Hacker News new | past | comments | ask | show | jobs | submit login

Under GDPR, an EU website owner is responsible for the Chinese scripts they load onto their site, as part of the Controller-Processor relationship. That doesn't help for Chinese companies without a locus of business in the EU, but it covers the hypothetical case that you raised.

In practice, legislation goes into effect globally by being in a large enough market that companies would rather comply than lock themselves out. Several companies have rolled out their GDPR compliance updates globally rather than just to the EU. It's the same reason that lots of products in the US comply with standards that only exist in California.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact