Hacker News new | past | comments | ask | show | jobs | submit login

Not a lawyer, not legal advice either, but the GDPR approach to extraterritoriality is somewhat interesting. The presence of offices or employees isn't a strict requirement by law. The law, as written, would seem to apply to a US entity serving EU customers. But international law probably wouldn't facilitate doing anything about that.

Of course there is a question about how you could enforce such a ruling. And if it can't be enforced, is it really a sanction? I guess if countries wanted to take this really seriously, they could get a list of company officers and put immigration flags on those individuals, and hold them temporarily upon trying to enter that country, until the matter was resolved. But that would be rather extreme, and you do raise some good points around which countries can fine the companies of other countries.

CCPA from California seems to have some cross-border implications as well - perhaps we will finally see a framework for privacy laws that works better than today's hotch-potch?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: