To be eligible for things like a GDPR Data deletion request etc, is it enough that I am a citizen or must I be a resident? ty :)
GDPR can only extend to their borders, the same that any country’s laws extend to theirs. Why would you expect another country to honor your “home rules”?
I think they’re asking because they’re not citizens but still living in the EU.
It does. When GDPR was about to be placed in effect, the company I worked for in Brazil, send a communication to all our clients saying that they needed to communicate us if they were in Europe for us to process their claims (life insurance) with a third party European partner because the Brazilian office would not be able to comply with European regulations and the company would not even going to answer emails from clients located there. Eventually Brazil made their own data protection laws based on the European one and the company re opened contact with their clients located there.
Borders on the Internet get weird. Effectively, as quoted above, GDPR applies if you do business in the EU even if you aren’t there. Things are murkier if you’re not in the EU when the data gathering takes place and the operator is outside as well, though.
Also, not technically a country.
Not sure if it helps but :
GDPR Article 3 - Territorial scope
- This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
- This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
- This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
From what I understand, it doesn’t really matter where or who you are, it’s about whoever collects your data doing business in the EU. BUT ALSO if you are an EU citizen, it also applies to non EU companies (someone correct me if I’m wrong)
I think you need to reside on Europe to their laws apply to you, not matter if you are European citizen or not.
only sort of correct: the GDPR applies globally (see this comment: https://jlai.lu/comment/4089576), however if you don’t ever plan on visiting or doing business in the EU it’s probably one of those things that people would ignore because it’d be too difficult/impossible for the EU to actually follow up on
off-topic but also the reason why people in the US need to use TOR to look up anything health related that isn’t on wikipedia, because the insane amount of data from tracking on the health websites hosted in the States are then sold to insurers and hence these websites are often not available in the EU because they aren’t GDPR-compliant. fucking dystopian
the appleebees website is not accessible from the eu - because they don’t want to comply. roadsideamerica.com, too.
Legal advice given to me by an employer treated all citizens as eligible. Their advice tends to err on the side of caution at the best of times, but I have no reason to disagree that it’s at the very least legally contentious even if not yet officially contested.
Tl;dr I wouldn’t want to rely on it in court, whether everyone else is happy to risk that is whatever.
The only data protection you get is the protections you take for yourself
