So if someone traveling in the EU gets GDPR protections, does someone traveling in the US lose GDPR protections? Are the GDPR protections only for the data that was collected while someone was in the EU or for all data once they've traveled to the EU once?

> So if someone traveling in the EU gets GDPR protections, does someone traveling in the US lose GDPR protections? Are the GDPR protections only for the data that was collected while someone was in the EU [...]?

Roughly speaking, yes. E.g. a Brazilian business not specifically targeting transactions within the EU or EU nationals doesn't come under the GDPR. Conversely, an EU business basically has to apply the GDPR to any data collected inside the Union, regardless of the individual's nationality. (Obviously, this gets messier online, but if the currency was e.g. Euros and the company is in Belgium, probably covered.)

Having said that, you might have trouble as a non-EU resident to get the data protection agencies to care for trivial, individual cases. (My opinion as a European, not a fact.)

It seems that once you are in the EU, the GDPR applies to you. So you could move to Europe for a year and demand that Facebook provide you with all the benefits of the GDPR. Residency is probably a practical requirement but is not a written legal requirement since you will need to complain to the data authorities, and if you leave after complaining they will likely not follow up on your complaint.

Travel is probably one of the hairier issues. For companies which are big enough and do have an EU legal presence, they might get pushed to comply. Obviously, while someone is in the EU, EU laws regarding the treatment of that person apply. If you (as a data controller) are in the EU, of course you should comply, even if the basis of your legal relationship was formed outside of the EU.