Forget all the stuff out there that says the GDPR protects EU citizens. This is a question of jurisdiction and enforcement. Say I run a blog under a business registered in the US funded by advertisers in the US. A EU citizen that comments on posts issues a GDPR request that I ignore. Their government fines me. I tell them to get bent, I am out of their jurisdiction. What can they do at that point?
Badly researched my dude before you try to make it look like facts do more than a Google search of a minute
Google “Trans-Atlantic Data Privacy Framework”
That’s the one that honors gdpr and EU rights
It isn’t a treaty, even according the EU:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en
It is implemented via executive order which courts don’t have to honor. All it means is LE agencies have to take action. Courts are free to ignore the EO and dismiss any charges or civil suits. A treaty is a different story.