GDPR would apply if an EU company would track people in China (Article 3 section 1); it would apply if an multinational company tracks people in EU when offering goods or services to them (Article 3 section 2); but it wouldn't apply when that same multinational company tracks people in China.
I.e. Facebook can be fully GDPR compliant if it applies the privacy requirements only to people in EU and gratuitously violates the privacy of everyone else.
Furthermore, if China has a legal requirement for intense tracking of customers (I'm not sure what their legal requirements are), then GDPR would allow an EU company to do that without consent. (Article 6, 1c : "Processing shall be lawful [..] if ... processing is necessary for compliance with a legal obligation to which the controller is subject")
GDPR would apply if an EU company would track people in China (Article 3 section 1); it would apply if an multinational company tracks people in EU when offering goods or services to them (Article 3 section 2); but it wouldn't apply when that same multinational company tracks people in China.
I.e. Facebook can be fully GDPR compliant if it applies the privacy requirements only to people in EU and gratuitously violates the privacy of everyone else.
Furthermore, if China has a legal requirement for intense tracking of customers (I'm not sure what their legal requirements are), then GDPR would allow an EU company to do that without consent. (Article 6, 1c : "Processing shall be lawful [..] if ... processing is necessary for compliance with a legal obligation to which the controller is subject")