[mhitza]

Since they don't operate directly in the EU, there is not much else they can do aside from collaborating with other countries DPAs to ban any EU company from integrating with them (per the article currently only companies in the Netherlands are banned).

Even the fine itself is a bit problematic because it looks like unenforceable as they don't operate in the EU thus not subject to EU law.

However if it were to be discovered that the user images where not only retrieved by scrapping publicly available information, but involved data brokerage or other forms of personal information selling all those involved throughout that chain could be fined.

[Teever]

They can also arrest the employees of the company who is breaking their laws the next time they step foot in the EU.

[ronsor]

This is not a practice you want to normalize.

[Mordisquitos]

Neither do you want to normalise organisations violating the rights of a given state's citizens with impunity because they operate from outside of their jurisdiction and refuse to engage. If there's no other recourse than to arrest the members of the (for all intents and purposes) criminal organisation if they step foot in the affected state then so be it.

[gjsman-1000]

Why not? Sends a strong message; and also forces employees to think about what they are doing instead of passing the buck.

This is also not like some stupid patent dispute or DMA compliance argument. These employees are directly responsible for stockpiling personal identities of millions of people for the express purposes of making the surveillance efforts of their government easier. That's a very political action, which is directly aggressive against a country's citizens, and they should feel that.

[doh]

There are 27 countries in EU with different motives, morals, interests, etc. Just because you agree with the decision of one country in one instance it doesn't mean you would agree with them all. But once you give them the powers it's impossible to take them back. It's a bad slippery slope.

[Teever]

Just to be clear here, your issue is with the number of member states in the EU?

In other words you would be fine with Canada arresting employees of Clearview if they tried to enter the country after Canada deemed them profiting members of an organization that was breaking the law in Canada?

[kiratp]

Are you sure you haven't violated the laws of any of the other 190+ countries? sure enough to risk taking another vacation?

[gjsman-1000]

Depends on where I'm going.

If I go to Saudi Arabia after having called for their leader to be executed on X for his treatment of women, yeah, probably not a good idea to go.

If I go to Iran after saying Khamenei deserves a rocket to his mansion, yeah, probably not a good idea to go.

If I go to Europe after having run a multi-million dollar scheme affecting European countries by white-labelling services from North Korea (legal in Brazil), and I'm a Brazilian citizen and know Brazil almost never extradites, yeah, probably not a good idea to go.

If I go to the US with my two 12 year old brides from Niger, yeah, probably not a good idea to go.

[Mordisquitos]

In addition to the examples you mention, if you become involved in doping at an international competition in which US American athletes were competing, it's probably not a good idea to travel there: https://en.wikipedia.org/wiki/Rodchenkov_Anti-Doping_Act_of_...

[Teever]

Is it really so unreasonable to expect that countries prosecute people who commit crimes against their citizens with expectation of impunity the next time they visit their country?

You're proposing an alternative where people can just commit crimes with no recourse from the victims simply because a border exists somewhere and they commit the crimes on one side of the border.

Would you expect it to be reasonable for Canadian citizens to be shooting at Americans on the border and it unreasonable for American authorities to arrest them if they came to America?

[ronsor]

> Would you expect it to be reasonable for Canadian citizens to be shooting at Americans on the border and it unreasonable for American authorities to arrest them if they came to America?

Physical violence is incomparable to working at a company that did something that would be illegal in a certain jurisdiction. Should the person maintaining Clearview's website be arrested in the EU simply because they work there?

[btbuildem]

A little bit of consequences for the C-suites would go a long way, actually.

[sensanaty]

I think you'll find most people would be more than happy to see a few scummy C-suites landing behind bars. I certainly welcome it and can't wait for the day when these psychopaths actually get punished for their greedy behaviour.

[CalRobert]

You're getting downvoted, but it's an interesting idea. Violating the GDPR is illegal.

You can break your home country's laws when you go abroad and it's usually OK. You can smoke cannabis when you visit the Netherlands* from Ireland, for instance, and go back home to Ireland without worry.

Violating GDPR is illegal. It's acceptable to arrest people who do things that are against the law. And if, say, I write a lambda that runs hourly and violates the GDPR from my home in California, and then take a holiday to the Netherlands while the lambda is still running, should I be immune from arrest? The offense is still ongoing in that instance.

If we truly take privacy seriously then this should be treated like a crime. If I had something that scammed people in Europe and then holidayed in Europe I'd expect to risk arrest. Or is that somehow less important than violating people's privacy?

* (It's actually technically still illegal but that's a different story). Gedoofd is weird.

[yadaeno]

Arresting tourists for crimes they did not commit is hostage taking and could be considered an act of war.

The US is willing to prison swap terrorists with Russia, we definitely wouldn’t tolerate some EU country (that we spend billions of dollars defending) arbitrarily arresting tourists so they can hold a foreign company hostage.

[CalRobert]

What do you mean "did not commit"?

Anyway I think you're right that the US would strongarm EU governments in to getting their way (look at privacy shield, etc.) but I still think "you're allowed to continue breaking our laws that affect people in our country while you visit us because it happens to be running on a computer you left at home" is a weak defence.

[yadaeno]

We’re talking about xx million dollar dispute between allied countries, it’s not a reasonable method of conflict resolution to start throwing people in cages that work for x company until the EU gets their way.

> what do you mean “did not commit”

It’s standard around the world that employees are not held personally responsible for the crimes of the corporation they work for.

Edit: if we’re talking about an individual US citizen that’s found guilty in the EU, then the EU will go through the extradition process to have them arrested.

[Teever]

This isn't a dispute between the two countries, it's a dispute between the law enforcement of one country, and the people they're accusing of breaking the law from another country.

> It’s standard around the world that employees are not held personally responsible for the crimes of the corporation they work for.

Is it really so simple? Is all that the cartels missing to avoid persecution from the US gov't simply incorporating in their home state? Of course not.

Imagine that offered death by drones. You tell 'em who you want killed and they mail a package containing a drone that pops out and kills the person when it's delivered. Would it be reasonable to say "Yeah we can't arrest anyone from that company when they come to our country because they incorporated in another jurisdiction?"