No, you are required to comply with the laws of any country you do business with. This applies to any type of business, and I don't see why "it's on the internet" appears to be the main counter-argument.
If I buy something from you (via snail-mail or on the internet) and it doesn't follow the requirements of the consumer law in my country, I can ask you to comply with the laws of my country. If you refuse, I can report you and you will be fined (if you don't pay, then you can have your right to do business in my country revoked). In practice most cases won't escalate that far, but the principle is the same.
Because by default any web site has, in the past, been open to people from any country that doesn't censor the web.
Regulations like GDPR are making doing business in more than one country more difficult and encouraging a Balkanized web.
This has never been true since the internet was international. You have always had to comply with laws of countries you interact with, it's just that most people who ran internet businesses decided to ignore the law (just try hosting some copyright or patent infringing content on the internet and see how long it takes to have legal action applied, even if you aren't a resident in that country). And, despite the ethical questions about censorship, censorship is usually done through the laws of a country (for instance in Germany). So complying with censorship requests (or having your entire site blocked) is actually an example of complying with laws of other countries.
The world is made up of sovereign nations, and businesses that wish to interact with other sovereign nations must obey the restrictions that the both nations place on that interaction. If you don't like it, then don't do business with that nation. I cannot think of another industry where this concept is seen as foreign -- it's a very fundamental part of how the world has been structured for thousands of years. Just because it's much easier to conduct businesses overseas than it was 200 years ago doesn't change the fundamental properties of what you're doing.
And the cost of regulation, which used to be negligible compared to the cost of the enterprise itself, has now become a significant barrier for small businesses.
You might not think the costs are fair (and in practice that should be taken into account by regulators, to avoid removing all international trade and thus losing the benefits), but that is not really justification for arguing that this is a departure from how things have always been. Nor is it justification for arguing that you shouldn't care about the laws of other countries you do business with because you don't live there (which is what GGGGP was insinuating).
Just think of what China would do to the Internet if it could.
Unless you want to business with another country, in which case you need to follow the laws of that country when you conduct that business. Which is what I've been saying the whole time.
> Just think of what China would do to the Internet if it could.
If you want to provide a service to China you need to follow Chinese laws or they will block you using their firewall. China is a (not very nice) example of how a country has the right to decide who it does business with -- if you won't help them conduct surveillance of their citizens then they won't do business with you and will block you from doing business with their people. You might not agree with their laws or how they act, but it is their right as a sovereign nation to create their own laws.
I never said you need to follow the laws of every country in the world, and I really don't understand how so many people are reading that out of what I said (and keep saying). If you want to do business with a country you will have to obey the laws of that country. That's the way international trade has always worked.
Prove that.
Because that's not how "the law" works. I am Canadian, my business exists only in Canada, and there are only two types of laws that apply to me. Canadian laws, and treaties that Canada has signed on to comply with.
No other country in the world can just make some "arbitrary" law that affects me. Unless my country agrees. And to my knowledge, Canada has not signed a treaty with the EU regarding enforcement of the GDPR.
If you decide to sell a couch to someone in America, you have to comply with American tax laws, American import and customs laws, American consumer laws, American patent laws, American copyright laws, American trademark laws, and any other laws involved with doing a financial transaction with someone in America. The same logic applies for Australia, the United Kingdom, Germany, Belgium, South Korea, Japan, etc. Pretending otherwise is naive, and if you don't believe me then try to sell something patented in America to an American.
The key question is what happens if you break those laws. In most cases you will be given a fine, and if you don't pay then you will no longer be allowed to sell goods to consumers in that country. If you continue to break the law then you are probably breaking an international treaty on border control or customs, which means that you could be extradited or tried in your own country. Some of the laws I mentioned above are mediated through international agreements, but the fundamental point is that if you break their laws they can place sanctions against you to stop you from doing business with them.
Of course, for a couch business things would probably never reach that level. And for an internet business you probably would just be IP blocked or something similar.
> No other country in the world can just make some "arbitrary" law that affects me. Unless my country agrees.
But it only affects you if you make the positive decision to do business with a country that has those laws. If you don't decide to do that, then you don't have to follow those laws (obviously). You can't have it both ways though (the benefit of having access to a market without having to follow the laws of that market).
In the case of enforcement you're right that they wouldn't have the right to compel to you to pay a fine, but they can in theory place sanctions against you. So if you continue to do business with sanctions in place then there is a process for extradition through international treaties.
A foreign country could arbitrarily decide I owed them a certain fine, or was no longer allowed into their country, or that they didn't want to allow my products into their country, at any time, whether or not I followed their laws.
In my daily life I've done, and continue to do, things that are illegal under e.g. Iranian law. That's fine and normal - I have no obligation to comply with Iranian law. Iran can make its own decisions about whether e.g. I'm allowed to enter their country, but that would always be the case.
If you sell electronics that are a fire hazard, you can be punished for breaking consumer laws. I mean, for an extreme example, if you sell an illegal substance in America from overseas you can be punished for breaking those laws too.
every country has the right to enforce it's own laws within it's own borders. you don't get a pass to do whatever you please in another country without their permission.
edit: i noticed "my business exists only in Canada"
if you mean to say you aren't doing business in another country than what you've written isn't speaking to the point of "you are required to comply with the laws of any country you do business with"
I never said that you have to follow the laws of the country of nationality of your clients. That'd be a ridiculous thing to say, and I'm not sure why you're arguing against that particular strawman (the GDPR only talks about EU residents and doesn't mention EU citizenship at all).
The EU is primarily leveraging the fact that most everyone wants to travel to the EU eventually.
While you in your home country you have no need to comply with the GDPR unless a treaty between your home country and the EU exists to mandate it.
The EU is also leveraging their trade agreements.
What they don’t understand is that China is next and they have totally diametrically opposed views on consumer privacy. But when has the EU ever been farsighted?
The US is quite opposed to extrajurisdictional law enforcement which is why they don’t sign onto things like the International Criminal Court.
Unless you wish to do business with that country, in which case you need permission from that country in order to do business with its residents. If you break their laws they can place sanctions against you, and if you find a way to break those you can theoretically be punished legally through extradition.
If you don't do business with those countries then you're off the hook. Obviously.
Just look at the recent Project Gutenberg copyright lawsuit for an example of how breaking the law of a country you are not in can cause you legal troubles.
