The regulation applies if the data controller, an organisation that collects data from EU residents, or processor, an organisation that processes data on behalf of data controller like cloud service providers or the data subject (person) is based in the EU.
The regulation also applies to organisations based outside the EU if they collect or process personal data of individuals located inside the EU. According to the European Commission, "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."
Massachusetts is attempting to promulgate sales taxes on out of state Internet purchases using similar logic applied to cookies [0]. It seems that all it takes is nouns being put on these things, for that parasitic ambient authority to attempt to jam itself in.
Having said that, as a USian, it seems like it's at least possible for EU regulation to have its intended effects (/me glances at uUSB connectors on everything). So, especially because I bear no responsibility for its existence, I'm cautiously optimistic that the GPDR will do some good pushing back against the surveillance industry, rather than simply being yet another tool to strip individuals' freedoms away.
[0] Hey, maybe if it holds up in court, it will spur development and adoption of browser-based nym management!
Per US federal law, retailers are only responsible for collecting a given state's sales tax if they have a physical presence in that state. The legal theory specifically relies on considering the cookie on the user's computer as a physical presence in the state.
Third example: many countries prosecute their citizens for child pornography, even if the crime happened outside their borders (https://travel.state.gov/content/travel/en/international-tra...: ”U.S. citizens are subject to the laws of foreign countries. Furthermore, some laws are prosecutable in the United States regardless of local law”)
If I am in my country, I am only bound by the laws in my country. Sure I can piss off another country (violate their blasphemy laws for example) and then I better remember to not go there.
I can't imagine the US is going to extradite anyone for violating the GDPR, but there is no principle barring it. Kim Dotcom's case is probably of interest here.
In the case of the US, you are incorrect. The US Constitution is the supreme law of the land, having a extradition treaty changes nothing. Kim was not in the US, and "we" pulled strings to get to him in NZ. I'm not arguing that was right (it was not!) but that's a NZ problem. No US court is ever going to extradite a US citizen for _not_ breaking a US law. This goes directly to why we have the 2nd.
If you claim otherwise, I would appreciate an example.
Then move on to what juries are, and what peers are.
In the US we have 3 boxes, the ballot box, the jury box, and the ammo box. It's a beautiful system. I realize it might be hard to understand that we are not chattel, and make our own laws, but that's the way it is.
You are making an extraordinary claim, that a US citizen can be extradited for _not_ breaking a US law, the burden is on you.
If you think "the statue" in "words of the statute" means a foreign law I really cant help you since you gotta start redefining what "the" means at that point.
OK, well, if your exegesis of the Constitution begins with citing the Declaration of Independence and includes rants about armed insurrection, I think it's safe to say it's not that well thought out.
Armed insurrection is exactly why the US exists and is not subject to foreign law. Labeling discussion of that a rant does not distract from your failure to back up an unprecedented claim. /rant
There's nothing really "unprecedented" about it -- the whole premise of extradition is handing someone over for violating foreign laws, not violating US laws.
I said: "Extradition for? Doing something that is legal in my country while in my country?"
You said: "Yes, that is possible."
Please provide some precedent for your assertion.
To extradite someone, you must first arrest them. In the United States, to arrest someone, you must have probable cause that that person violated a US law[0].
In every case you are going to be able to find, the person wanted by the dest country was either:
a. In that country when they broke the law (which is a different subject with plenty of caveats).
b. Violated US law and the foreign law while in the US (also a different subject).
The ongoing talks about extraditing Fethullah Gulen to Turkey for his supposed role in the Turkish coup while he was in Pennsylvania seems like a counter-example to me. There is a lot of political back-and-forth over whether that should be done, but I don't see anyone claiming it would violate the Sixth Amendment to extradite him.
First, that has not happened. Second, would it really be so hard to support your claims with sources? If the guy gets extradited, he's going to first get charged with a US crime.
Don't you find it a bit odd that you keep making claims that you can not or will not support? Is a (non) reference to something that has not happened all you are willing to provide? To extradite someone from the US, you must:
1. Have probable cause to arrest them.
2. Arrest them.
3. Convict them.
4. Extradite them.
Why don't you just say "how extradition actually works"?
Here you go, my friend. I welcome you to find the part of this where it says that someone being extradited has to be found guilty of violating US law or that they have to be convicted before being extradited. As you can see here, the requirements actually have to do with what treaties say and whether there is probable cause (a much lower standard than a conviction).
He is not a US citizen, so he is not a example of what we are talking about. I'll not go into Habeas Corpus, but you might be interested in how that works, even for him.
Also, the first paragraph of the second link says "(other than citizens, nationals or permanent residents of the United States)". Wikipedia is never a source, but it's correct here.
US Citizens, in the US, who have not violated US law, are not subject to the laws of any other country. That's the point of having sovereignty.
IANAL but I agree. If an entirely US based company was found guilty in a court of law in the EU, but has no business interests in EU, and has no assets of any kind, then the most the EU could do is ask the US politely to do something about the company FOR THEM. the US would have no requirement (unless there is some treaty around this I'm unaware of) to do anything about it.
If they had assets of some kind in the EU country, they could capture those assets presumably.
But from what I understand with the GDPR at least at the beginning of this, is the EU govt will first try to work with the company to help them comply, before going to such drastic measures as courts and seizing assets.
I imagine the large giants like Facebook, etc will just negotiate through their army of lawyers to minimize the effects of GDPR as much as possible, and delay as long as possible. Before ultimately implementing ~ 1/2 of the best intentions behind the GDPR in about a decade or so.
But countries decide who to punish for what. One thing might not be unlawful in your country, but in another, and that other country can try to go after you.
That fact is rather boring and well-established. What matters is how the other country enforces the punishment.
The thing is, the EU doesn't have sovereignty outside of Europe. If I actually have presence in the EU, or do business with the EU, that's one thing. But they can't tell some rando with a blog living in Boston to delete comments any more than North Korea can pass a law banning making fun of Kim Jong Un in Berlin. They can huff and puff, but at the end of the day they just don't have the authority.
Any jurisdiction can "tell you things" and judge you, even if it's not your own.
Admittingly, without cooperation with your jurisdiction, the EU jurisdiction cannot enforce a meassure if you don't have any presence under EU jurisdiction. However, if your jurisdiction cooperates with the EU jurisdiction, or if you eventually have some kind of presence in the EU, like traveling, they can go after you.
The regulation also applies to organisations based outside the EU if they collect or process personal data of individuals located inside the EU. According to the European Commission, "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."
https://en.wikipedia.org/wiki/General_Data_Protection_Regula...