Gregory's Server@dark_stang @frankrausch "operate" so if they have an office in Europe. I can't see somebody just selling stuff to people in Europe much caring.
|
8 comments
@juliank @BritishTechGuru @dark_stang @frankrausch Why not? It's not that the US wouldn't do it (ask Swiss bankers)  @goedelchen @juliank @BritishTechGuru @dark_stang @frankrausch Actually, not really a risk. GDPR is generally administrative law, so jailing people is atypical. And in most European countries, judges don't jail people just because they irritated them. So I don't think there is much of a risk of arrest. OTOH, the fines are painful, somehow generally the EU/MS get their money.  @juliank @BritishTechGuru @dark_stang @frankrausch As for enforcement, ask TikTok. The Italian regulator banned TikTok from processing data for children accessing dangerous content, resulting in a death, and TikTok scrambled to fix its age verification measures and re-verify all users in Italy.  @Nickiquote @BritishTechGuru @dark_stang @frankrausch It depends on the country and whether they'd go order the ISPs to ban the services at the DNS level, ultimately that's not universal across them, but that's a pressure point. @BritishTechGuru @dark_stang @frankrausch The test isn’t “operate”. Companies with an “establishment” (subsidiaries, agents etc) in the EEA are caught. Companies without an establishment in the EEA but offering goods or services to EEA data subjects are separately caught and are required to appoint an EU representative for enforcement/liaison with regulators. If you do not comply the fines are up to 4% of global turnover. Identical rules apply in the UK.  @Nickiquote @dark_stang @frankrausch That would lead to an ineresting situation if I set up some online business and shipped a packet of cards to a Paris customer. Then I get a nasty message that the gendarms are after me for my non compliance. When I eventually stopped laughing, I might even tell them to bring it on. @BritishTechGuru @dark_stang @frankrausch No, “operate” as in “provide service to those in the EU”. Simply go the EU for a day and call the companies. The law applies even if you don’t live here. |
@BritishTechGuru @dark_stang @frankrausch It becomes harder/impossible to enforce without an office but technically no, even if you are fully US company and you sell to Europe you are bound to GDPR.
What we gonna do - throw executives on EU trips into jail until GDPR compliant?