ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    GDPR Resources

    IT Discussion
    gdpr regulations
    7
    105
    9.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KellyK
      Kelly
      last edited by

      Article 3(2) appears to support what I stated:

      1. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or
        processor not established in the Union, where the processing activities are related to:
        (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data
        subjects in the Union; or
        (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

      http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN#page=33

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Kelly
        last edited by

        @kelly said in GDPR Resources:

        The EU seems to be stating (I'm early in my reading on the specifics, so I may have this wrong), that the law covers EU citizens regardless of where the data is housed or the location of the storing company.

        And the EU stating that is relevant, how?

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller @Kelly
          last edited by

          @kelly said in GDPR Resources:

          In principle this is not too different from stances that the US has taken on the rights of US citizens in other countries.

          Right, and that never works like this. Ever. This law applies to EU citizens, in the EU, doing business with EU companies, only. Nothing the EU says applies to anyone else. It's that simple.

          It's no different than you making up your own law and telling other people that it applies to them.

          The EU doesn't have any say outside of the EU. it's just that simple.

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Kelly
            last edited by

            @kelly said in GDPR Resources:

            I am guessing that the final resolution may be somewhere in the middle of the EU's statements, and what you said, but there will be some court cases along the way that US businesses will want to avoid.

            Except they avoid them by simply.... not being able to be sued. The EU has no means of going after a US business in the US. It's not allowed.

            To enforce this would either require a treaty which, in turn, would require local US laws to make it affect US companies. Or an act of war. Because this is a breach of national sovereignty.

            1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @scottalanmiller
              last edited by

              @scottalanmiller said in GDPR Resources:

              The EU doesn't have any say outside of the EU. it's just that simple.

              Of course they do. It is called treaties. The specifics of each one determine what applies where, but it most certainly exists.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                Look at it another way, the US has conflicting laws to this. So it would require the EU being in charge of the US legal system for it to apply.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @JaredBusch
                  last edited by

                  @jaredbusch said in GDPR Resources:

                  @scottalanmiller said in GDPR Resources:

                  The EU doesn't have any say outside of the EU. it's just that simple.

                  Of course they do. It is called treaties. The specifics of each one determine what applies where, but it most certainly exists.

                  A treaty, as I explained, requires the treatied country to make their own law that makes the treaty apply or determines how. Even if the US makes an EU treaty and agrees to this, nothing applies until the treaty-based US law is put in place. Until then, the existing US law applies, for example.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    Imagine how this would play out in the real world. If countries could just make any law that they want to apply to other places that don't have access to their legal system... Bahrain could make some law, make it secret, and arrest everyone in France for breaking their laws. Doesn't make sense. Sovereignty is the barrier to legal exposure.

                    KellyK 1 Reply Last reply Reply Quote 0
                    • KellyK
                      Kelly @scottalanmiller
                      last edited by

                      @scottalanmiller said in GDPR Resources:

                      Imagine how this would play out in the real world. If countries could just make any law that they want to apply to other places that don't have access to their legal system... Bahrain could make some law, make it secret, and arrest everyone in France for breaking their laws. Doesn't make sense. Sovereignty is the barrier to legal exposure.

                      I am not sure what all the things are that underlie this law in terms of existing treaties, but there are some very reputable organizations that are assuming that it will be enforceable on US companies that interact with EU citizens without a physical presence in the EU.

                      https://wp.nyu.edu/compliance_enforcement/2017/12/11/the-general-data-protection-regulation-a-primer-for-u-s-based-organizations-that-handle-eu-personal-data/

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Kelly
                        last edited by

                        @kelly said in GDPR Resources:

                        @scottalanmiller said in GDPR Resources:

                        Imagine how this would play out in the real world. If countries could just make any law that they want to apply to other places that don't have access to their legal system... Bahrain could make some law, make it secret, and arrest everyone in France for breaking their laws. Doesn't make sense. Sovereignty is the barrier to legal exposure.

                        I am not sure what all the things are that underlie this law in terms of existing treaties, but there are some very reputable organizations that are assuming that it will be enforceable on US companies that interact with EU citizens without a physical presence in the EU.

                        https://wp.nyu.edu/compliance_enforcement/2017/12/11/the-general-data-protection-regulation-a-primer-for-u-s-based-organizations-that-handle-eu-personal-data/

                        That's a LOT of stuff and I can't find anything in it. Where do you see if saying that it would apply to US companies?

                        KellyK 1 Reply Last reply Reply Quote 0
                        • KellyK
                          Kelly @scottalanmiller
                          last edited by

                          @scottalanmiller said in GDPR Resources:

                          @kelly said in GDPR Resources:

                          @scottalanmiller said in GDPR Resources:

                          Imagine how this would play out in the real world. If countries could just make any law that they want to apply to other places that don't have access to their legal system... Bahrain could make some law, make it secret, and arrest everyone in France for breaking their laws. Doesn't make sense. Sovereignty is the barrier to legal exposure.

                          I am not sure what all the things are that underlie this law in terms of existing treaties, but there are some very reputable organizations that are assuming that it will be enforceable on US companies that interact with EU citizens without a physical presence in the EU.

                          https://wp.nyu.edu/compliance_enforcement/2017/12/11/the-general-data-protection-regulation-a-primer-for-u-s-based-organizations-that-handle-eu-personal-data/

                          That's a LOT of stuff and I can't find anything in it. Where do you see if saying that it would apply to US companies?

                          Section 1, bullet 2: "Second, a controller or processor not established in the EU will be subject to the GDPR 'where the processing activities are related to offering goods or services to data subjects in the Union,' even when the goods and services are offered for free." is the easiest to locate, but there are other statements that either explicitly or implicitly state that US companies without physical presence in the EU will be subject to GDPR.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            The thing about the GDPR, is that it is SO broad, that if you are in the EU, it applies to... everyone. Even humans. Just overheaing a name or having a wifi access point falls under it. Everyone, even home users, are often included. It's so sweeping it's insane.

                            In the US, companies aren't affected by it unless they are receiving that data from a company in the EU and the EU company follows the law and has a contract with the US company binding it to the rules.

                            Your average US based website is under no obligation to do anything for the GDPR, but US based websites are something like 90% of the coverage cases.

                            S 1 Reply Last reply Reply Quote 0
                            • KellyK
                              Kelly
                              last edited by

                              It is very broad. They're basically leaning on case law to refine and define it.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Kelly
                                last edited by

                                @kelly said in GDPR Resources:

                                @scottalanmiller said in GDPR Resources:

                                @kelly said in GDPR Resources:

                                @scottalanmiller said in GDPR Resources:

                                Imagine how this would play out in the real world. If countries could just make any law that they want to apply to other places that don't have access to their legal system... Bahrain could make some law, make it secret, and arrest everyone in France for breaking their laws. Doesn't make sense. Sovereignty is the barrier to legal exposure.

                                I am not sure what all the things are that underlie this law in terms of existing treaties, but there are some very reputable organizations that are assuming that it will be enforceable on US companies that interact with EU citizens without a physical presence in the EU.

                                https://wp.nyu.edu/compliance_enforcement/2017/12/11/the-general-data-protection-regulation-a-primer-for-u-s-based-organizations-that-handle-eu-personal-data/

                                That's a LOT of stuff and I can't find anything in it. Where do you see if saying that it would apply to US companies?

                                Section 1, bullet 2: "Second, a controller or processor not established in the EU will be subject to the GDPR 'where the processing activities are related to offering goods or services to data subjects in the Union,' even when the goods and services are offered for free." is the easiest to locate, but there are other statements that either explicitly or implicitly state that US companies without physical presence in the EU will be subject to GDPR.

                                You left out the part of the quote that makes it not matter to 99% of companies...

                                “where the processing activities are related to offering goods or services to data subjects in the Union,”

                                So that bullet point doesn't apply.

                                KellyK 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Kelly
                                  last edited by

                                  @kelly said in GDPR Resources:

                                  It is very broad. They're basically leaning on case law to refine and define it.

                                  Case law.... in countries that aren't under the law.

                                  Doing that is no different than me making a law that says "if you talk to Scott, you have to obey him for life" and anyone who says "hi" to me I try to make my slave.

                                  I can say that, I can even say that I am "relying on case law" to hopefully make it happen. but bottom line, the EU like me, is not a US lawmaker.

                                  1 Reply Last reply Reply Quote 0
                                  • KellyK
                                    Kelly @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in GDPR Resources:

                                    @kelly said in GDPR Resources:

                                    @scottalanmiller said in GDPR Resources:

                                    @kelly said in GDPR Resources:

                                    @scottalanmiller said in GDPR Resources:

                                    Imagine how this would play out in the real world. If countries could just make any law that they want to apply to other places that don't have access to their legal system... Bahrain could make some law, make it secret, and arrest everyone in France for breaking their laws. Doesn't make sense. Sovereignty is the barrier to legal exposure.

                                    I am not sure what all the things are that underlie this law in terms of existing treaties, but there are some very reputable organizations that are assuming that it will be enforceable on US companies that interact with EU citizens without a physical presence in the EU.

                                    https://wp.nyu.edu/compliance_enforcement/2017/12/11/the-general-data-protection-regulation-a-primer-for-u-s-based-organizations-that-handle-eu-personal-data/

                                    That's a LOT of stuff and I can't find anything in it. Where do you see if saying that it would apply to US companies?

                                    Section 1, bullet 2: "Second, a controller or processor not established in the EU will be subject to the GDPR 'where the processing activities are related to offering goods or services to data subjects in the Union,' even when the goods and services are offered for free." is the easiest to locate, but there are other statements that either explicitly or implicitly state that US companies without physical presence in the EU will be subject to GDPR.

                                    You left out the part of the quote that makes it not matter to 99% of companies...

                                    “where the processing activities are related to offering goods or services to data subjects in the Union,”

                                    So that bullet point doesn't apply.

                                    I merely quoted the text from the article. The absence of the text was not deliberate. In fact the bullet point actually does contain information that covers your comment.

                                    That said, goods or services is very broad. Is Kickstarter affected? There are EU citizens that participate in kickstarts, but the company is solely in Brooklyn, NY. Based on the above they would be, as would any other company in a similar situation.

                                    scottalanmillerS 2 Replies Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Kelly
                                      last edited by

                                      @kelly said in GDPR Resources:

                                      @scottalanmiller said in GDPR Resources:

                                      @kelly said in GDPR Resources:

                                      @scottalanmiller said in GDPR Resources:

                                      @kelly said in GDPR Resources:

                                      @scottalanmiller said in GDPR Resources:

                                      Imagine how this would play out in the real world. If countries could just make any law that they want to apply to other places that don't have access to their legal system... Bahrain could make some law, make it secret, and arrest everyone in France for breaking their laws. Doesn't make sense. Sovereignty is the barrier to legal exposure.

                                      I am not sure what all the things are that underlie this law in terms of existing treaties, but there are some very reputable organizations that are assuming that it will be enforceable on US companies that interact with EU citizens without a physical presence in the EU.

                                      https://wp.nyu.edu/compliance_enforcement/2017/12/11/the-general-data-protection-regulation-a-primer-for-u-s-based-organizations-that-handle-eu-personal-data/

                                      That's a LOT of stuff and I can't find anything in it. Where do you see if saying that it would apply to US companies?

                                      Section 1, bullet 2: "Second, a controller or processor not established in the EU will be subject to the GDPR 'where the processing activities are related to offering goods or services to data subjects in the Union,' even when the goods and services are offered for free." is the easiest to locate, but there are other statements that either explicitly or implicitly state that US companies without physical presence in the EU will be subject to GDPR.

                                      You left out the part of the quote that makes it not matter to 99% of companies...

                                      “where the processing activities are related to offering goods or services to data subjects in the Union,”

                                      So that bullet point doesn't apply.

                                      I merely quoted the text from the article. The absence of the text was not deliberate. In fact the bullet point actually does contain information that covers your comment.

                                      That said, goods or services is very broad. Is Kickstarter affected? There are EU citizens that participate in kickstarts, but the company is solely in Brooklyn, NY. Based on the above they would be, as would any other company in a similar situation.

                                      Right, except there is no law to cover them. It's as simple as "EU law doesn't affect outside the US"

                                      It's really that simple. They have no jurisdiction. There is no GDPR in the US.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Kelly
                                        last edited by

                                        @kelly said in GDPR Resources:

                                        That said, goods or services is very broad. Is Kickstarter affected? There are EU citizens that participate in kickstarts, but the company is solely in Brooklyn, NY. Based on the above they would be, as would any other company in a similar situation.

                                        No, because no goods or services offered in the EU.

                                        KellyK 1 Reply Last reply Reply Quote 0
                                        • KellyK
                                          Kelly @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in GDPR Resources:

                                          @kelly said in GDPR Resources:

                                          That said, goods or services is very broad. Is Kickstarter affected? There are EU citizens that participate in kickstarts, but the company is solely in Brooklyn, NY. Based on the above they would be, as would any other company in a similar situation.

                                          No, because no goods or services offered in the EU.

                                          Ok, now you're quoting the regulation incorrectly...

                                          Actual text:
                                          2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or
                                          processor not established in the Union, where the processing activities are related to:
                                          (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data
                                          subjects in the Union; or
                                          (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

                                          In Kickstarter's case they are offering goods and/or services to data subjects in the Union.

                                          travisdh1T scottalanmillerS 2 Replies Last reply Reply Quote 0
                                          • travisdh1T
                                            travisdh1 @Kelly
                                            last edited by

                                            @kelly, @scottalanmiller already pointed out that the law is allowed to say whatever it wants, but that doesn't mean that it can be enforced.

                                            KellyK 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 1 / 6
                                            • First post
                                              Last post