Hacker News new | ask | show | jobs
by moreira 2642 days ago
Not to mention that the website is accessible from the EU, and you're required -by law- to obtain consent to store this personal data, and to tell people what exactly you're going to do with it, and with whom you're sharing it (if anyone).

I know everyone's used to the wild west but I'm glad that's changing, because of comments like yours - this transparency should NOT be something done out of the website owner's good heart (because as we've seen, most will just give us the finger), but enforced by law.

Edit: For the record, wastemaster's actually quite nice, and this is not directed at them, just websites in general.
2 comments
deytempo 2642 days ago
How exactly would anyone in the EU prosecute someone outside of it for running their own website if that individual does so outside of the EU and does not have any organization or company they are affiliated with. Just because something is accessible from the EU does not make it under their jurisdiction to police.
link
icebraining 2642 days ago
The EU claims jurisdiction based on the fact that part of the interaction occurred in the EU, so they can fine you (it should be noted that the GDPR applies to data related to people in the EU, not related to EU citizens living elsewhere). Whether they can collect on those fines is a different matter.
link
deytempo 2642 days ago
How do they intend to fine non EU residents hosting a website outside of the EU? I could see if it was a company but if someone is running a server with a not for profit site on it with no way to identify the site owner and an EU resident visits it, good luck trying to fine anyone. The EU does not own or even control the internet outside of their borders.
link
deytempo 2642 days ago
After doing some research it appears that only businesses and organizations are responsible for compliance with GDPR
link
jodrellblank 2642 days ago
and you're required -by law-

Does the GDPR apply to non-commercial, non-business, non-organizations?

link
plibither8 2642 days ago
Yes. If the organisation/company/service is processing the data of the users, GDPR applies.

https://gdprexplained.eu/who-has-to-comply/

link