You should also know that hosting a service in the US without explicitly denying service to Europeans, and not abiding by the GDPR makes you liable to criminal prosecution in the US. US federal law has a version of GDPR that does not protect US citizens, just EU ones.
It’s very dry and boring legalese, but look up the EU-US Data Privacy Framework.
TL;DR: Biden signed a law last year letting EU courts enforce GDPR fines in US courts. It never happens because companies are not stupid and defend themselves in the EU courts.
It’s a recent edition of a string of increasingly privacy-favouring legislation attempts by the US to placate the EU about the rights of its citizens being respected abroad. The gist of it is that it is a US federal law signed into force by Biden last year, which makes it so that EU citizens have legal standing in US courts to enforce EU GDPR court decisions. There is not a lot of precedent yet, but that’s part of the point.
It precludes companies from using the loophole of not having any EU presence to evade fines and rules. Companies can and almost always exempt themselves from this by having an EU entity and subjecting themselves to GDPR directly, since if they get you through this, the EU court will already have tried and found against you, and the US federal court has little room to get you off the hook, because if they do, they risk Big Tech bottom lines by endangering EU-US data transfers.
You should also know that hosting a service in the US without explicitly denying service to Europeans, and not abiding by the GDPR makes you liable to criminal prosecution in the US. US federal law has a version of GDPR that does not protect US citizens, just EU ones.
Where can we read more about this?
It’s very dry and boring legalese, but look up the EU-US Data Privacy Framework.
TL;DR: Biden signed a law last year letting EU courts enforce GDPR fines in US courts. It never happens because companies are not stupid and defend themselves in the EU courts.
It’s a recent edition of a string of increasingly privacy-favouring legislation attempts by the US to placate the EU about the rights of its citizens being respected abroad. The gist of it is that it is a US federal law signed into force by Biden last year, which makes it so that EU citizens have legal standing in US courts to enforce EU GDPR court decisions. There is not a lot of precedent yet, but that’s part of the point.
It precludes companies from using the loophole of not having any EU presence to evade fines and rules. Companies can and almost always exempt themselves from this by having an EU entity and subjecting themselves to GDPR directly, since if they get you through this, the EU court will already have tried and found against you, and the US federal court has little room to get you off the hook, because if they do, they risk Big Tech bottom lines by endangering EU-US data transfers.