... No. It has jurisdiction in the EU. Just like Americans cannot come here and exercise random rights that the US legislator decided to grant that the EU hasn't. Try to carry a gun in public in Germany and see how that works out for you, for example.
They do have jurisdiction in the EU, like you say. Apple exists in the EU.
In the case of GDPR compliance it is trickier because you can easily end up doing business with entities that will never be in the EU, so while the EU might think their laws apply worldwide, the extent to which you “have” EU rights as an EU citizen in any enforceable way is questionable.
Apple wants to do business in the EU, so the EU can write whatever laws they want, including laws that govern Apple’s worldwide behavior.
Article 3(2) is crystal clear. The GDPR applies to activities who target subjects in the union, or controllers and processors established in the union. Apple has an establishment in the EU specifically so that, when it processes the data of subjects outside the EU, it's a different legal entity not established in the EU who is acting. This includes EU citizens who are not in the EU right now. I know it's a long document, but if you have any doubts, read this: https://www.edpb.europa.eu/our-work-tools/our-documents/guid... I cannot possibly summarize dozens of pages of regulation in an HN comment, so it'll be beneficial for everyone if we all start with the same knowledge.
Examples 9 and 14 seem pretty odd, the US and the Turkish company don’t have any presence in the EU. They can break the laws of the EU in the sense that I can break the laws of China or Saudi Arabia; I’m not going there so I don’t care what their courts think about me.
I think this is a bad way to write a law, because if no court that I care about is going to enforce it, I can violate it. So, it is misleading to the citizens of the EU to say that they are protected by these laws.
