[tuke]

I would strongly advise that we read carefully the language for Art. 3, "Territorial scope," which says:

  (2) This Regulation applies to the processing of personal data
  of data subjects who are in the Union by a controller or processor
  not established in the Union, where the processing activities
  are related to:

    (a) the offering of goods or services, irrespective of whether
    a payment of the data subject is required, to such data subjects
    in the Union; or

    (b) the monitoring of their behaviour as far as their behaviour
    takes place within the Union.

So, I would ask: Has HN made an "offering of goods or services . . . to such data subjects in the Union"? (https://gdpr-info.eu/art-3-gdpr/)

The critical issue is that word: "offering."

The language here seems to be about intentions. Has HN "offered" anything to data subjects in the Union? Maybe not. To be sure, people in the EU may have chosen to look at HN, but has HN sought to "offer" to them?

(The presence of a domain such as news.ycombinator.eu would tip to "yes.")

[rdlecler1]

HackerNews is a content marketing platform for YC. They likely have European LPs and they certainly have European startups. I can’t see how they would avoid this and similarly, you just need a couple disgruntled founders who didn’t get accepted to cause a stir and report them.

[strictnein]

A country can't tell foreign citizens how to behave, even if the country (or group of countries, in this case) writes a law saying they can.

[viraptor]

In practice that's not true on many levels. Law enforcement happens across borders. (extradition (yes, in most cases it has to be a valid crime on both sides)) One country's law enforcement also can influence what other countries do without a good proof of anything. (Kim dot com?) That applies outside of LE as well. (points in the general direction of Middle East)

And then there's the soft influence of "we're big enough, we can dictate the rules, because who else will you trade with" which affected things like patent laws and trademarks around the world. It's interesting to see the US finding itself on the other side of that conversation sometimes.

[eesmith]

According to the Geneva Convention, war crimes have international jurisdiction.

This means that a court in, eg, Spain can "tell foreign citizens how to behave"

[strictnein]

GDPR isn't a treaty. The US hasn't signed on to it.

[eesmith]

strictnein's comment was blanket statement, and not limited to GDPR.

More specifically, tuke pointed out the territorial scope of GDPR, and strictnein's response seemed to argue that the underlying premise should be invalid.

My comment was to point to a counter-example that is already widely supported.

[eesmith]

Downvoted? Why? By people who defend the sovereign right to carry out war crimes?

[Geee]

I think offering the service means being available. They would have to block EU users in order to not offer to them.

[dangrossman]

Read recital 23. The mere accessibility of a website to people in EU is not sufficient to determine if EU persons are targeted.

[pvg]

"offering" is not a critical word here, you almost certainly can't weasel out of the regulations by claiming you're not actively "offering" anything. If you put it online and EU users use it, you're offering it to them.