GDPR Resources
-
-
So yes, it is very likely that ML will fall under GDPR.
-
@jaredbusch said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
@kelly said in GDPR Resources:
Actually your .it domain might land ML in GDPR land because of the requirements to obtain that tld have very clear and direct ties to an EU member.
Except those ties are on their end, not the US side. In the US, it is just sold like any other domain. That there is a problem, it's on the EU side of things.
Not how that works.
Just because you bought it from an American company does not mean that it is not potentially subject to rules for that country code.
The company that resells it to you has to agree to terms to be able to sell it in the first pace.
Correct, the one that sells it to me. They might be covered, of course.
-
@jaredbusch said in GDPR Resources:
So yes, it is very likely that ML will fall under GDPR.
Only if the registering party made a contract with ML to do so.
-
@scottalanmiller said in GDPR Resources:
@jaredbusch said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
@kelly said in GDPR Resources:
Actually your .it domain might land ML in GDPR land because of the requirements to obtain that tld have very clear and direct ties to an EU member.
Except those ties are on their end, not the US side. In the US, it is just sold like any other domain. That there is a problem, it's on the EU side of things.
Not how that works.
Just because you bought it from an American company does not mean that it is not potentially subject to rules for that country code.
The company that resells it to you has to agree to terms to be able to sell it in the first pace.
Correct, the one that sells it to me. They might be covered, of course.
Incorrect, because you do not own it. Ever. Unless you prove different residency.
No one can sell it to you. A trustee owns it and said trustee is a legal resident and as the owner of it, they will be rquired to have it comply with GDPR.
-
@jaredbusch said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
@jaredbusch said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
@kelly said in GDPR Resources:
Actually your .it domain might land ML in GDPR land because of the requirements to obtain that tld have very clear and direct ties to an EU member.
Except those ties are on their end, not the US side. In the US, it is just sold like any other domain. That there is a problem, it's on the EU side of things.
Not how that works.
Just because you bought it from an American company does not mean that it is not potentially subject to rules for that country code.
The company that resells it to you has to agree to terms to be able to sell it in the first pace.
Correct, the one that sells it to me. They might be covered, of course.
Incorrect, because you do not own it. Ever. Unless you prove different residency.
That's a totally different issue. The legal coverage does not exist without a contract specifying such.
-
@jaredbusch said in GDPR Resources:
No one can sell it to you. A trustee owns it and said trustee is a legal resident and as the owner of it, they will be rquired to have it comply with GDPR.
Correct, which agrees completely with what I've been saying.
-
This link was posted over on another forum just today --
https://techblog.bozho.net/gdpr-practical-guide-developers/ -
@danp said in GDPR Resources:
This link was posted over on another forum just today --
https://techblog.bozho.net/gdpr-practical-guide-developers/Thanks for actually replying to the thread topic @Danp. I'm not really sure what to do with this experience...
-
@kelly said in GDPR Resources:
@danp said in GDPR Resources:
This link was posted over on another forum just today --
https://techblog.bozho.net/gdpr-practical-guide-developers/Thanks for actually replying to the thread topic @Danp. I'm not really sure what to do with this experience...
Hey, I was supporting you
-
@scottalanmiller said in GDPR Resources:
Your average US based website is under no obligation to do anything for the GDPR, but US based websites are something like 90% of the coverage cases.
So I should setup a Datacenter in post-brexit UK so I have low latency to the EU, but can ignore GDPR?
-
@storageninja said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
Your average US based website is under no obligation to do anything for the GDPR, but US based websites are something like 90% of the coverage cases.
So I should setup a Datacenter in post-brexit UK so I have low latency to the EU, but can ignore GDPR?
Or you could just put a cheap one inches outside the EU anywhere, if that's your goal. UK is in the EU so will already have adopted the GDPR prior to leaving.
-
@storageninja said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
Your average US based website is under no obligation to do anything for the GDPR, but US based websites are something like 90% of the coverage cases.
So I should setup a Datacenter in post-brexit UK so I have low latency to the EU, but can ignore GDPR?
It's not a matter of ignoring the GDPR. It's it not existing to you if you are not in the EU. Same as we "ignore" all EU laws outside of the EU.
-
@scottalanmiller said in GDPR Resources:
@storageninja said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
Your average US based website is under no obligation to do anything for the GDPR, but US based websites are something like 90% of the coverage cases.
So I should setup a Datacenter in post-brexit UK so I have low latency to the EU, but can ignore GDPR?
Or you could just put a cheap one inches outside the EU anywhere, if that's your goal. UK is in the EU so will already have adopted the GDPR prior to leaving.
What part of post-brexit is hard to understand?
-
Think of it like the US freedom of speech. Russians can't cite the US freedom of speech law as protecting them in Russia, just because they were "talking to an American." It's not a Russian law.
-
@jaredbusch said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
@storageninja said in GDPR Resources:
@scottalanmiller said in GDPR Resources:
Your average US based website is under no obligation to do anything for the GDPR, but US based websites are something like 90% of the coverage cases.
So I should setup a Datacenter in post-brexit UK so I have low latency to the EU, but can ignore GDPR?
Or you could just put a cheap one inches outside the EU anywhere, if that's your goal. UK is in the EU so will already have adopted the GDPR prior to leaving.
What part of post-brexit is hard to understand?
Just because it is post Brexit doesn't mean that pre-Brexit laws stop existing. EU laws, like this one, are already adopted pre-Brexit. If the UK REJECTS the law post-Brexit, that's different. But they'd have to remove it, having already adopted it.
-
The UK has covered this already in their Brexit talks. EU laws are not just adopted at the EU level, individual states have to adopt them themselves as part of the process. So in leaving the EU, all those laws are still there in the UK. Of course, we totally expect the UK to run through them and change a lot of them. But the UK was teh leader in writing a lot of them, so a lot will likely be kept anyway. But being post-Brexit doesn't imply anything about an assumed change in laws later. Only that the UK has the power to decide on them, but they have to remove them since they will already exist.
-
Now, I assume, that the wording of the law might only state that EU citizens are covered. So in Brexiting, UK citizens might end up, depending on the wording, being legally repsonsible to protect EU citizens, without being covered themselves.
-
Also to circle back on what you ignored earlier.
Treaties and pacts can and do force other countries to accept and enforce things from other countries.
The most common one to come to mind is the Berne Convention (copyright stuff).
-
@jaredbusch said in GDPR Resources:
Also to circle back on what you ignored earlier.
Treaties and pacts can and do force other countries to accept and enforce things form other countries.
The most common one to come to mind is the Berne Convention (copyright stuff).
Of course they can, I never said anything to the contrary. But they must exist for there to be enforcement. Right now, the US doesn't have any known treaty that does anything like this, and would be very unlikely to because this is a new, unanticipated situation.
Given the nature of the GDPR, it would be extremely hard for earlier treaties to cover it. Now, new treaties might easily address it and add it broadly around the world. That's to be expected. But until that happens, which is the "new laws being made" that I've been mentioning, it's not applicable.