Hacker News new | past | comments | ask | show | jobs | submit login

Good news, the EU doesn't have any jurisdiction in NYC (or anywhere else outside of the EU) so they don't have the ability to enforce anything outside of their borders, as much as they would like you to believe otherwise.

You can enforce what people and companies do within your borders. You cannot enforce what companies or people outside of your borders do.




That may come as news to sanctioned Russians and various motley crypto types…

Isn’t the GDPR’s basic theory about jurisdiction that, if I’m sitting in New York City but routinely serving my web content to people in France, that service I’m providing relies on browsing intentions and tracking functions being executed by a user and on a machine in France, and therefore the meat of the “wrongdoing” is happening within their borders?

You can choose to do that the European way or not at all. And the local contests division of the NYC local transit authority is choosing “not at all.”

Isn’t this then a case of NYC complying with the EU’s express wishes for privacy by not “exporting” code they don’t want there?


Aren't most sanctions due to e.g. the US making it illegal for banks with a US presence to do business with sanctioned states/people? I don't think the US is telling some Polish bank that only operates in Poland and Russia that they need to stop doing business Russia, although they may sanction that bank as well if they don't.

I have no problem with voluntarily complying to GDPR-style privacy regulations because it's the right thing to do. Where I am able to make the decision, we store basically no user data beyond what's required to do whatever the user is trying to do.

My problem is the EU pretending that US companies must be fully GDPR-compliant because someone in France chooses to go to their website. At the end of the day, laws are only laws because you can enforce them. If I had a magic wand and could rob a bank but the police for some reason were unable to arrest me, the fact that bank robbery is illegal is merely semantic at that point. If I chose to flaunt GDPR non-compliance on a US-based website the EU would be impotent to do anything other than block the site, which wouldn't make me any more likely to suddenly become GDPR compliant.

It's a fiction and I probably wouldn't care about it nearly as much except it has essentially ruined the public internet with cookie banners everywhere.

Every time a cookie banner gets displayed on some non-EU resident's personal blog, a puppy dies.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: