undefined | Better HN

0 pointsgrabeh7y ago0 comments

Laws are not always crystal clear in each case because to do so risks making them capable of being worked around (and of course in some cases they are just badly drafted - but I don't see this so much with GDPR). Laws are then subject to interpretation by the courts and by lawyers. If you're having issues with understanding laws, then you may need an expert to guide you, as in many areas of life.

Recital 23 of GDPR will give you insight into how your Zimbabwean guitar pick seller would be treated. If they are consciously offering picks to data subjects in the EU, either through specifically referencing EU data subjects, or through offering picks in EU currencies or tailoring the site for different European languages, then they are likely in scope.

Conflict of laws provisions are a separate point, however in various areas, the GDPR expressly states that legal obligations override GDPR obligations in various areas.

Whenever any company considers that a law may apply to them (whether as a result of operating in the country or because of the extra-territorial implications of certain laws, like GDPR) they generally take advice from local lawyers as to the implications or do independent research.

The regulation is obviously available and there is a host of interpretative guidelines issued by the Article 29 Working Party which will enable anyone with enough time and desire to understand the implications of compliance. I'm not sure what kind of assistance you're looking for here? It's incumbent on the party who wants to operate in a country/provide services to users in that country to understand the relevant laws.

If you disagree with the extra-territorial application of the GDPR then that's a separate issue. Bringing international tax treatment into the discussion is also not of relevance.

0 comments

dogma11387y ago

Yes laws are not crystal clear but you don't understand the problem because when laws are unclear in your country / union there is a clear channel to debate it which is the regulator and the courts this channels are not available to extra-territorial parties.

Add to that the fact that you now have laws enforced on you that you have no control on how they were written or are enforced because you are not part of the electorate that passed them.

International law is applied when 2 countries agree on a common set of rules in which case you have 2 representative electorates which are mediating an agreement.

The GDPR has no legal basis of application it's not part of any trade agreement or any other international agreement between the EU and other countries.

The claim that it somehow applicable is essentially tyrannical despite the intent of the law the means through which and the fact that people support it's universal application is terrifying.

What is even more terrifying is the likely means of enforcement which will be through the multinationals.

>The regulation is obviously available and there is a host of interpretative guidelines issued by the Article 29 Working Party which will enable anyone with enough time and desire to understand the implications of compliance. I'm not sure what kind of assistance you're looking for here? It's incumbent on the party who wants to operate in a country/provide services to users in that country to understand the relevant laws.

What are you even trying to say here? If I don't live in the EU, have no legal presence in the EU I have no means through which I must comply with the GDPR.

Mandating that I would create a local legal entity to serve as a proxy in a member state is a violation of existing trade agreements and WTO rules.

Enforcement of extra-territorial laws must be done through a process which is agreeable and understood by all parties.

>If you disagree with the extra-territorial application of the GDPR then that's a separate issue. Bringing international tax treatment into the discussion is also not of relevance.

This entire debate is about the extra-territorial application of the GDPR, bringing international tax treatment is super relevant because it's an established framework and it already establish things like localization which are critical for extra-territorial application that the GDPR must follow.

People really need to wake up and understand that the GDPR isn't about Facebook or eBay, Amazon or the likes it applies to them equally as it applies to your local dry cleaner or hair dresses which collect and process Personal Information as defined under the GDPR and are subject to the full extent of it's regulatory requirements.

What is more frighting is that through commerce of either tangible goods or services this regulation can be applied to non-EU entities in not only a extra-territorial fashion but in also extra-judicial one.

The reality is that either many small businesses or businesses regardless to which the volume of trade they have with the EU is less than the cost of compliance would likely be forced to stop offering services to EU consumers or switch to a proxy like well eBay or Amazon.

The scope of regulation like FATCA or SOX which were mentioned here as examples applies to institutions that can afford it and can handle it.

The GDPR applies to everyone equally, actually that isn't true if it applies to non-EU entities it doesn't apply equally it's much more costlier to them. If nothing else is then just by your ridiculous example "consult a lawyer" then a GDPR lawyer in Belgium or the UK would be fairly cheap since it's an established local law, to get the same level of advice and to get arbitration with a DPA in say Bolivia you can't go to an ambulance chaser you'll be limited to an international law firm. Not to mention that getting legal advice for such services can be achieved for free in the EU through the local DPA and or various organizations like Citizen Advice which provide legal assistance.

grabehOP7y ago

> What are you even trying to say here? If I don't live in the EU, have no legal presence in the EU I have no means through which I must comply with the GDPR.

I was responding to your point that there were zero channels to help non-EU companies to comply.

I’m really not sure on what resources you think are available to EU companies that are not available to non-EU companies? You would definitely not get GDPR advice at the Citizens Advice as they have more important matters to deal with. To the extent a local regulator would provide guidance to an EU company, I am certain they would also provide to a non-EU company looking to comply. You present it as a clear distinction between EU vs non-EU companies but that simply is not the case!

We can agree to disagree on the pros and cons of an extra-territorial law but don’t misrepresent the position in terms of help available to EU vs non-EU companies.

Also your point about hairdressers is nonsense. A non-EU based hairdresser is very muh out of scope of GDPR!

dogma11387y ago

Local DPA, local courts, local MPs, industry unions, EU MPs, EU high courts.

And please tell me how say I as a small merchant in any country outside of the EU can get in touch with them and get services from any of them.

Better yet please tell me how a lawyer in Mexico or the Philippines would be able to advise me on GDPR unless they are part of a top tier international law firm which operates in the EU and has experience with GDPR.

Please let me know to which non-EU bar associations were provided with materials and guidance and have conducted workshops and seminars in order to ensure that they would be able to provide legal advice on this manner by a DPA or any other EU regulatory agency.

>You would definitely not get GDPR advice at the Citizens Advice as they have more important matters to deal with.

Wanna bet? citizens information board (CA in Ireland) already offers such service (so does Citizens Advice Edinburgh), in the UK the ACF provides GDPR related legal council to foundations, a lot of other industry organizations offer similar services.

> I am certain they would also provide to a non-EU company looking to comply. You present it as a clear distinction between EU vs non-EU companies but that simply

They will not provide any service or information to you, in fact they are forbidden from doing so trying contacting an MP who isn't yours or an agency outside of your member state.

>We can agree to disagree on the pros and cons of an extra-territorial law but don’t misrepresent the position in terms of help available to EU vs non-EU companies.

There is anything to disagree about, this isn't about extra-territorial law this is about extra-judicial application of it which is tyranny since you are applying laws and regulation outside of the scope of international law and frameworks. The fact that you accept this as something good makes me think that the brexiters might have had a point.

>Also your point about hairdressers is nonsense. A non-EU based hairdresser is very muh out of scope of GDPR!

I think you should practice on your reading comprehension I'm in the EU on the 25th of May I am submitting a data access request letter to my dry cleaner (I like my hairdresser), Pristine Dry Cleaners just for the lolz and to show just how ridiculous it can be.

I know for a fact that they have my name, address and phone number since it was required during registration and I also know that their branch in East Finchley shares the same database as the one in Lancaster Gate since I've used both despite being different franchises so I really want to know who they shared those with.

1 more reply

j / k navigate · click thread line to collapse