> as I understand the Europeans' law, only if you're doing dumb things to begin with, like giving users' data away to random 3rd parties hellbent on shoving "ads" down one's throat
There is a massive difference between complying with the law and proving you comply. (Think: IRS audit.)
> don't think the MTA has any EU presence, so what are they going to do?
Send letters. The MTA would be obligated to respond to them, which means legal bills.
> There is a massive difference between complying with the law and proving you comply. (Think: IRS audit.)
> The MTA would be obligated to respond to them, which means legal bills.
…why would the MTA be obligated to respond to them? They've no jurisdiction/sovereignty over an American transit agency.
Why would they audit themselves against laws that don't apply to them? (Again, jurisdiction?) I've never worked for a company that audited itself against every law from every nation on Earth; we complied with the laws where we had a presence and did business.
There is a massive difference between complying with the law and proving you comply. (Think: IRS audit.)
> don't think the MTA has any EU presence, so what are they going to do?
Send letters. The MTA would be obligated to respond to them, which means legal bills.