[icebraining]

But (I'm pretty sure) it would be illegal for someone from a no-pornography country to view that site.

Using that analogy, then it would be Stross the one committing the offense, not Klout?

So my understanding is what klout does is 'fine' for US users, but gathering data on UK/EU users is subject to EU data protection laws.

That would be the same as it being illegal for a US site to distribute pornography to a person in a country where it was illegal.

The fact is, unless Klout is hosted or incorporated in the UK or EU, the latter have no jurisdiction over the company, and such their laws don't apply.

[cstross]

<em>The fact is, unless Klout is hosted or incorporated in the UK or EU, the latter have no jurisdiction over the company, and such their laws don't apply.</em>

Try telling that to the US government, which hounds internet gambling sites wherever they're based.

The issue of territorial jurisdiction and law on the internet is a really complex one, and much more so when you deal with a fundamental mis-match between legal systems (the EU constitutional-level right to privacy vs. the US lack of same).

[randallsquared]

Try telling that to the US government, which hounds internet gambling sites wherever they're based.

So, in effect, you're arguing that it's perfectly legitimate for the US government to do this?

[Tuna-Fish]

I'd say he isn't. But the US government will do it all the same, and at least some of the EU governments would probably also apply the privacy laws on companies dealing with their citizens. (Probably not UK, but France is a good candidate, and Germany is also reasonably rabid about it's privacy laws as of late.)

Law gets really complicated when you cross international boundaries, and usually everyone involved will assert their right to impose laws on you, and whether they actually do this mostly depends on how easy it would be for them to do it.

If you base legal decisions about your business on abstract principles, you might just get detained the next time you route through an airport that belongs to someone you've mightily pissed off. Generally, it's smarter to strive for not offending anyone, or if you cannot manage that, strictly not visiting or in any way depending on countries whose laws you might have broken. For example, if your site is not strictly legal under US law, don't host in under .com.

[vidarh]

> The fact is, unless Klout is hosted or incorporated in the UK or EU, the latter have no jurisdiction over the company, and such their laws don't apply.

Jurisdiction is up for the court and legislative to decide.

I do believe that UK courts will assert jurisdiction in cases such as this. UK courts certainly do assert worldwide jurisdiction in other situations - one of several reasons why UK courts are so popular for people who wish to sue for libel, for example.

[MattBearman]

Both good points, well played :)

All I can say is as a UK resident I feel like UK data protection laws should protect me from a company like this no matter where they are based.

[jellicle]

> The fact is, unless Klout is hosted or incorporated in the UK or EU, the latter have no jurisdiction over the company, and such their laws don't apply.

Entirely untrue. Jurisdiction is a legal term. If a matter directly affects UK citizens in the UK it's very clear that a UK court will consider itself to have jurisdiction over that matter.

The actual reach of the court's power is a different matter. If the offender has absolutely no assets in the UK, and no intention of ever having them, and lives in a country with no extradition treaty with the UK, then perhaps the UK has no ability to punish them. I do not think that is true for the company in question.