I don't think any of this is entirely clear, but from my understanding it seems like the EU wants to apply GDPR even if you don't have an EU presence.
In practice, I doubt that they'd get the US to enforce judgements. But it might mean that I can never risk going to Europe again lest I risk having a default judgement enforced against me for one of my businesses.
The threshold for determining establishment is a low threshold however there will still be various factors taken into account in determining whether that establishment is there (for Art 3(1), and indeed whether goods and services are being offered to data subjects in the EU (for Art 3(2)).
The mere availability of a website is not sufficient however to satisfy the above. Recital 23 below gives more details about those factors:
*Whereas the mere accessibility of the controller's,
processor's or an intermediary's website in the Union, of
an email address or of other contact details, or the use
of a language generally used in the third country where
the controller is established, is insufficient to
ascertain such intention, factors such as the use of a
language or a currency generally used in one or more
Member States with the possibility of ordering goods and
services in that other language, or the mentioning of
customers or users who are in the Union, may make it
apparent that the controller envisages offering goods or
services to data subjects in the Union.*
Yes, I should have better specified "accessible". If you ship to those customers, and make that publicly known, that appears to satisfy the intent to provide service to that country?
Add on language and currency, basics of accessibility, and you're meeting the definition AFAICT.
No if you aren’t a legal entity in the EU you have no presence in the EU.
If you would push for this the only thing that would happen is that companies would stop accepting orders from the EU.
If this is going to be the definition expect a lot of store fronts to be closed to EU residents following May 25th or more likely the first time this precedence will be set in court.
It seems a direct parallel of being tried for copyright infringement in USA when you have an offshore website - like O'Dwyer who had to bribe himself out of being extradited from UK to face charges of copyright infringement in USA. He'd never been there, didn't have servers there, and was acting legally in his jurisdiction of residence.
Similar things happened with USA's actions on Silk Road, KAT, with Kim Dotcom, and I'm sure many other legal situations I'm not aware of.
EU is seemingly extending logical contact to be equivalent to entry to a jurisdiction as USA appear to have established is desirable as a facet of inter-national application of law in the internet age.
I much prefer the extension of jurisdiction in protection of member states citizens rights than in the service of media conglomerates.
Copyright is enforced via local copyright holders / representatives, trade agreements and WTO rules AKA local or international law.
In no way shape or form does US law has a direct mandate outside of the US.
All the examples you've given were those of actions performed through established legal channels to which all parties had and have a saying in.
Extra-territorial application of the GDPR under existing frameworks (or the lack thereof) is tyrannical because you apply it to people that have had no saying in the establishment of the regulation and have no control over the interpretation and or the enforcement of it.
In practice, I doubt that they'd get the US to enforce judgements. But it might mean that I can never risk going to Europe again lest I risk having a default judgement enforced against me for one of my businesses.