> The GDPR has extra-territorial scope, which means that websites outside the EU that process data of people inside the EU are obligated to comply with the GDPR.

I see that site makes the same assertions about jurisdiction that the comments here are making. However, it provides no explanation for why the EU can actually claim that jurisdiction, which is my whole point. Why are they obligated? How does the EU have such authority?

I say it doesn’t, for the simple reason given upthread, and you have provided no evidence to the contrary.

Same reason Americans can sue companies from other countries in American courts: treaty recognition of legal judgments.

Yeah, but AFAIK there is no such treaty.