Hacker News new | ask | show | jobs
by akerl_ 931 days ago
I don’t think I dispute that the GDPR and related laws claim to apply to me if I have a website that EU residents access.

I dispute that they have jurisdiction to actually apply their laws to me, any more than the US can charge somebody with violating FCC regulations for a radio signal sent from Norway.

There are specific things like extradition treaties, trade agreements, and parallel legislation that cover existing areas where this happens. Is there one that covers application of the GDPR in the US?
2 comments
fenier 931 days ago
The U.S. and the EU signed the Data Privacy Framework over this past summer. https://www.dataprivacyframework.gov/s/ This offers methods for EU residents to exercise claims against U.S. businesses.

Among other requirements, a participating organization must provide you:

  Information on the types of personal data collected
  Information on the purposes of collection and use
  Information on the type or identity of third parties to which your personal data is disclosed
  Choices for limiting use and disclosure of your personal data
  Access to your personal data
  Notification of the organization’s liability if it transfers your personal data
  Notification of the requirement to disclose your personal data in response to lawful requests by public authorities
  Reasonable and appropriate security for your personal data
  A response to your complaint within 45 days
  Cost-free independent dispute resolution to address your data protection concerns
  The ability to invoke binding arbitration to address any complaint that the organization has violated its obligations under the DPF Principles to you and that has not been resolved by other means
https://www.dataprivacyframework.gov/s/article/My-Rights-und...
link
db48x 931 days ago
> There are specific things like extradition treaties, trade agreements, and parallel legislation that cover existing areas where this happens. Is there one that covers application of the GDPR in the US?

Nope. Extradition only covers the case where you go to some other country and commit a crime there, then return to the US. If the crime you committed there is serious, and is also a crime here, then extradition can apply. There are other conditions as well, but the key is that it has to be a crime in both places.

Europeans can claim that you must follow their laws until they are blue in the face but it won’t magically become true. You can safely ignore it. Enjoy competing against European businesses without having to pay any of the same costs.

link
fenier 931 days ago
Even if you do not have to comply with GDPR, 12 States have passed data privacy regulations to date. You may still need to comply with data protection law regardless if you qualify for various State laws.

Even if State law doesn't apply - you have have HIPAA, GLBA, SOX etc.

link
db48x 930 days ago
All irrelevant to the question. But it of course true that we have plenty of our own laws to follow.
link