[usbqk]

Google analytics is against the law because they are American which means that they have to give up any data the us government asks of them. That’s the only illegal thing they do, and they are not better just for being American. They are better because they are better.

[dylan604]

There is so much wrong with this. There are legal processes for the US gov't to request that data legally. Any other means of obtaining that data is illegal even if it is done by an entity within the gov't. This isn't the CCP.

Google Analytics isn't better at anything other than their marketing has convinced everyone that it is a must have. If you believe 100% of the data from GA is accurate, then I have a bridge to sell you.

[martin8412]

Giving EU customer data to the US government is literally illegal for a company. There's not any process that somehow makes it legal without the collaboration of an EU member state.

The problem is that companies with a presence in the US can be forced to break the law of either the US or the EU. It's illegal to hand over the information to the US government, but it might also be illegal not to.

[dylan604]

How does that work exactly if there is no international branch of a company in the EU? If a company is online with a presence large enough to attract European visitors, are they required to open an office in the EU? If not, are they supposed firewall visitors? That's assinine sounding.

[morelisp]

They could not collect unnecessary personal data.

[dylan604]

Who's stopping them?

[morelisp]

I don't understand.

Do you mean, who's stopping them from not collecting personal data? No one, that's the point. If you're not collecting personal data none of this applies and you can serve whatever you want to people in the EU.

If you mean, who is stopping them from handing over data to the US government? That's exactly what this court case is about. They can't conduct commerce in the EU unless they have a mechanism to avoid that, and progressively more strict enforcement gets imposed by courts if they keep trying. (Eventually, presumably being detained if they try to enter an EU country, though I seriously doubt it would escalate that far in practice.)

[southerntofu]

If you have no business in a country then its laws don't apply to you. Google & others specifically break EU law because they have offices and branches across EU yet wipe their asses with consumer/privacy protections.

[whakim]

It depends. Based on your description, it sounds like the company in question wouldn't actually be subject to the GDPR. Simply attracting European visitors isn't sufficient; you have to be clearly intending to offer goods or services to those visitors. What that constitutes isn't black and white, but stuff like providing EU contact details on your website or specifically advertising to EU subjects might count.

[SAI_Peregrinus]

> There are legal processes for the US gov't to request that data legally.

Only legally for the US. Those processes aren't legal for the EU, so the transfer is illegal (for an EU web site).

[trasz]

Some of those "legal processes" involve secret kangaroo "security courts". It's not really any different from CCP in that regard.

[kevin_thibedeau]

> Any other means of obtaining that data is illegal

The government can always just ask. Very little data in the US is protected.

[heartbeats]

> That’s the only illegal thing they do

What about the cookie popups, with the "accept" vs. "more info" choices? Is that legal, then?

[morelisp]

Those are consent popups, not cookie popups, and no they’re probably not. (There needs to be a “Reject” option.) But the larger issues with bigger players get pursued first.

[southerntofu]

Not only there needs to be a reject option, but it must be the same size, weight and color so as not to influence the decision of the user. And be truthful, in most cases there should not be a banner at all: 99% of websites don't need cookies and when you do they're covered by other areas of GDPR (such as providing a requested service) which don't need explicit consent.

In all cases where you see a banner for accepting cookies, the company behind it is doing something nasty to the users. (i have yet to see a counter-example to that)

[remram]

You can be American without having your company transfer all the personal information of people visiting your customers to America.

edit: but you can be required to by law. You're right.

[onli]

No, you pretty much can't - not as an US-american company at least. That's what this problem is all about, and why the privacy shield deal between the US and the EU failed.

[remram]

Oh, I see what you mean. Being American you can be required to bring that data back, no matter your preferred data processing setup. Right, apologies.

[heartbeats]

Google could trivially re-domicile to Ireland if they wanted to. Just do a reverse merger, and have the services within the US provided by Google LLC, which becomes a subsidiary of Google Ireland Limited.