Which basically means that if the foreign company tries to collect, sends to an EU collection agency, .... they come in jurisdiction. So they can only bark but not bite.
That's like saying American law doesn't apply to Russian citizens in Russia when it clearly does.
The court may struggle to apply it's judgements, especially if there isn't an applicable extradition situation, but all it takes is one representitive of the company to go to Europe and they are open to things like arrest for not following the judgement of the court
Only if you have no people or capital in the EU. If you were a small business that sounds correct, but every medium to large business I have worked at has had at least something important going on in europe (clients, suppliers, offices, etc).
Almost certainly false in practice. It would be shady bordering on illegal to detain a mere employee of a GDPR violator. Unless you are a famous employee of a big company that was egregiously flouting the GDPR but also had no other ties to the EU, then maybe you’d rethink your holiday plans.
If you want to say: This does not apply to a non EU citizen in an non EU country, you are correct.
But if you do business in the EU - i.e. have advertising from EU companies inside your media website or you are already dealing with the EU AND you have readers/users in the EU that pay for your service, it makes you instantly responsible for being GDPR compliant if you like it or not.
This is why some media companies block EU ip-address ranges not to fall into that "trap".
Only if there’s a clear link to the EU. Not refusing to sell to EU residents isn’t sufficient to show targeting—but offering Euro pricing or Swedish language options might be.
And at the end of the day, all law fits into the cross-section of jurisdiction and motivation. If you’re a Singaporean company offering global services, there’s no jurisdiction and (unless your activities are especially egregious) no prospect of motivation.
