If a US site does not have any presence in the EU and is not selling anything to the EU visitors, why would they even bother adding the blocking? They can... do nothing instead. (Or disable buying subscription to the EU)
GDPR doesn't depend on whether you're selling something. Just visiting the website from the EU is enough to require the business to comply with the privacy laws.
It does depend on whether the law of the country applies for any reason though. Unless you're saying they should also comply with whatever CCP, Thailand, Iran, and many other countries have to say about allowed online content?
This is already the case. Yes, you have to comply with CCP laws for _China residents_ if you want to have your website available in China. It doesn't say you have to apply the laws to all people around the world. But GDPR vs. China isn't a perfect comparison, because GDPR isn't blocking any content. It is not even _about_ the content. It's about following the privacy rights that I as an EU resident have and you as an US company might be breaking.
China has the jurisdiction over the Chinese resident, their ISP and other local infrastructure. It doesn't have jurisdiction over foreign companies and foreign companies don't have to comply with anything. (Unless they want to do business with Chinese residents or operate in China) Same applies to the EU situation.
You may want to be nice to the foreign visitors otherwise and comply with the foreign laws, but that's it.
Exactly. If you're operating in the EU, you are bound by the EU laws. But "operating" doesn't mean you have to sell something:
> The GDPR applies to US businesses, regardless of their size in terms of revenue or staff, if at least one of the following two conditions are met:
> 1. The company offers good or services (even in the absence of commercial transactions) to EU/EEA residents.
> 2. The company monitors the behavior of users inside the EU/EEA.
So yes, if the news website in this thread tracks me without my consent, they are violating my rights and the EU laws. I am not sure how realistic enforcing this law actually is, though, unless they have a EU branch (what you described as jurisdiction).
The website you linked brings up 2 out of 4 examples where the EU data is collected, the business is not aimed at the EU residents, and says (verbatim) "GDPR does not apply". Same reasons seem to apply to the context discussed here (news site aimed at the US region). Specifically:
> Although such a website would likely track the user behavior of EU/EEA citizens, as the website would attract native speakers of several European languages, the GDPR does not apply here because:
> the service does not target EU/EEA residents, and
> the tracked user behavior is not occurring within the EU/EEA.
