Doesn't seem like geoblocking would make sense, since GDPR applies to any citizens of a country that is a EU member, not just the ones living in EU. Not arguing against your point here, but why would it be necessary to actually block the people, rather than just giving a warning, and if they accept, then it is on the user. Same as adult sites/liquor companies, their websites don't actually check your age, at the end of the day.
If I as an EU citizen, lives in New York and have a loyalty card at Sal's Bagels on 45th street, who has taken my name as part of the process, Sal becomes subject to the GDPR, just like Sal is subject to Thai lèse majesté laws.
The US wouldn't extradite him to the EU or Thailand if he didn't comply with these laws, but he'd have to be wary of traveling to either place, or doing business or storing assets.
I wonder if the US will raise complaints under GATT and other WTO rules.
Question for OP. If a u.s bar has a sign saying "no under 21s", and they serve a 16 year old, does that sign mean they avoid any responsibility?
