Comment by einfach
8 years ago
Maybe [1]. I wouldn't count on being protected while outside the EU.
Art. 3 GDPR Territorial scope
Article 3(1) This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
Article 3(2)(a) - the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or Article 3(2)(b) - the monitoring of their behaviour as far as their behaviour takes place within the Union.
Article 3(3) This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
Practically you're just going to get extra tracked because you're a foreigner. Also if the articles about TSA borrowing your phone to clone it real quick or forcing you to log into facebook are true, I wouldn't expect them to abide to GDPR.