Hacker News new | past | comments | ask | show | jobs | submit login

1) GDPR applies to EU citizens only 2) Nothing to do with EEA.



> 2) Nothing to do with EEA.

This is not true either. GDPR will apply to all of the EEA, like most EU regulations: https://planit.legal/blog/en/the-applicability-of-the-gdpr-w...


GDPR applies to all EU residents, not just citizens.


> 1. A Data Subject under GDPR is anyone within the borders of the EU at the time of processing of their personal data. However, they can also be anyone and anywhere in the context of EU established Data Controllers an Data Processors.

It's not even resident, the bar is far lower. A US resident on holidays to europe is covered.

See https://cybercounsel.co.uk/data-subjects/ (linked in a sibling comment)


How is this enforced? For facebook, let's say, is all I have to do is change my country from a non-European country to a European country, and I'm good? Because that is a fairly easy line to cross.


To be a resident you have to provide proof that you actually live in a country.

The US commonly accepts utility bills in your name. The EU most likely requires you to have a residence permit.

Edit: that said, GDPR may still cover you while you are within the EU borders: https://news.ycombinator.com/item?id=16751963


You can't generalize residency like that. It depends.

In the EU laws on residency are different for each member state.

You become US tax resident based on the significant presence test without presenting any proof

You become a legal permanent resident in the US when you get a green card.

Proof of residency is only required in US states that follow REAL ID act which California only started conforming to this year.


Is it? I ask as an EU citizen residing in the US. I thought it was based on IP and possibly verifying your residence?


I've asked about this before in another thread but didn't get anything useful for me. How can I get the benefit of being a EU resident, with respect to GDPR, while not physically being in the EU? What I'm asking for may probably sound like a fraudulent thing, but I value my privacy a lot, and if there are any steps I can consider to make myself come under GDPR (without moving to the EU), I'd like to know.


Using a VPN to connect to a location in Europe might work, if the company uses IP address to check whether a user is in the EU.

Of course, Facebook has other options (many users just tell them where they live, you can even fill out an address) so you could try claiming to live in the EU there, too.


> many users just tell them where they live, you can even fill out an address

That won't be sufficient. If you're living in Antarctica and are on a summer holidays on an austrian glacier, you're covered by the GDPR.


Which is particularly interesting for me the next couple of election cycles, as I am a US citizen registered to vote back in the last place in the US I resided - and live in Germany, which was notable for its data protection laws even before GDPR.

I might have a moral obligation to use Facebook again.


>1) GDPR applies to EU citizens only

This is not true. https://cybercounsel.co.uk/data-subjects/


How does that work for folks like myself who have multiple nationalities? I live in the United States but am also a French citizen.


> How does that work for folks like myself who have multiple nationalities? I live in the United States but am also a French citizen.

Being a French citizen living in the United States is not having multiple nationalities, only one (French).


I'm also a US citizen, but didn't specify since it didn't seem relevant.


The statement is incorrect. GDPR applies to collecting data about people in the EU. Citizenship is not a factor.


Oh? Do you have a source that's unambiguous about this? Thanks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: