Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think it's important to recognise how good - and effective - data protection laws are in some countries. The biggest challenge is US companies flagrantly ignoring them. In other words, the main thing holding Europe back from protecting data is that the USA is so lax. I think in that regard, more legislation could be massively beneficial.


Err, it's not clear that EU law applies to US companies online, nor should it. There are many things illegal in the EU that are quite allowable in the US including a lot of freedom of speech issues.

One of the issues anytime we have legislation on the internet is how it applies. If XYZ company is based out of the US, markets itself to the US, but has a generally available website, does EU law apply to it at all? Even if an EU citizen uses it?

Alternatively, can every country force their laws on websites based out of the EU?


I agree, but that is going to change. There is new European legislation coming up (GDPR, effective May 2018) which will be a lot more restrictive than the current privacy laws. It will apply to any organization that monitors the online behavior of people in Europe, even if the company itself is in the US or somewhere else. With fines up to EUR 20M or 4% of worldwide turnover there will be a large incentive to comply. Already you can see big companies like Google and Mailchimp adapting to it.


I think it's fairly clear. If there are two parties to a transaction in two different countries, you can generally apply the laws of either country. That's the nature of international commerce.

The US for one feels entitled to go after gambling companies incorporated abroad.

If an American company doesn't like it, it can simply stop doing business in the world's largest market.


> Err, it's not clear that EU law applies to US companies online, nor should it. There are many things illegal in the EU that are quite allowable in the US including a lot of freedom of speech issues.

Err, yes it will. (https://en.wikipedia.org/wiki/General_Data_Protection_Regula...)

> The regulation applies if the data controller (organization that collects data from EU residents) or processor (organization that processes data on behalf of data controller e.g. cloud service providers) or the data subject (person) is based in the EU.


It's fairly clear that, absent a world government, national laws apply to companied outside of the nation based on the combination of will and ability of the particular nation to enforce penalties on foreign violations.

The ability side tends to be very high if the company at issue has any substantial assets held in the country trying to enforce the rules, or in a another country with an interest in keeping that country happy.


In the end, it's pretty simple: online companies that make money in the eu (even just selling ads) have something to lose and can be forced to comply. Others can't.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: