[josefx]

> The EU doesn't have such status or power over US companies.

US companies operating in the EU are subject to EU law. Worst case the company itself doesn't operate in the EU, however that still leaves its customers (Intel, AirBnB, etc. ) potential targets to apply pressure on.

[garmaine]

Does RocketReach have servers in the EU? Employees? Subsidiaries?

I generally don’t know in this case. But in general my European friends seem to think that merely having someone from the EU access a website makes that website’s owner have a presence in the EU, even if the server that handled it isn’t. That seems like overreach to me. If that were the case, I’d block EU access for any of my domains, and I don’t think we want a future where that becomes the norm. The ideals of the Internet are free exchange of ideas and information, no country-specific walled gardens.

[tomxor]

> The ideals of the Internet are free exchange of ideas and information, no country-specific walled gardens.

Your argument reduces to "freedom of speech" == "freedom to take and distribute personal information" (They are not equal).

Your walled gardens cherry on top only highlights the deficiencies that some countries have to protect personal information - Saying this is making the internet into walled gardens is like promoting tax evasion by using Ireland (in this case the US == Ireland, because it is deficient)

[himinlomax]

My understanding is that merely having a website that can be accessed from the EU may not by itself be enough to be subject to the GDPR. However collecting or processing data on EU citizens or residents certainly is. And almost all websites track users (even when it's not obviously useful to do so), so unless you go the USA Today route and create a site for the EU with no tracking, you have to comply.

There's also the question of who they sell the data to. It's hard to see why they would sell EU citizens/residents data to companies who don't have any EU presence themselves, so at least some of their customers are bound by the GDPR as far as these are concerned. Informed consent is required at every step, so for example they would need the EU subject's consent to buy that data from RocketReach.

[Silhouette]

A noticeable number of websites outside the EU did block access to people who appeared to be from the EU when the GDPR was introduced.

As for over-reach, the practical reality is that laws can be enforced extra-territorially if, and only if, the country that wants them has leverage. In some cases, that comes from making deals with other governments, where one or both give weight to the other's claims voluntarily in their own territory.

In other cases, it comes from networking effects. If you are a US-based business running a US-based website with no presence of any kind in the EU, then maybe the EU can't do anything to hurt you. On the other hand, if you have any relationships with other businesses that are within reach of the EU, they might be used as leverage to reach you.

Worst case, you find that anyone connected with your business who travels to the EU or anywhere with a relevant extradition treaty gets arrested. Obviously a reaction that extreme is unlikely, but if perhaps a government thinks you owe them lots of tax money or the personal data you aren't processing according to their wishes relates to some matter of their national security, stranger things have happened.

[samus]

If the companies don't have assets in the EU that can be affected by EU prosecution, then the GDPR is not enforceable. It might be possible to prosecute and trial management, but again this has only consequences if they enter EU jurisdiction or if they are extradited. Such issues and questions always arise with laws whose reach is extraterritorial. Keep in mind that the US has a fair number of these laws as well.

[fnord77]

deny entry or arrest executives of the company if they try to enter the EU. Surely some of these people travel...

[samus]

Yes, that would work. It's what the US does after all. I'm not optimistic though thah the EU is capable and mature enough to handle the ensuing diplomatic heat. At least not yet.

[oblio]

You do know that US law is imposed everywhere in the world, right? DMCA notices and stuff like that.

[kodablah]

This is not true. It is the choice of the local jurisdiction (or sometimes the company so chooses) to abide. The US does exert leverage in many situations as one might expect the EU to do. But acting as if every country is 100% beholden to US law with no sovereignty is wrong and just excuse-making. There are many places that don't respect DMCA making your statement very false.

[tomxor]

Maybe so but it is effectively imposed on all citizens of the world. Other than for the now rare cases that people are serving stuff up from their home.

[vixen99]

So it seems are parts of Chinese law. https://qz.com/1875863/hong-kong-national-security-law-cover...

[msla]

A country claiming its law is enforceable everywhere does not make it so.

[mindslight]

> The ideals of the Internet are free exchange of ideas and information, no country-specific walled gardens

> If that were the case, I’d block EU access for any of my domains

These two statements are at odds with each other ...

[garmaine]

Yes, that’s my point. It’d be a tragedy.

[mindslight]

It seems like you're trying to absolve yourself of responsibility by using a passive voice, similar to this recent trend of abusing the 451 status code. You would be the one choosing to block the EU and further balkanize the Internet.

[literallycancer]

Why don't you just comply with EU regulation though? Just like we have to comply with the KYC/AML that the US forces on everyone.

[rat9988]

Because they cannot enforce it. This is the same reason websites don't comply with african law. Wether it is morally wrong or right is an other question.

[Causality1]

It may just not be worth bothering. Most of the time when I see someone complaining about a page being blocked for Europeans it's some local American news outlet serving a town of five thousand people whose IT department consists of one guy in a broom closet.

[garmaine]

You do realize that Europeans et al have to deal with AML/KYC because of international agreements your countries have entered into? This isn’t just the US unilaterally saying “your banks and money processors must obey our laws.” The US passed extraterritorial laws, and then sought agreements from other countries to enforce these laws. The EU hasn’t done this. AFAIK there are no trade agreements or such that offer reciprocal rights to enforce GDPR. If the EU wants to enforce the GDPR globally, then that’s what they’d need to do.

[msla]

Because I didn't vote for it, not even indirectly.