Could be a person at an airport, a shipping container in a port, or an internet packet traveling down a series of intercontinental tubes to an isp. Result is still the same.
To do business in another country, you have to play by their rules. Literally nobody else on the planet gives a shit if it’s “an American company”. Hell, not even most AMERICANS give that much of a shit.
The EU is doing all they can here. They require EU citizens need a way to have their data deleted, within 1 month or after a response with specific reasons within 3 months.
This ofc makes companies act like this for accounts located inside the EU. Then further, every EU citizen outside the EU has a right to this too, so if a company chooses to geolock the deletion feature, all those outside citizens act as a minefield and strain on the system until they stop geolocking the feature.
This then means everyone (EU citizens or not) can manually contact support, both straining their system and making them look into making this process as difficult as possible. This will inevitably lead to them blocking actual EU citizens outside the EU, who can then sue them until they stop locking the feature and make it available to everyone. The company can’t just ask for some legal document proving citizenship either, since that itself would be a gdpr violation. So the end state has to be a system that everyone can use - EU citizen or not.
The EU can’t demand anything about non-citizens, so as I see it this is the best they can do, by demanding certain rights only to their citizens. The downside is it may take years and a few court battles, but the final state should be the law applying for all users.
FYI. its for anyone who is within the territory of the EU, not necessarily citizens. So if a EU citizen is outside the EU, these rights no longer apply (based solely on the location of the user. there are other factors which might give everyone the same rights no matter the location)
Theoretically, yes. (Art.3.2: https://gdpr-info.eu/art-3-gdpr/)
And because many compaies usually only have the IP as location information, a VPN should do the trick in most cases too.
Of course good luck enforcing your rights when you dont actually live there and the company ignores you…
They can’t send data from the EU to hoard in America in the first place and considering they have headquarters in Ireland and data centers all over the show it’s not like the EU does not have plenty of recourse.
What else can the EU do? They can’t force an American company to follow EU regulation outside of the EU.
In order to operate in the EU they must follow EU rules and part of that rule set is the GPDR which says an individual has the right to be forgotten.
“An American company” means very little when they operate outside of America.
“Im an american (company)!”
“so go back to America”
revokes domain access to country
Could be a person at an airport, a shipping container in a port, or an internet packet traveling down a series of intercontinental tubes to an isp. Result is still the same.
To do business in another country, you have to play by their rules. Literally nobody else on the planet gives a shit if it’s “an American company”. Hell, not even most AMERICANS give that much of a shit.
The EU is doing all they can here. They require EU citizens need a way to have their data deleted, within 1 month or after a response with specific reasons within 3 months.
This ofc makes companies act like this for accounts located inside the EU. Then further, every EU citizen outside the EU has a right to this too, so if a company chooses to geolock the deletion feature, all those outside citizens act as a minefield and strain on the system until they stop geolocking the feature.
This then means everyone (EU citizens or not) can manually contact support, both straining their system and making them look into making this process as difficult as possible. This will inevitably lead to them blocking actual EU citizens outside the EU, who can then sue them until they stop locking the feature and make it available to everyone. The company can’t just ask for some legal document proving citizenship either, since that itself would be a gdpr violation. So the end state has to be a system that everyone can use - EU citizen or not.
The EU can’t demand anything about non-citizens, so as I see it this is the best they can do, by demanding certain rights only to their citizens. The downside is it may take years and a few court battles, but the final state should be the law applying for all users.
FYI. its for anyone who is within the territory of the EU, not necessarily citizens. So if a EU citizen is outside the EU, these rights no longer apply (based solely on the location of the user. there are other factors which might give everyone the same rights no matter the location)
Does that mean I can go to Europe and be covered by GPDR?
Theoretically, yes. (Art.3.2: https://gdpr-info.eu/art-3-gdpr/)
And because many compaies usually only have the IP as location information, a VPN should do the trick in most cases too.
Of course good luck enforcing your rights when you dont actually live there and the company ignores you…
They can’t send data from the EU to hoard in America in the first place and considering they have headquarters in Ireland and data centers all over the show it’s not like the EU does not have plenty of recourse.