These situations are logical, if you'd ask me. The OP suggested EU law works where all parties involved are outside EU. Like EU playing world police, or something.