Hacker News new | past | comments | ask | show | jobs | submit login

What would this "penalize" US court look like?

And what do you think the US reaction to something like that would be?




> What would this "penalize" US court look like?

Asking them to pay a fine, ultimately backed by the threat of perhaps imposing tarrifs or seizing their assets in the EU.

> And what do you think the US reaction to something like that would be?

It would be negotiated, there would be a line in some treaty somewhere, most likely a fraction of a percent in the next trade deal.

Yes, the US is the mightiest country around, but that doesn't mean it can act with complete impunity. Publishing EU citizens' details without due process or compensation is no different from e.g. seizing the assets of an EU company without due process or compensation - something which would and should trigger a diplomatic protest.


Your statement is fantasyland. It’s absolutely legal in the US to publish “EU citizens’ details”! It’s not a crime, and it’s not even against the GDPR at all.

The GDPR is explicitly about EU companies (or American companies with EU subsidiaries) that have EU-based customer data. An American bankruptcy court, or any kind of court, is not an EU company, or any kind of company.


Article 2

> This Regulation does not apply to the processing of personal data: in the course of an activity which falls outside the scope of Union law;

Article 3

> This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

Article 4

> ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

It is about data controllers, not companies - independent of the location of the controller. Celsius might be in the clear due to Article 2 (IANAL), but GDPR definitely applies to data controllers who have no EU subsidiaries irrespective of whether they are a company.


GDPR is absolutely unenforceable in cases where the data controller has no presence in the EU.

The EU can scream all they want, but they have no recourse whatsoever.

Also, extraterritoriality is ass.


The EU has armies and navies, they have recourse if they care enough.


Surely you’re not serious, and even if you were serious, you probably know full and well that only the United States can get away with that kind of behaviour...


It's unlikely to come to that, but that's the underlying foundation of why the US can't (and doesn't) ignore the EU with complete impunity.


Celsius is failing art 3 but court procedures usually fall outside of GDPR




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: