I agree but I think a similar question would be: how would this ever be enforced on a US based company/website where it had a EU visitor. I wrote this in another comment but I think outside of just blocking your site in the EU, they would need a further agreement (or I guess precedent) with the US government to actually enforce a penalty on the US company.
> but I think outside of just blocking your site in the EU, they would need a further agreement (or I guess precedent) with the US government to actually enforce a penalty on the US company.
The US has given lots of precedent cases for that. The usual approach the US takes is to force the banks the foreign site is operating with to seize all assets. The EU likely would do the same.
