[jonas123]

Don't think so:

> In May of 2018, a major upgrade to Europe’s overarching data protection framework becomes enforceable. This will be followed by a companion piece of legislation pertaining to data in transit. The extraterritorial nature of these two frameworks — they protect the privacy rights of people in Europe regardless of where their data is collected — means that they will become the de facto standard for privacy around the world. [1]

[1] https://www.smashingmagazine.com/2018/02/gdpr-for-web-develo...

[DoreenMichele]

IANAL, but as far as I know, the world has not yet tested the legal authority of the EU to impose rules upon entities outside the EU. So my general impression is that the EU is possibly overstepping their authority and the world might decide they are not allowed to dictate standards globally.

Someone more knowledgeable than me please correct me if I am wrong.

[babalulu]

It's not a question of legal authority. It's a matter of if a company wants to do business in the EU, they have to follow EU laws. The EU isn't imposing laws on other countries. If a company does no business with EU citizens and collects no data on EU citizens, they don't have to follow GDPR. If they do collect data on EU citizens, they have to follow the law, regardless of where they're located, or face fines. It's a consumer protection law. It's no different than, for example, requiring products from Chinese companies to pass US safety regulations before they're allowed to be sold in the US.

[DoreenMichele]

The problem with your example is that the internet does not work exactly like meat space. Why not compare it to tourists shopping while on vacation in China and purchasing items that could not be sold in the US, then bringing them back in their luggage?

In that case, either the tourist who bought it is the one in the wrong and will need to forfeit it at the border, or the law does not apply.

I see no reason why the conclusion about the GDPR cannot be "EU companies on EU soil need to comply, but EU citizens touring the internet via non EU sites are on their own and proceed at their own risk, without protection from the GDPR."

IANAL, but I have had a couple of law classes. Also, one of the things I do know is that we have no world government and laws regarding international internet stuff are breaking new ground daily because it is an unprecedented circumstance that doesn't one-for-one compare to historical legal precedents.

I imagine if we ever get a world government, it will be an emergent event and it will grow out of the current trend of multiple countries joining together to form blocks like the EU. But I see absolutely no reason why any country outside the EU should be presumed to be subject to EU laws just because EU citizens are capable of accessing their sites via internet.

If someone has an article that shows this has been established as a precedent the world accepts, I would be interested in seeing it. But I am not aware of any established precedent suggesting the EU will by default be accepted as having the authority to dictate standards across the globe.

[outside2344]

So what you are arguing is that China can enforce their laws around censorship on EU companies when their citizens use a site hosted in the EU?