> Because by default any web site has, in the past, been open to people from any country that doesn't censor the web.
This has never been true since the internet was international. You have always had to comply with laws of countries you interact with, it's just that most people who ran internet businesses decided to ignore the law (just try hosting some copyright or patent infringing content on the internet and see how long it takes to have legal action applied, even if you aren't a resident in that country). And, despite the ethical questions about censorship, censorship is usually done through the laws of a country (for instance in Germany). So complying with censorship requests (or having your entire site blocked) is actually an example of complying with laws of other countries.
The world is made up of sovereign nations, and businesses that wish to interact with other sovereign nations must obey the restrictions that the both nations place on that interaction. If you don't like it, then don't do business with that nation. I cannot think of another industry where this concept is seen as foreign -- it's a very fundamental part of how the world has been structured for thousands of years. Just because it's much easier to conduct businesses overseas than it was 200 years ago doesn't change the fundamental properties of what you're doing.
The fundamental properties of doing business overseas have changed. What used to be a prohibitively expensive enterprise is now within the reach of everyone.
And the cost of regulation, which used to be negligible compared to the cost of the enterprise itself, has now become a significant barrier for small businesses.
The costs of compliance are not a fundamental property of doing international business (after all, governments can change the cost of compliance or make it cost nothing). The fundamental properties I was referring to are that you are transacting with another nation state's people, and you have no fundamental right to do business with them unless that other nation grants you permission. Just because it is easier to do such business without permission or oversight doesn't change that you are doing the same type of business.
You might not think the costs are fair (and in practice that should be taken into account by regulators, to avoid removing all international trade and thus losing the benefits), but that is not really justification for arguing that this is a departure from how things have always been. Nor is it justification for arguing that you shouldn't care about the laws of other countries you do business with because you don't live there (which is what GGGGP was insinuating).
It is a departure from the way things have always been online.
The EU can certainly demand that web creators jump through hoops, but then they can hardly complain if creators outside the EU decide that interacting with the EU isn't worth the trouble.
Nobody is forcing people to do business with the EU. If you don't like the laws in the EU, then you don't have to do business with the EU. Simple as that.
(My whole point is that a lot of people arguing about GDPR want it both ways, and don't see that it's not strange that countries have rules for doing business with their residents.)
That is not true. You do not need to comply with any country’s laws except the one you reside in, except for treaties by your home country that say otherwise or your desire to travel abroad.
Just think of what China would do to the Internet if it could.
> You do not need to comply with any country’s laws except the one you reside in.
Unless you want to business with another country, in which case you need to follow the laws of that country when you conduct that business. Which is what I've been saying the whole time.
> Just think of what China would do to the Internet if it could.
If you want to provide a service to China you need to follow Chinese laws or they will block you using their firewall. China is a (not very nice) example of how a country has the right to decide who it does business with -- if you won't help them conduct surveillance of their citizens then they won't do business with you and will block you from doing business with their people. You might not agree with their laws or how they act, but it is their right as a sovereign nation to create their own laws.
I never said you need to follow the laws of every country in the world, and I really don't understand how so many people are reading that out of what I said (and keep saying). If you want to do business with a country you will have to obey the laws of that country. That's the way international trade has always worked.
When the business is being conducted outside the EU but the EU is enforcing GDPR, it is a problem. The GDPR is specifically written for extrajurisdictional enforcement which is a big change in the world of laws.
I am just saying that the EU will not be the only jurisdiction following this model. Be prepared.
This has never been true since the internet was international. You have always had to comply with laws of countries you interact with, it's just that most people who ran internet businesses decided to ignore the law (just try hosting some copyright or patent infringing content on the internet and see how long it takes to have legal action applied, even if you aren't a resident in that country). And, despite the ethical questions about censorship, censorship is usually done through the laws of a country (for instance in Germany). So complying with censorship requests (or having your entire site blocked) is actually an example of complying with laws of other countries.
The world is made up of sovereign nations, and businesses that wish to interact with other sovereign nations must obey the restrictions that the both nations place on that interaction. If you don't like it, then don't do business with that nation. I cannot think of another industry where this concept is seen as foreign -- it's a very fundamental part of how the world has been structured for thousands of years. Just because it's much easier to conduct businesses overseas than it was 200 years ago doesn't change the fundamental properties of what you're doing.