[DEADMINCE]

> Enforcement of the anti-bribery laws isn't really targeted at individuals traveling for fun. It is more meant to stop businesses from bribing officials.

That's fair enough. But then it isn't really comparable, is it? If I host a site for fun in the US that targets as much data as I can about EU citizens and targets EU citizens but doesn't break any US laws, I would still be targeted, right?

Not to mention, bribery is likely illegal in all or at least most countries.

> If you are looking for broad scopes, copyright and espionage are both areas where the US asserts it's right to prosecute non-citizens for acts committed outside the country.

These still are not good examples. Every country has laws to prosecute spies, and copyright has numerous international treaties.

These areas still don't compare, at all, to the EU saying EU law applies to anyone in any country if a EU citizen visits it and the site collects their data and targets them in a way Europe doesn't like.

> With this understanding, the EU laws aren't really any different.

You say in the age of the internet a lot of countries would like to persecute people outside their borders for offenses that take place, to some extent, in their borders.

The thing is, the EU is the first to actually claim the power to do so. The other examples you or anyone else gives just don't map for one reason or another.

[shkkmo]

> These still are not good examples. Every country has laws to prosecute spies, and copyright has numerous international treaties.

You are just moving the goal post yet again. I fail to see any difference between laws that govern forieng citizens movement of copyright data and laws that govern foriegn citizens movement of private data.

If anything, I think privacy laws are MORE ethically defensible than copyright laws since they tend to protect the powerless against the powerful rather than vice versa

> The thing is, the EU is the first to actually claim the power to do so

Again you are saying things that have been already shown to not be true.

[DEADMINCE]

> You are just moving the goal post yet again.

No, I'm not. I've been consistent from the start. Seriously, go look at my earlier replies.

All your examples are either laws that have treaties backing them, or don't apply to most people, or only apply in very specific circumstances.

None of them, absolutely NONE, are as far-reaching as the EU law. The EU claims it applies to ANY entity in ANY country so long as ANY EU citizen visits, and that entity collected data and targeted EU citizens in a way the EU didn't like.

That's what makes it different. That isn't moving the goal posts, that's pointing out very clearly that this apple very clearly isn't like your orange.

> Again you are saying things that have been already shown to not be true.

Only if you remove all relevant details that show everything I've said is absolutely correct.

Enough with the tribalism. There is no shame in admitting the EU made a far-reaching law, a first of its kind, that it has no hope of enforcing.

[shkkmo]

> Seriously, go look at my earlier replies.

I did, you mentioned 'treaties' for the first time in your last comment.

The ability of the USA to prosecute Kim DotCom didn't depend on any treaty. The extradition process did, but that is a question of custody.

In addition, there ARE numerous trade treaties that cover privacy, the right of countries to implement privacy regulation on international trade and specific protections that allow data exportation from the EU.

> The EU claims it applies to ANY entity in ANY country so long as ANY EU citizen visits, and that entity collected data and targeted EU citizens in a way the EU didn't like.

This is false. The entity has to be based in the EU or be offering goods and services to people in the EU to have the GDPR apply.

> There is no shame in admitting the EU made a far-reaching law, a first of its kind, that it has no hope of enforcing.

While it is a far reaching law, it is not the first of it's kind and there are thousands of fines and penalties issued under it each year.

> Only if you remove all relevant details that show everything I've said is absolutely correct.

I've already provided several examples that disprove your statment. The "relevant details" are the qualifications that you keep making up but conviently still leave off when making your false claims.

You've said so many false things throughout your comments, starting with the "US law as written is entirely reasonable and doesn't try to claim the law applies to US citizens anywhere in the world." which you even doubled down on with a double "absolutely" when I first called you on it.

At this point, I suggest you put far more effort into verifying the accuracy of what you say or nobody will take anything you say seriously. I certainly don't anymore.

[DEADMINCE]

I said "go look at my earlier replies" not specificly to say I had mentioned treaties earlier, but to say I hadn't been moving the goalposts. My point is the exact same.

> The extradition process did, but that is a question of custody.

This is the key point though. Plenty of western countries and especially AU/NZ are super buddy buddy with the US and happy to cooperate. Especially when they agree with the laws.

Most countries won't extradite someone for a (from their point of view) silly GDPR violation.

> In addition, there ARE numerous trade treaties that cover privacy, the right of countries to implement privacy regulation on international trade and specific protections that allow data exportation from the EU.

There is not a single treaty that covers allowing the EU the extraterritorial jjurusdiction they claim for the GDPR.

> This is false. The entity has to be based in the EU or be offering goods and services to people in the EU to have the GDPR apply.

You're right, my apologies - I should have added "offering goods and services to people in the EU" to be more specific, I had thought you would infer that from our discussion as I'd made that point previously, multiple times.

SO, here you go, a refined point: The EU claims it applies to ANY entity in ANY country offering goods and services to ANY EU citizen, and that entity collected data and targeted EU citizens in a way the EU didn't like.

That's what is ridicukous, that is what is entirely unlike any US law you've tried to compare it to. They have no ability to prosecute foreign violations and that's why, since teh GDPR came into effect, they never have.

> it is not the first of it's kind

It is. Specifically for declaring it's extraterritorial jurusdiction in the legislation, and because that can be aimed at anyone operating the 'wrong' type of website, not just officials or people commiting a specific crime.

> I've already provided several examples that disprove your statment.

No. You provided examples of laws that are not analogous, and I explained why that is.

> The "relevant details" are the qualifications that you keep making up but conviently still leave off when making your false claims.

I have not made a single false claim. Not one. You either have a misunderstanding of the GDPR, or you are going out of your way to defend and downplay the issues.

> you even doubled down on with a double "absolutely" when I first called you on it.

Yeah. I really suspect you are deliberatlly taking thing literally instead of just inferring what is obvious from the context so you can make these kinds of points, but instead of assuming bad faith I'll assume it's a misunderstanding.

> At this point, I suggest you put far more effort into verifying the accuracy of what you say or nobody will take anything you say seriously. I certainly don't anymore.

At this point, I suggest you do a little more research before jumping into these kinds of discussions. Sure, you caught me out with lacking a few qualifier, but my overall claim is absolutely correct.

No other western country has a law as far-reaching and widely applying as the GDPR, and no other western country has such a toothless law that has been so publicized that could never hope to be enforced.

[shkkmo]

> You either have a misunderstanding of the GDPR, or you are going out of your way to defend and downplay the issues.

I have a sufficient understanding to call you on your "non-literal" claims.

Call it what you will, but if you knew better and still made these "non-literal" claims, I call that "lieing".

[DEADMINCE]

I'm not lying and you know I wasn't. You can't support your point so you were looking to get points in any way you can. It's OK, I called out tribalism earlier on in the thread. I'm pretty used to it at this point. All good, no hard feelings.

Take care.