In article <CAE-M_OBdDv1+DFto=h1O-ghLbs2TQ_x_P9kuw4LS24mSBaw9Ww@mail.gmail.com> you write:
I asked one of the EU regulators at RSA how they intended to enforce GDPR violations on businesses that don't operate in their jurisdiction and without hesitation he told me they'd use civil courts to sue the offending companies.
He probably thought you meant if he's in France and the business is in Ireland, since they're both in the EU. Outside the EU, on the other hand, ... If they try to sue in, say, US courts, the US court will ask them to explain why a US court should try a suit under foreign law. There is a very short list of reasons to do that, and this isn't on it. I'm not saying that one should gratuitously poke EU regulators in the eye but it's pretty silly to imagine that they will waste time harassing people over whom they have no jurisdiction and against whom they have no recourse. R's, John