|
|
|
|
|
|
by r3bl
2742 days ago
|
|
|
It depends on who you ask, and hasn't been tested in court. > Under Article 3, Section 2, of the Regulation, GDPR reaches data controllers and data processors who are not established in the EU when they process "personal data of data subjects who are in the Union" -- where the processing of that data relates to "the offering of goods or services... to such data subjects in the Union" and/or tracking their behavior to the extent it "takes place within the Union." > Note the key phrase that keeps cropping up: "in the Union." > "[T]here are lots of uncertainties as to what [GDPR's territorial scope] is and should be," Michèle Finck, a research fellow at the Max Planck Institute, told Security Now. "Most people seem to agree that the relevant criterion is whether you're based in the EU at the moment data is collected -- citizen or not." Source: https://www.securitynow.com/author.asp?section_id=613&doc_id... |
|
|