[burfog]

"Rocketreach has not met the requirement of the GDPR to name an EU representative (Art27) to account for the processing of European Personal Data. In their answer, the CNPD makes it sound like it is optional, it isn't. Instead of pursuing Rocketreach locally on that basis alone"

LOL, yes.

I'm sure they also do not meet the legal requirements of North Korea, Saudi Arabia, and many others.

Likewise, various EU corporations do not meet the legal requirements of non-EU places like those. Would he prefer that they did?

Even more interesting, since he expects the US to follow EU law, how does he feel about the EU following US law? The US has that Patriot Act, and lots of EU companies are not compliant. Maybe he should report a few EU companies to the FBI.

[dtech]

> I'm sure they also do not meet the legal requirements of North Korea, Saudi Arabia, and many others.

China is the most straightforward example, companies cannot operate unless they basically do it through an - implicitly Chinese state controlled - partner company. China also has a literal Great Firewall monitoring, modifying or stopping all cross-border traffic. So yes, you have to play by their rules if you want access to the market.

US, EU and other western countries also require you to follow their - much more lenient - laws and rules for access to their market, but for now it's rarely enforced through blocking etc. Saudia Arabia, Russia, India, Turkey and other "second world" countries block a lot of services that don't follow their laws or government commands. Same thing: follow da rulez or our market is closed to you.

North Korea has their own exclusive "internet" and blocks all access to the regular internet except for a few highly monitored and controlled locations like universities and government institutes, which are not connected to the NK internet. Not comparable at all.

> Even more interesting, since he expects the US to follow EU law, how does he feel about the EU following US law? The US has that Patriot Act, and lots of EU companies are not compliant.

This is effectively already the case for a large part. All non-china global IaaS companies are US, so everyone has to play by US rules and law. I don't believe for a second that the NSA cannot get the data from the European Google/Amazon/Microsoft data centers.

[lvturner]

I think your information may be a bit out of date, in China you can own and operate as a WFOE

https://en.m.wikipedia.org/wiki/Wholly_foreign-owned_enterpr...

[tripletao]

WFOEs indeed exist, but there are many restrictions on the types of business they can conduct, both directly[1] and indirectly because activities require licenses[2] that WFOEs can't get. The grandparent post was wrong in the details, but it's still a different world from the USA or EU.

1. https://www.fdichina.com/blog/china-company-registration/ftz...

2. https://www.china-briefing.com/news/entry-strategy-chinas-on...

[dtech]

Could be, I'm not an expert. I'm mainly based that on stories I read regarding Tencent, ASML etc.

[luplex]

US companies should follow EU law when they are doing business in Europe, or processing EU citizens' data.

Likewise, EU companies should follow US law when they are doing business in the US.

Businesses should not operate in jurisdictions where they can't meet the legal requirements. At the very least, RocketReach should geoblock itself in Europe.