Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

this isn't correct, and i wish it would stop being repeated on HN. if you don't target/do business with Europeans specifically, there is nothing to comply with. what jurisdiction does Europe have?

however, a lot of "small", local news organisations are actually owned by huge (multi-national) corporations. they might work hard to preserve that small appearance, but do have a reason to fear the GDPR.



> if you don't target/do business with Europeans specifically, there is nothing to comply with. what jurisdiction does Europe have?

Because as you said yourself, they're part of a large organization that DOES do business with Europe, but that part of the business doesn't get any money from Europe, so there is no reason for that part of the business to go to the effort of complying.


sure, if they do business with Europe, they should be complying with the laws. i don't think that's controversial.

you said "local news organizations", and i was simply pointing out if that is what they truly were, they wouldn't have to comply. so i think we agree?


What does "doing business" mean here? I've read Recital 23 and at best it is vague and seems up to the discretion of the various member states.

It would be a great service to everyone if the EU could clarify which type of sites do not have to comply. Otherwise, you can hardly blame organizations that it would be cheaper to block EU traffic than even just to pay a lawyer to try to figure out of GDPR is applicable.


It is vague; I believe this is an issue of trying to apply a US law perspective to Europe (common law vs civil law). The main problem with letter of the law interpretations is they go out of date quickly, and there might be significant loop holes - so they didn't do that. Do you think it's possible to come up with a definitive list of "type of sites" that don't have to comply? Might be tricky.

And I definitely don't blame organisations blocking EU traffic; it's at least an honest admission they won't protect your privacy. (Although it may not be a decision of the site itself, I'll get to that in a second.)

Recital 23 is spot on though. Can a New Hampshire-based local news site be said to offer goods or services to members of the Union? It sure sounds like you could say "no" in good faith (which is a defence, IANAL etc).

Can the same be said for either a huge multi-national, or trackers and ad-flinging networks a local site might use? Probably not...


Even for a truly local news org, it might make more sense to just block Europeans then allow them, because Article 3(2) of the GDPR, which gives the EU extraterritorial powers to prosecute.

While it's never been tested, there is a good chance the USA would cooperate with an extraterritorial prosecution, and so it's easier to just avoid it altogether by blocking Europeans.


GDPR also apply to websites that process personal data to "monitor behaviour" irrespective of whether they target or do business with EU residents as long as the person being monitored is within the EU. So your claim is also incorrect...


They might use an ad network that automatically provides geo-targeted ads to Europeans. I'm not sure if that would qualify at targeting/doing business with Europeans under the GDPR, but it wouldn't surprise me.


The GDPR does not prohibit showing an ad to someone on the sole basis that they live in a particular country.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: