(no title)
btasker | 1 year ago
It applies _by design_ to anyone or anywhere processing the data of an EU or UK citizen.
I suspect that you and I would agree about the wrongs of any law being extra-territorial, but it's where things on both sides of the pond have landed us.
You already linked to the relevant part of the ICO's guidance but *appear* to have misunderstood it: you've inserted an extra requirement - that it requires taking payment.
That's not the case, it applies just as much to free services.
Wordpress.org (and more so the associated services - slack etc) being available and (more importantly) *collecting and processing data* is offering a service.
> Fun fact, in the UK data protection laws will still cover cameras and whatnot taken from a household
They do indeed. In fact, it's not just cameras: as soon as you publicly share information you can't rely on the exemption because it doesn't cover it.
> Yea, but there is no standing for the UK to apply its laws on Matt.
You keep using the word standing, which is very much as US-centric term. I'm not, for a second, suggesting that anyone would try and enforce this in a US court.
Being able to enforce is (as I've already said) an entirely different kettle of fish.
> Their entire claim would be to apply UK law to someone not operating within the country.
Yes. Welcome to the intended design of GDPR.
Although you're right that EU GDPR and UK GDPR are now two seperate things, they're not actually particularly different things: we didn't really amend it after leaving the EU - the two are seperate since Brexit, but the way that they work is the same, albeit absent a few years of caselaw.
In fact, it's not GDPR that's extra-territorial (or intended to be). Have you seen the stuff they've been trying to bring it to make the internet "safe"? That's extra-territorial in nature too.
Ever since the US passed the CLOUD act, politicians on this side of the pond seem to have decided that what's good for the goose is good for the gander.
that_guy_iain|1 year ago
> It applies _by design_ to anyone or anywhere processing the data of an EU or UK citizen.
That is now how the law works. A court must have standing or jurisdiction or whatever word you want to use since you seem to think semantics are at the core of this issue here.
> You already linked to the relevant part of the ICO's guidance but appear to have misunderstood it: you've inserted an extra requirement - that it requires taking payment.
No, that's UK case law. Basic law 101. That is what the legal definition of goods and services is within the UK. If you don't understand that there are legal definitions for things then we're at the crux of your complete misunderstanding of law. And really we won't get anywhere.
>Wordpress.org (and more so the associated services - slack etc) being available and (more importantly) collecting and processing data is offering a service.
Not under UK law. UK law defines a service as something that is being paid for. This is hundreds of years old.
You would be heavily rebuked by a judge if you tried this nonsense in court of trying to redefine hundreds of years old case law to suit your opinion.
> Being able to enforce is (as I've already said) an entirely different kettle of fish.
No, that's the entire point. THE ENTIRE POINT. A court will not take up a case where it can't do anything.
Quite simply, your entire argument fundamentally depends on you not understanding UK GDPR, GDPR, or even basic law fundamentals.