[oarsinsync]

I'm not sure how I feel about the screenshot at the end, showing that various policy makers also have their personal information being sold.

I guess the information is out there, and doing so also makes it definitively personal for the policy makers / enforcers involved.

That said, the policy makers / enforcers may be genuinely hamstrung. The US imposes its laws globally because of it's status as a global reserve currency (trading in USD requires the transaction to route via the US, thus making the entity subject to US law).

The EU doesn't have such status or power over US companies. The most it can do is try to prevent them from operating in the region.

As a person who almost certainly has his personal information being sold on this platform, I'm not pleased, and would love to see something done to prevent this kind of activity. Unfortunately, that depends on the US government to take action, and the last 12 years haven't been a flying endorsement of the effectiveness of the current government system. (This is not meant as an statement regarding the effectiveness of either President, but rather a regarding the low output from the system as a whole)

[josefx]

> The EU doesn't have such status or power over US companies.

US companies operating in the EU are subject to EU law. Worst case the company itself doesn't operate in the EU, however that still leaves its customers (Intel, AirBnB, etc. ) potential targets to apply pressure on.

[garmaine]

Does RocketReach have servers in the EU? Employees? Subsidiaries?

I generally don’t know in this case. But in general my European friends seem to think that merely having someone from the EU access a website makes that website’s owner have a presence in the EU, even if the server that handled it isn’t. That seems like overreach to me. If that were the case, I’d block EU access for any of my domains, and I don’t think we want a future where that becomes the norm. The ideals of the Internet are free exchange of ideas and information, no country-specific walled gardens.

[tomxor]

> The ideals of the Internet are free exchange of ideas and information, no country-specific walled gardens.

Your argument reduces to "freedom of speech" == "freedom to take and distribute personal information" (They are not equal).

Your walled gardens cherry on top only highlights the deficiencies that some countries have to protect personal information - Saying this is making the internet into walled gardens is like promoting tax evasion by using Ireland (in this case the US == Ireland, because it is deficient)

[himinlomax]

My understanding is that merely having a website that can be accessed from the EU may not by itself be enough to be subject to the GDPR. However collecting or processing data on EU citizens or residents certainly is. And almost all websites track users (even when it's not obviously useful to do so), so unless you go the USA Today route and create a site for the EU with no tracking, you have to comply.

There's also the question of who they sell the data to. It's hard to see why they would sell EU citizens/residents data to companies who don't have any EU presence themselves, so at least some of their customers are bound by the GDPR as far as these are concerned. Informed consent is required at every step, so for example they would need the EU subject's consent to buy that data from RocketReach.

[Silhouette]

A noticeable number of websites outside the EU did block access to people who appeared to be from the EU when the GDPR was introduced.

As for over-reach, the practical reality is that laws can be enforced extra-territorially if, and only if, the country that wants them has leverage. In some cases, that comes from making deals with other governments, where one or both give weight to the other's claims voluntarily in their own territory.

In other cases, it comes from networking effects. If you are a US-based business running a US-based website with no presence of any kind in the EU, then maybe the EU can't do anything to hurt you. On the other hand, if you have any relationships with other businesses that are within reach of the EU, they might be used as leverage to reach you.

Worst case, you find that anyone connected with your business who travels to the EU or anywhere with a relevant extradition treaty gets arrested. Obviously a reaction that extreme is unlikely, but if perhaps a government thinks you owe them lots of tax money or the personal data you aren't processing according to their wishes relates to some matter of their national security, stranger things have happened.

[samus]

If the companies don't have assets in the EU that can be affected by EU prosecution, then the GDPR is not enforceable. It might be possible to prosecute and trial management, but again this has only consequences if they enter EU jurisdiction or if they are extradited. Such issues and questions always arise with laws whose reach is extraterritorial. Keep in mind that the US has a fair number of these laws as well.

[fnord77]

deny entry or arrest executives of the company if they try to enter the EU. Surely some of these people travel...

[samus]

Yes, that would work. It's what the US does after all. I'm not optimistic though thah the EU is capable and mature enough to handle the ensuing diplomatic heat. At least not yet.

[oblio]

You do know that US law is imposed everywhere in the world, right? DMCA notices and stuff like that.

[kodablah]

This is not true. It is the choice of the local jurisdiction (or sometimes the company so chooses) to abide. The US does exert leverage in many situations as one might expect the EU to do. But acting as if every country is 100% beholden to US law with no sovereignty is wrong and just excuse-making. There are many places that don't respect DMCA making your statement very false.

[tomxor]

Maybe so but it is effectively imposed on all citizens of the world. Other than for the now rare cases that people are serving stuff up from their home.

[vixen99]

So it seems are parts of Chinese law. https://qz.com/1875863/hong-kong-national-security-law-cover...

[msla]

A country claiming its law is enforceable everywhere does not make it so.

[mindslight]

> The ideals of the Internet are free exchange of ideas and information, no country-specific walled gardens

> If that were the case, I’d block EU access for any of my domains

These two statements are at odds with each other ...

[garmaine]

Yes, that’s my point. It’d be a tragedy.

[mindslight]

It seems like you're trying to absolve yourself of responsibility by using a passive voice, similar to this recent trend of abusing the 451 status code. You would be the one choosing to block the EU and further balkanize the Internet.

[literallycancer]

Why don't you just comply with EU regulation though? Just like we have to comply with the KYC/AML that the US forces on everyone.

[rat9988]

Because they cannot enforce it. This is the same reason websites don't comply with african law. Wether it is morally wrong or right is an other question.

[Causality1]

It may just not be worth bothering. Most of the time when I see someone complaining about a page being blocked for Europeans it's some local American news outlet serving a town of five thousand people whose IT department consists of one guy in a broom closet.

[garmaine]

You do realize that Europeans et al have to deal with AML/KYC because of international agreements your countries have entered into? This isn’t just the US unilaterally saying “your banks and money processors must obey our laws.” The US passed extraterritorial laws, and then sought agreements from other countries to enforce these laws. The EU hasn’t done this. AFAIK there are no trade agreements or such that offer reciprocal rights to enforce GDPR. If the EU wants to enforce the GDPR globally, then that’s what they’d need to do.

[msla]

Because I didn't vote for it, not even indirectly.

[ivan_gammel]

EU can and should sanction such businesses, individuals behind it and their suppliers. Basically, just do the same as USA does to Nord Stream 2. This will be painful enough.

[sam_lowry_]

And their clients, if necessary.

[Vinnl]

> The EU doesn't have such status or power over US companies. The most it can do is try to prevent them from operating in the region.

Wouldn't that already be quite a step? I don't know who they're selling the data to, but it should at least be possible to prevent them from selling that data to organisations with a European presence, right?

[burntoutfire]

> trading in USD requires the transaction to route via the US

Is this correct? How's that enforced? Say, I have a company in Poland which sells some goods for a million dollars to another company in Poland. We both have USD accounts in Polish banks and the transfer is between these accounts. How does the money route via the US?

[PeterisP]

It's not enforced but it's a de facto practical requirement.

If Polbank (forgive me for the bastardized names) wants to give 1M USD to Bankpolska, they either need to ship cash (which can be done but is expensive or tricky) or have a specific bilateral agreement betwene them (which can be done and is done sometimes, but linking every bank with every other bank bilaterally does not scale), or need some interbank settlement system that will do that, but there's no such system in which they can participate. E.g. there's Fedwire but neither Polbank or Bankpolska can be direct members as far as I understand (they generally are not members; I'm not certain if it's caused by some strict limitation or just practicalities and costs.)

So the standard means is to use 'correspondent banks' e.g. USA banks that do that for them. Polbank might have an USD account with Chase or Citi, and Polbank can ask Chase (via a SWIFT message usually) "hey transfer $1m from our account to Bankpolska, it's cover for a customer deal #1234" - but this means that the transaction "goes through" USA.

Alternatively, multinational banks may have branches in both USA and Poland and so they can be direct participants and settle this directly, however, then it would involve a Fedwire transfer (in USA, subject to USA laws and limitations) between Polbank USA branch and Bankpolska USA branch.

That's standard practice for pretty much every currency. EUR settlement between two American banks usually (not always, there are various options) goes through EU, RUB settlement usually goes through Russia, etc.

If there's a sufficient need, Polish banks could establish an interbank settlement system through which they could transfer USD directly (e.g. similar to the one they have for transfering Polish zloty), but it's a hassle and has costs, so currently they have not done so because for them it's generally not a problem to route all USD payments through USA.

[twic]

There have occasionally been efforts to do large international USD transactions which don't touch the US, usually because one or both of the participants is under US sanction. There is enough USD infrastructure in London that it may be an alternative to New York, but everyone involved has to scrupulously avoid any interaction with any machinery under US jurisdiction, which is quite difficult.

I learned about this from reading the case brought in he UK by the US government to try to stop this happening. I didn't bookmark it, and of course can't find it now.

Not this, but an example of how it can go wrong:

> According to the settlement agreement, BACB actively solicited U.S. dollar business from Sudanese banks and processed the transactions by way of an internal book transfer process that involved a nostro account maintained at a foreign bank (Bank B) located in a country that imports Sudanese-origin oil. (A nostro account is an account a bank holds in a foreign currency in another bank.) Although these transactions were not processed to or through the U.S. financial system, the process to fund BACB’s U.S. dollar nostro account at the foreign bank did involve transactions processed by or through U.S financial institutions in apparent violation of the U.S. economic sanctions.

https://www.nafcu.org/compliance-blog/ofac-dings-london-bank...

[inshadows]

> If there's a sufficient need, Polish banks could establish an interbank settlement system through which they could transfer USD directly (e.g. similar to the one they have for transfering Polish zloty), but it's a hassle and has costs, so currently they have not done so because for them it's generally not a problem to route all USD payments through USA.

Doesn't it still need to be involved with USA? I mean, sure, they can use this settlement system to trade between each other independent of Fed, but ultimately the funds in the settlement system have to be stored as reserves in Fed, i.e. in some bank under US jurisdiction. So, after all, US still has control over this new settlement system, but now they can't freeze individual accounts in it, they can only freeze funds in reserve account(s) that this system consist of, potentially affecting many (innocent) parties. Am I right?

[raverbashing]

Thanks for the explanation this makes more sense

[dogma1138]

Euro dollars are constantly traded without going through the US.

CLS currencies and any currency which is fully convertible can be used in transactions without any involvement of the jurisdiction that minted the currency in the first place.

The USD has a huge settlement infrastructure that is completely independent of the US.

[inshadows]

Doesn't it still involve accounts in US banks though? Please see my direct reply PeterisP for explanation. I cannot see how could it work without Fed oversight as it would allow it to "print" dollars.

Also, could you please share more info? I'm very interested in financial settlement system, especially for USD and EUR, but sadly there's too little public resources.

[burntoutfire]

Thanks, a reply like this is why I come to Hacker News!

[oarsinsync]

The bank will either have a presence in the US itself, or it'll have a partner that does that it'll route the transaction through.

If you've done a USD transfer, it'll most likely be a SWIFT transfer, and you can ask your bank for the SWIFT routing log. You'll most likely see an NYC bank (or NYC branch of your bank) in the middle.

[HelloNurse]

SWIFT is a communication network, it replaces the letters and couriers ancient banks would have used to agree that payments have been ordered and funds have been moved. Payment don't "go through" any bank that hasn't been explicitly requested. The whole point of the SWIFT network is that it is global and it allows you to reach every branch of every bank.

There are of course banks whose SWIFT processing is handled by someone else, but they are usually service bureaus or central offices within a conglomerate, not partners in a specific country.

[raverbashing]

I'm not sure about this. I think you're conflating SWIFT transfers with USD transfers

USD is fully convertible https://www.kantox.com/en/glossary/fully-convertible-currenc...

I can "take dollars out of my pocket" and pay you without going through the US no problem

[imhoguy]

USD transfers even within same non-US based bank let's say same example in Poland is done with SWIFT, but unlikely it goes thru NYC bank as the cost is none and the transfer is instant. SWIFT is used only for addressing and accounting in such case.

[PeterisP]

Within the same bank it's just internal accounting. But when two different banks are involved, an USD transfer generally goes through USA.

[dogma1138]

No it doesn’t, https://en.m.wikipedia.org/wiki/Eurodollar.

Not to mention that since the USD is a CLS/FCC currency you can perform correspondent banking transactions with it without having any government involved in the process.

[cosmodisk]

It gets quite interesting when foreign currency is involved: https://en.m.wikipedia.org/wiki/Nostro_and_vostro_accounts