Hacker News new | past | comments | ask | show | jobs | submit login

How is legislation going to fix this unless you mandate region locking of the internet? The moment a website loads some script from a Chinese site all bets are off from a legislative protection standpoint.

Under GDPR, an EU website owner is responsible for the Chinese scripts they load onto their site, as part of the Controller-Processor relationship. That doesn't help for Chinese companies without a locus of business in the EU, but it covers the hypothetical case that you raised.

In practice, legislation goes into effect globally by being in a large enough market that companies would rather comply than lock themselves out. Several companies have rolled out their GDPR compliance updates globally rather than just to the EU. It's the same reason that lots of products in the US comply with standards that only exist in California.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact