undefined | Better HN

0 pointsM2Ys4U5y ago0 comments

>Any EU citizen in our out of country has their PII protected by EU law, regardless of who processes that data.

No, that's wrong.

First of all, the GDPR does not take in to consideration citizenship, at all. The Regulation targets location rather than nationality. In other words, if either the data subject or data controller are in the EU/EEA then the GDPR applies, even if the other party is not in the EU/EEA (The UK GDPR is the same, but replace "EU/EEA" with "UK").

Secondly, the GDPR regulates the use of Personal Data, not PII. PII is a US legal term and has multiple definitions. Personal data is a broader concept than PII.

0 comments

1 comments · 1 top-level

varispeed5y ago

There is coming terreg law (already passed and will be implemented within a year) that specifically targets citizenship rather than location. https://decoded.legal/blog/2021/04/the-eus-terrorist-content...

j / k navigate · click thread line to collapse