Honest question: I see a lot of companies complying with the GDPR.
Why aren't there companies simply pulling out of the EU instead? For internet-based companies, they can still continue to serve EU customers while keeping all servers in the US. Unlike China, most EU countries aren't going to engage in internet censorship if companies just back out of the EU.
Credit cards also generally inter-operate between US and EU, so it's even possible to accept payments from the EU without setting foot there or otherwise physically entering EU jurisdiction.
I assume most companies are doing the math on that, and it seems for many making a reasonable attempt at compliance comes out as the better option.
Many of the large companies have subsidiaries and all kinds of connections in Europe, severing and restructuring those would also be very expensive. Some of them need those subsidiaries to provide their services.
If your customers are or include businesses (so the vast majority of SaaS?), "just take their money anyways" won't work.
I assume a lot of smaller companies targeting consumers actually aren't doing all that much right now: That's even the case for EU companies, and those are a lot easier to target.
Do you have any specific examples of companies where you think they should just pull out?
I think the question being asked is why dont they just break EU law if they dont have a physical presence there (i.e. their assets can't be siezed, and they can't be arrested).
Because their country of residence only has a limited interest in protecting them at the cost of the country's relationship with the EU. Especially if the EU ruling is credible.
Also, the EU might block them from the market completely.
In a hypothetical scenario where, say, Google pulls out, would EU dare block google.com? Given Google's revenue model is largely based on ad impressions, as long as they don't set up a firewall, Google gets all the business they need.
Those ad impressions only happen when the ads are loaded from Google's server. If routing to all Google servers gets blocked, those ads won't load anymore either.
Then webpage owners won't make money anymore off of having Google ads, so they'd replace them with different ads and you'd have the most flourishing ad industry in the EU within a few months.
But even just blocking access to google.com/.fr/.de/etc. would hurt Google quite a bit. Companies pay a lot of money to bend the truth and have themselves appear as the top result. As far as I'm aware, that still is the main source of income for Google.
Would they dare it? If pulling out means that Google disregards, therefore breaks EU law, I do think so. That would be entirely in the hands of the jurisdiction, which is relatively strong here. Which is to say, they generally don't need to give too much of a fuck about the effects of their doing. They just look at the laws, look at the facts and then make rulings out of those.
A EU ruling could say that doing business with googles ad serving platform was against EU law, which would probably reduce ad buyers in EU by at least 50% (probably a lot more).
If you think that you can run a global business and skirt the laws of the second largest economy and still make a legitimate profit within that economy... Well, then you need to think again.
On the other hand, if google thinks that they can do without the EU market they are free to block all EU citizens from both their services and their ad serving platforms.
And I think the fact they have to respect the requests regardless of where the European individual is today (eg in the US at time of posting but still a French national). I think enough companies are aware they don’t want to blanket blacklist all requests from Europe along with the mix of EU visitors, it makes it impossible to decern what rules applies where. I wonder if we’ll start to see US based users claim they are European to attempt to remove references, how would a tech company decern between legit and illegit requests (asking for proof of ID creates yet another potential storage of EU data). I suspect most companies won’t vet the requests and just comply or risk the potential huge fines
Internet exists in the physical world.
You can use extradition to put CEOs in jail.
You can use commerce treates to enforce USA to make them comply.
You can ban their IPs.
You can make Apple, Google, or whatever the platform that allows this to pay.
Internet is part of the real work, and the rule of law still applies there. Even when there is a lot of tech start ups that think the contrary.
Google pulled out of the Chinese market, while Apple complies with Chinese law.
The question isn't where the company is based, it's where your customers are based. You could be purely based in the US but if you have any customers in the EU, you have to comply with GDPR. Obviously, for an internet based company ruling out the whole EU market is kinda untenable.
Why aren't there companies simply pulling out of the EU instead? For internet-based companies, they can still continue to serve EU customers while keeping all servers in the US. Unlike China, most EU countries aren't going to engage in internet censorship if companies just back out of the EU.
Credit cards also generally inter-operate between US and EU, so it's even possible to accept payments from the EU without setting foot there or otherwise physically entering EU jurisdiction.