What I'm wondering about is: If you're not targeting an EU-audience, and you therefore might not even have servers in the EU, and certainly don't have EU-based revenue streams - why do you even care? Can an EU court even do anything in this situation?
IIUC, you can be a US expat living in the EU and the GDPR still applies.
Even then a non-EU company may not explicitly target a EU audience but EU moral or physical person may still find interest for whatever personal reason and still be protected by GDPR.
As for jurisdiction, I suppose such conflicts are resolved using international law, but if a company is reachable from the EU by individuals protected by EU laws I’m pretty sure there is applicable jurisdiction (not saying it’s an easy thing)
Sometimes it’s a matter of making a point. I mean, who likes the cookie law (and bear in mind that US people don’t even see it remotely as frequently as europeans). Some people just want to send the message that EU is going too far.
> 2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
> (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
> (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
This makes perfect sense from the perspective of some old politician: It's like shooting someone over the country border. It fails to address the fact that unlike in physical space, on the internet it's not that obvious to see where someone is connecting from (in fact, it's impossible to really say with complete accuracy)
But in my opinion, it's not the wrong choice to assume that, if you're operating on a scale where you can spy on your users and sell their data, you'd be capable of figuring out whether they're in the EU. And, honestly, it's not hard. There's third party software that you can just embed in your website and it automatically generates the cookie warning and even blocks cookies until you've accepted it.
