Your argument reduces to "freedom of speech" == "freedom to take and distribute personal information" (They are not equal).

Your walled gardens cherry on top only highlights the deficiencies that some countries have to protect personal information - Saying this is making the internet into walled gardens is like promoting tax evasion by using Ireland (in this case the US == Ireland, because it is deficient)

There's also the question of who they sell the data to. It's hard to see why they would sell EU citizens/residents data to companies who don't have any EU presence themselves, so at least some of their customers are bound by the GDPR as far as these are concerned. Informed consent is required at every step, so for example they would need the EU subject's consent to buy that data from RocketReach.

As for over-reach, the practical reality is that laws can be enforced extra-territorially if, and only if, the country that wants them has leverage. In some cases, that comes from making deals with other governments, where one or both give weight to the other's claims voluntarily in their own territory.

In other cases, it comes from networking effects. If you are a US-based business running a US-based website with no presence of any kind in the EU, then maybe the EU can't do anything to hurt you. On the other hand, if you have any relationships with other businesses that are within reach of the EU, they might be used as leverage to reach you.

Worst case, you find that anyone connected with your business who travels to the EU or anywhere with a relevant extradition treaty gets arrested. Obviously a reaction that extreme is unlikely, but if perhaps a government thinks you owe them lots of tax money or the personal data you aren't processing according to their wishes relates to some matter of their national security, stranger things have happened.

> If that were the case, I’d block EU access for any of my domains

These two statements are at odds with each other ...