Not really, the GDPR is applicable to persons in the EU (not just in Europe) and not to persons using a VPN server in the EU.

Anyway, the GSPR does not ban American-style surveillance in Europe. Most European countries have used the Snowden leaks as a blueprint to increase surveillance in almost every aspect, especially online and with many related obligations for Internet companies.

I’m not sure how other companies will implement it but I certainly expect most to bluntly use geo-IP to locate customers and apply GDPR-compliant practices without digging too much whether that particular customer is likely to lawyer-up. European services probably will blanket apply it to all their customers.

It’s possible (if unlikely) that after a militant based in Europe but geo-IP located elsewhere by accident notices something unsavoury and complaints, that companies implements an “Are you based within the EU?” toggle in account settings to avoid headaches.

For social services, I’m curious on how processes based on your friends’ will be implemented when your friends are partially in the EU and elsewhere. But I don’t expect this will be much harder than it currently is to circumvent, say, Netflix geo-blocks.

Not sure that pc plod in Europe gets the wide access that American cops do