top | item 31506572

(no title)

I don't think the law has done much at all. I operate a business that serves as a data broker / processor under GDPR.

I have had a total of 66 data requests in 4 years. I handle data requests and follow the laws, but I also understand the EU/UK has zero grounds to enforce anything against my business if I were to flat out reject all requests.

They can't fine me, I don't have a physical or business presence in Europe, though I do have European customers.

The only reason I handle requests is to protect my customers, not myself.

discuss

unknown|3 years ago

[deleted]

pc86|3 years ago

This is an admirable position, and one of my biggest problems with GDPR. Honestly, my only problem with it.

The EU does not have the legal jurisdiction to tell any company based outside of the EU what to do with its data, whether that data is about EU citizens or not.

If I ran a SaaS I would probably do the same thing as you (out of respect for my customers) but I certainly wouldn't feel any legal compulsion to do so.

stevenjgarner|3 years ago

Is that really true? My understanding for example in the USA is that if you violate the laws in another country, you automatically violate the laws in the USA (under the Foreign Corrupt Practices Act - https://www.justice.gov/criminal-fraud/foreign-corrupt-pract...) - or is that really just limited to bribery? AFAIK some other countries have similar provisions.

blip54321|3 years ago

Jurisdiction issues are complex. In this case, the jurisdiction is defined by the location of the customer, not the business.

If your business ignores EU courts, that might not have an immediate impact, but in the longer-term, you have a liability if you ever do business in Europe, want to be acquired by someone with a business presence in Europe, and potentially in the future, travel to Europe.

GDPR is framed as a human rights law, and that has long-reaching claws.

It is currently not well-enforced, but there are many examples of clawbacks coming in. For US slavery, those clawbacks are coming 160 years later: buildings, businesses, and schools are being renamed. Statues are being torn down. In some cases, you're starting to see reparations (see Harvard). Milder versions of racism are subject to cancellations; things acceptable in 1980 are having repercussions on people's careers in 2020.

Then you've got issues of when you're persecuted for an unrelated reason, and the government is looking for an excuse or pretext to take you down. A famous mobster was taken down a century ago for tax evasion.

Rygian|3 years ago

The one in GDPR trouble wouldn't be your company anyway, since you're a data processor. The data controller is the one who needs to make good on the data requests.