[dylan604]

There is so much wrong with this. There are legal processes for the US gov't to request that data legally. Any other means of obtaining that data is illegal even if it is done by an entity within the gov't. This isn't the CCP.

Google Analytics isn't better at anything other than their marketing has convinced everyone that it is a must have. If you believe 100% of the data from GA is accurate, then I have a bridge to sell you.

[martin8412]

Giving EU customer data to the US government is literally illegal for a company. There's not any process that somehow makes it legal without the collaboration of an EU member state.

The problem is that companies with a presence in the US can be forced to break the law of either the US or the EU. It's illegal to hand over the information to the US government, but it might also be illegal not to.

[dylan604]

How does that work exactly if there is no international branch of a company in the EU? If a company is online with a presence large enough to attract European visitors, are they required to open an office in the EU? If not, are they supposed firewall visitors? That's assinine sounding.

[morelisp]

They could not collect unnecessary personal data.

[dylan604]

Who's stopping them?

[morelisp]

I don't understand.

Do you mean, who's stopping them from not collecting personal data? No one, that's the point. If you're not collecting personal data none of this applies and you can serve whatever you want to people in the EU.

If you mean, who is stopping them from handing over data to the US government? That's exactly what this court case is about. They can't conduct commerce in the EU unless they have a mechanism to avoid that, and progressively more strict enforcement gets imposed by courts if they keep trying. (Eventually, presumably being detained if they try to enter an EU country, though I seriously doubt it would escalate that far in practice.)

[southerntofu]

If you have no business in a country then its laws don't apply to you. Google & others specifically break EU law because they have offices and branches across EU yet wipe their asses with consumer/privacy protections.

[whakim]

It depends. Based on your description, it sounds like the company in question wouldn't actually be subject to the GDPR. Simply attracting European visitors isn't sufficient; you have to be clearly intending to offer goods or services to those visitors. What that constitutes isn't black and white, but stuff like providing EU contact details on your website or specifically advertising to EU subjects might count.

[SAI_Peregrinus]

> There are legal processes for the US gov't to request that data legally.

Only legally for the US. Those processes aren't legal for the EU, so the transfer is illegal (for an EU web site).

[trasz]

Some of those "legal processes" involve secret kangaroo "security courts". It's not really any different from CCP in that regard.

[kevin_thibedeau]

> Any other means of obtaining that data is illegal

The government can always just ask. Very little data in the US is protected.