| > GDPR (including the UK GDPR) is extra-territorial by design. > It applies _by design_ to anyone or anywhere processing the data of an EU or UK citizen. That is now how the law works. A court must have standing or jurisdiction or whatever word you want to use since you seem to think semantics are at the core of this issue here. > You already linked to the relevant part of the ICO's guidance but appear to have misunderstood it: you've inserted an extra requirement - that it requires taking payment. No, that's UK case law. Basic law 101. That is what the legal definition of goods and services is within the UK. If you don't understand that there are legal definitions for things then we're at the crux of your complete misunderstanding of law. And really we won't get anywhere. >Wordpress.org (and more so the associated services - slack etc) being available and (more importantly) collecting and processing data is offering a service. Not under UK law. UK law defines a service as something that is being paid for. This is hundreds of years old. You would be heavily rebuked by a judge if you tried this nonsense in court of trying to redefine hundreds of years old case law to suit your opinion. > Being able to enforce is (as I've already said) an entirely different kettle of fish. No, that's the entire point. THE ENTIRE POINT. A court will not take up a case where it can't do anything. Quite simply, your entire argument fundamentally depends on you not understanding UK GDPR, GDPR, or even basic law fundamentals. |