[kube-system]

If you are in the US you must ensure that your local company, and any sub-entity you control abroad complies with sanctions law. That is US law, and the US can apply that law to Dell the parent company, because it is in the US and controls the subsidary.

> I can buy Jack Daniels at age 19 in my country from their local subsidiary, and no-one thinks that this should be a crime for their US parent company because the US drinking age is higher.

Because there is no US law that says you cannot sell alcohol to people abroad under 19. Heck, there's no US federal law that says Jack Daniels can't sell to people in the US under 19, either. And in fact, there are some places in the US where you can legally drink at 18, e.g. Puerto Rico. But if the US congress wanted to pass one of these laws and enforce it, it could.

[lmm]

US sanctions law saying that you must not transfer X from the US to Iran, directly or indirectly, is reasonable. US sanctions law saying that you must not transfer X from Brazil to Iran is gross overreach. Yes, of course the US can apply its absurdly extraterritorial laws to any parent company in the US, just as Iran could penalise any Iranian company whose US subsidiary distributed a depiction of the prophet or whatever, but that doesn't make it good law or good practice.

[kube-system]

That's a fair opinion to have.

But the US isn't really unique in applying their laws extraterritorially. See GDPR, Universal jurisdiction laws, China's National Security Law, etc... Every jurisdiction with sizable power does it. Some of these are even more extraterritorial in scope than US sanctions are.

[lmm]

> GDPR

Only applies to EU citizens' personal data, so while technically extraterritorial it doesn't feel like overreach in the same way.

> Universal jurisdiction laws

Rightly controversial when applied beyond things that are internationally agreed to be crimes against humanity, like torture or genocide.

> China's National Security Law

A perfect example of the kind of thing that the US used to define itself in opposition to.

Nations are sovereign and those with the might to push their requirements on others can do so. But I liked it better when we had a sense of the value of an open international order, where things like internet protocols were shared standards that everyone would collaborate on other than a handful of pariah states.

[kube-system]

The difference between any of these is just a matter of opinion on what sovereignty means, what or who or where it applies to, what is a “human rights violation”, and who has the bigger britches to back it up. /shrug

[lmm]

Meh. You can fall back on might makes right and a Hobbesian war of all against all, or you can recognise that the Westphalian system has brought immense value to humanity and is worth trying to preserve and build on. There will always be disputes about how to extend our principles into new domains, but that doesn't mean those disputes are insoluble or that a few disagreements mean we should tear down the whole project.

[M2Ys4U]

>Only applies to EU citizens' personal data

That's not true.

The GDPR applies to the personal data of anyone physically in the EU, to the extent that the data are processed[0] while they are in the EU.

It also applies to the personal data of anybody anywhere in the world if the data controllers are based in the EU.

The reason why it's different to US sanctions/export controls is that the GDPR doesn't say you can't work with certain people in certain circumstances because of who they are in order to punish those people for whatever reason. It's fundamentally to protect the data subjects.

[0] which includes collection of said data