Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You do realize the EU can stop or confiscate the money that is transferred to you from European customers? Noneuropean companies already have to pay VAT on stuff they export to EU, so it is not as if there is no big collection already going on.


Suppose I put up a website hosted on a server I own in a non-EU country. A person from the EU visits the site, I gather their personal information, and I sell that information to a non-EU buyer blatantly in violation of EU privacy law. I have no offices, bank accounts, property, service providers, subsidiaries, suppliers, customers, etc., in the EU.

> You do realize the EU can stop or confiscate the money that is transferred to you from European customers?

I don't have any money being transferred to me from European customers.

Unless the EU has a treaty with the non-EU country me and my site are in that provides for the enforcement of EU fines in this area in me or my buyer's country, how are they going to actually enforce a fine against me?


You can probably get a lot less if you try to sell the data to non-EU entities compared to local ones though. Same for advertisement prices.


That raises some interesting questions. Let's say:

• I run website W. W does not obey EU privacy and data rules, but I, my company, my server, etc., are all outside the EU in places without treaties that would allow enforcement of EU rules against me.

• I sell data from EU citizens who visit W. I sell this data to ad network N that is also outside the EU. (I'm selling N all my visitor data, not just data from EU visitors).

• Company C that is in the EU or sells products in the EU or has a presence in the EU buys ads through N. N uses the data they bought from me to show C's ads to visitors from the EU who visit websites using N's ad network.

Questions:

1. Which of the various entities in this (me, N, C) are violating EU data and privacy laws, according to the EU?

2. Which of those entities could the EU actually enforce a fine against?

3. For those entities that are violating EU laws (according to the EU) but are out of the reach of EU fines, can the EU take alternate action such as ordering EU ISPs to block access to their websites?


N is definitely violating EU laws. It handles data of EU citizens without their consent. The EU could stop the cash flow from C to N. It's rather simple: You can't purchase products which are made illegally. As much as I can't legally buy DDOS services, even if the provider is outside my jurisdiction.

I think that's the gist of the GDPR. Make personal data toxic.


Yes exactly, if you don't have EU customers then again there is no risk.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: