[matlock]

"What is more probable is tha FB will try a legal trick claiming they are an American company and they follow the laws of California, not EU, even if they gladly accept European advertisers's money via Ireland"

That is specifically not possible under GDPR. It doesn't matter where your company sits, if you store data from europeans (or people living in europe) you have to follow the GDPR with potential for severe punishment. There really is no loophole afaik.

[lamename]

> ... if you store data from europeans (or people living in europe) you have to follow the GDPR ...

Does that mean the company has to follow it even for non-European users?

[hvidgaard]

No. For all users within EU it must follow the GDPR. If you are a US citizen and access FB from EU, they must follow the GDPR, as far as I understand it.

And being FB, they really do not have a choice, since the EU do have leverage over them because they're doing business here.

[r3bl]

I live in the EU. If I'm your "customer" (as in, you store my personally identifiable data), you have to comply with GDPR, regardless of where your company is.

Hope that simplifies things.

[jotato]

How can the EU punish a business with no EU location? An American company is not bound by another countries laws

[btilly]

If you do business within a country and that country rules against you, they can certainly stop you doing business within that country.

They can also file a case in the country that you do belong you to get you to pay your fines in the original country. This sometimes works.

[Spivak]

A company is bound by the laws of every country it does business in under threat of not being able to continue doing business there.