Hacker News new | ask | show | jobs
by nabla9 3016 days ago
> How would EU law compel a non-EU entity

Because US and EU have singed agreements to that effect. It's the price US must pay for EU to allow American internet companies to serve EU customers.

It obviously applies to any company with direct business operations in any one of the 28 member states of the EU. But financial transaction is not nessesary for the extended scope of the law to kick in. Collecting personal data from EU citizen is enough.
1 comments
akerl_ 3016 days ago
Which agreement between the US and EU mandates this?
link
nabla9 3016 days ago
EU-U.S. and Swiss-U.S. Privacy Shield Framework.

It came to effect 2016 and replaced the Safe Harbor agreement.

link
akerl_ 3016 days ago
"While joining the Privacy Shield is voluntary, once an eligible organization makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law."

From https://www.privacyshield.gov/Program-Overview

link
nabla9 3016 days ago
U.S companies have option to either do legally binding self-certifications or outside compliance reviews.

If they don't do that, they have no authority to collect data from EU Citizens (no user accounts or customers from EU).

link