There are some nuisances on jurisdiction, but if a company tracks users in Europe they may fall under the purview of European data protection authorities.
There are several factors that play in. For example that the data controller offers the delivery of goods in EU Member States, say a plugin like Disqus. It could also be that they have a .eu top level domain.
The Norwegian DPA also writes this in their advanced notice: "Online tracking using cookies and behavioural advertising are explicitly mentioned as activities which constitute monitoring of behaviour in the EDPB Guidelines on the territorial scope of the GDPR."
There are several factors that play in. For example that the data controller offers the delivery of goods in EU Member States, say a plugin like Disqus. It could also be that they have a .eu top level domain.
The Norwegian DPA also writes this in their advanced notice: "Online tracking using cookies and behavioural advertising are explicitly mentioned as activities which constitute monitoring of behaviour in the EDPB Guidelines on the territorial scope of the GDPR."
EDPB: Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) https://edpb.europa.eu/sites/default/files/files/file1/edpb_...