Hacker News new | ask | show | jobs
by standing_user 1125 days ago
Nothing new, until a proper legal basis is defined for transatlantic data transfer all services with us based company and data centers are in violation of GDPR
1 comments
AlecSchueler 1125 days ago
GDPR only comes into effect when the data is stored locally right? At my old company we worked on a bunch of private data from American citizens and were always careful to keep it in the cloud, since if we downloaded it onto our local computers we'd have to care about the people's privacy.

Maybe it was just for show.

link
donohoe 1125 days ago
‘Locally’? No.

GDPR comes into effect if you are dealing with personal information of EU residents, and you have legal exposure to the EU. (Not a lawyer)

link
tooba 1125 days ago
Nope.

Article 3(1) of GDPR "This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not."

Recital 14 of GDPR "The protection afforded by this Regulation should apply to natural persons, whatever their nationality or place of residence, in relation to the processing of their personal data."

link
AlecSchueler 1124 days ago
Thanks for that, looks like the company was just breeching then!
link
s_dev 1125 days ago
>GDPR only comes into effect when the data is stored locally right?

It applies to EU citizens globally. If you store data on EU citizens -- you're expected to comply with GDPR. This will be ineffective for small companies in the US or China but nearly all large companies will have a presence in the EU.

link
M2Ys4U 1125 days ago
The GDPR has absolutely nothing to do with citizenship, I don't know why this myth won't die.

It applies when you process data about people physically in the EU (whether they're citizens, residents, on holiday or just transiting through) or if the person/company doing the processing is based in the EU.

link
jkaplowitz 1124 days ago
Quite a lot of seeming authority figures do repeat the myth, that’s why. You’re entirely right that it’s false.
link
JoshTriplett 1125 days ago
It applies to companies who store data on EU citizens and have any legal basis requiring them to comply with EU law. (No country should be able to say its law applies globally to people or companies not under their jurisdiction. And even if you're a fan of GDPR, there are plenty of countries whose jurisdictions you wouldn't want to be under.)
link
tooba 1125 days ago
Recital 14 of GDPR is the relevant wording

"The protection afforded by this Regulation should apply to natural persons, whatever their nationality or place of residence, in relation to the processing of their personal data."

link
pg_1234 1124 days ago
"should"
link