Forget all the stuff out there that says the GDPR protects EU citizens. This is a question of jurisdiction and enforcement. Say I run a blog under a business registered in the US funded by advertisers in the US. A EU citizen that comments on posts issues a GDPR request that I ignore. Their government fines me. I tell them to get bent, I am out of their jurisdiction. What can they do at that point?
redacted
I am a US citizen, I know how our laws are made, and find the explanation a little condescending, but this is the best answer so far that there is a treaty about it. I couldn’t find that anywhere. Thanks.
No he didn’t. The context was “as a US citizen” per the post. You gave him a 6th grade civics lesson about how bills turn into laws a-la school house rock before even sort of addressing the question. The next step would’ve been explaining what laws even are.
That’s a little condescending, assuming a citizen of a nation doesn’t know how their own laws are created. It isn’t a LOT condescending but it is a little.
“You read that condescension into it by yourself. You are asking a question and that is the answer I have no idea about your context.” That is fair. I hadn’t had my coffee and have been dealing with an unusually high amount of unpleasant individuals lately, hence the short fuse.
There is no treaty. And the GDPR is not “law” in the US. You cannot sue a company for damages in the US like in the EU.
However, there is an executive order that allows you to file a complaint if you think your privacy rights have been violated.
You can find a good explainer here.
Incorrect.
The current data agreement between the US and EU is neither a law nor a treaty. It is an executive order, which means it did not pass through Congress and simply reflects the policy of the current administration. Like any other executive order, it could be ignored or overturned by a subsequent administration.
Furthermore, it does not mean “GDPR is actually the law in the US”. It means that the current US administration will cooperate in enforcing certain privacy rights. It does not give EU citizens the same rights they have in the EU under the GDPR. For example, it does not allow private individuals to sue US companies for damages in US courts.
This might help:
Pretty much nothing if it’s digital services with no goods or payments in the EU.(unless the eu puts pressure on the 3rd countries government)
Yeah I’m that case nothing can be done but say your site had a European operation that would be be covered under GDPR and the US parent would likely pay the fine to continue their operations on the continent
Maybe you’d care to read this https://allaboutcookies.org/how-to-avoid-gdpr-fines
This is why a lot of US sites block EU residents , it’s easier than being compliant and if you’re a US focused site it makes sense.
That’s why I use a VPN when using links from Reddit as many news sites are blocked .
You then hope you don’t have any assets in a part of the world where the EU member states have jurisdiction over you and can seize your stuff to pay your fines. You should also prepare to have your site blocked for any traffic comming from within a member state.
In short: Unless your entirely US based, setve only US or non European customers, and don’t plan on ever expanding into european territory, there probably isn’t all to much you can do legally.
Probably nothing.
You would need an international law expert to be sure of the exact consequences, but if you have failed to pay a court ordered file then you would probably be unable to travel to an EU country or a country with an extradition treaty. You would certainly face issues if you ever wanted to expand your business overseas.