Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No. EU laws/regulations dont't apply outside its jurisdiction. GPDR will affect Facebook, Google etc. just because they are operating in EU market[0]:

"This won't apply to every U.S. business — just the ones that are knowingly, and actively, conducting business in the EU. In this vein, EU courts have the discretionary ability to determine if a U.S. company was purposely collecting EU resident data and subverting GDPR compliance."

0. https://community.spiceworks.com/topic/2007530-how-the-eu-ca...



I respectfully disagree. As you can see at [0], quote, "as [the GDPR] applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location [...] Non-Eu businesses processing the data of EU citizens will also have to appoint a representative in the EU."

edit: This means it applies to EU citizens regardless of where the processor is located and to non-EU citizens if they are currently in the EU

0. https://www.eugdpr.org/the-regulation.html


Yes, but I'm sure this will only be valid for big enough companies (read serving millions of EU citizens) as it's subjective what "processing the data of EU citizens" actually means. It's not realistic to expect every minor mom&pop eshop or minor online service worldwide to appoint a representative in the EU. Furthermore, enforcing these rules will highly depend on international relations as it's outside of EU jurisdiction and it can only reach non-EU companies by collaboration and signing treaties with other governments, so this means USA and maybe Canada, but I highly doubt to see companies from China or Russia etc. to be held accountable.


>Yes, but I'm sure this will only be valid for big enough companies

Not really, the wording is quote clear. As is "processing the data of EU citizens".

I doubt any minor eshop or online service will appoint a representative, they will however still have to conform to the GDPR rules.


Well, only time will tell, I just relayed what I've heard from people much more knowledgeable in this area than me. How I understand this is that if you serve many enough EU citizens, please be kind, open a branch in EU or at least send a representative, because you are de-facto doing business here. Mainly this is to avoid situations where, for example Facebook, closes its EU offices and pretend to have no EU presence (and no need to abide EU regulations) despite hundreds of millions EU citizens use their services.


Wonder how long that'll last what with the US intent on applying it's laws and regulations outside its jurisdiction.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: