Is your argument that someone else in the business should care or is your argument that EU visitors should not have rights to their data because it is inconvenient to you? Depending on your arrangement, if you are a reseller for example, you probably are not responsible for what that software does with your customer's data.
Also, burger shops that do business in EU(usually chains, McDonald's and Burger King) do care about the EU food regulations, why shouldn't they and why shouldn't you? You are aware that McDonald's isn't steamrolling in the EU, right? They do follow the EU food regulations. And no, you don't have to be a big company to sell burgers in the EU, we have plenty of local independent burger shops all over the continent.
Burger shops IN the EU are a completely different thing.
My primary argument is that the GDPR's attempt to regulate companies in other jurisdictions because EU citizens go INTO those jurisdictions and do business is a dangerous precedent. If there was an enforcement mechanism for all such laws, it implies that any business or individual anywhere in the world with a website should therefore have to comply with any laws from any jurisdiction that are similarly constructed.
If my website says things about Islam that Saudi Arabia passes a law against, I should be fined.
If my website disrespects the king of Thailand, I should be extradited for imprisonment.
If I encourage NK citizens to revolt against their oppressive regime, I should end up in a labor camp.
After all, those governments have a right to say that if I want to "do business in their jurisdiction", I must respect their laws, right?
(To be clear, I'm not talking about enforcement of these kinds of laws, because all of those countries might do the above if given the chance. I'm talking about what I SHOULD do as a matter of morality or ethics or civic duty or whatever, or what my government should cooperate with those governments on, because it's just.)
But the problem is that they're describing "doing business in their jurisdiction" as a citizen from their country (maybe even one who is currently visiting my country) going online and sending my server requests, data, and money. And apparently explicitly telling those citizens to please NOT do that, or blocking them, is not sufficient. The only way to make the majority of the EU users on HN happy is to comply. Why would that same logic not apply to all other kinds of laws?
So do you argue that businesses that do business over the internet should be subject to the laws where the business is legally based?
So, do you say that EU businesses should be able to operate in the USA but according to the EU laws and without any consideration to the US laws?
Or is your arguments something else, something selfish like all online businesses should operate according to the US laws or something like online businesses should not be bound by any laws whatsoever? Or something else?
So, do you say that EU businesses should be able to operate in the USA but according to the EU laws and without any consideration to the US laws?
If by "operate in the US" you mean that they are based in the EU and allow US residents to visit their website and purchase from them, then yes, absolutely. Why would it be any other way?
I just don't see how the alternative works at all. Why couldn't some city in France pass a law that if a citizen of their city buys something from your site based in Hong Kong, you owe that city a tax of $50k. That's obviously ridiculous and not enforceable, but why is it not based on the same underlying legal theory that a business is bound by the laws of jurisdiction where visitors or customers to their site originate from?
Well, "HQ based law" not the case and it's a much larger discussion that doesn't have anything to do with the GDPR or EU.
The USA too is going after foreign companies doing business with Iran or Cuba. The USA is not happy with cryptocurrency ICO's and it's enforcing it. The USA is forcing the world to respect DMCA.
The taxes are also an issue, even within the USA doe to different VAT in different states.
These are topics that have been in discussion since the beginning of the internet and the dust is just settling and the solution is not simple as "You obey to the laws according to the country you're based in". It's a huge huge topic.
Edit: And FYI, many countries do enforce a tax on foreign purchases. For example, Turkey will be forcing American internet giants to charge VAT to its Turkish clients and transfer that VAT to the Turkish government. Countries want to collect taxes, you can't really get away with "I am an American company so I operate tax-free" argument. Politicians will work out an arrangement like "I will make your tax law enforceable on my companies if you let me use your military base and purchase weapons".
You don't have to convince me that the US tramples on the sovereign rights of other countries just because it can.
The tax situation is a good example. Historically, sales tax has not been able to be levied by states against companies just because they have customers in that state. They have to have physical "nexus" in that state as well. There are a number of states trying to do an end run around that right now with "economic nexus", which will probably end up in the Supreme Court at some point.
Many countries try to say that VAT is due, but their ability to enforce is pretty limited. If you run a small business online and you WANT to pay attention to every single global tax jurisdiction and send them whatever tax they say is due, go for it. But if you don't, the practical reality is that there's nothing they can currently do about it.
I do agree that these issues are complicated and that the Internet has thrown a monkey wrench in a LOT of legal precedent in ways that will need to be sorted out.
I just don't think the GDPR is the right framework. Data privacy may be a human right, but so is democratic representation, and having governments all over the world pass laws that they say apply to my company is unjust.
Anyway, it boils down to enforceability. EU is a huge entity and probably will be able to enforce the GDPR by forcing payment systems and gatekeepers like Google and Apple that legally operate in the EU not to do business with businesses that do not respect GDPR. Maybe it will be a bargaining point in some trade talks between other countries and the EU and EU will insist that the countries will help with the enforcement of the GDPR in exchange for something that other countries want from the EU.
As long as we don't live in some kind of libertarian anarchy world order, these things will be determined by the politicians.
> So do you argue that businesses that do business over the internet should be subject to the laws where the business is legally based?
Well, duh, businesses are subject to local laws! That is not an argument, but a fact. Don't take my word, ask your friendly lawyer.
What is your alternative? That online businesses are subject to the union of all the laws of all the countries whose citizens can reach them?! That's ridiculous. Do EU businesses follow Iranian regulations?
Of course, if they want to do business in Iran. The same goes for every company and country. Don't you believe me?
Go to your iPhone's Settings-> General -> About -> Legal -> Regulatory
There you'll see which regulation Apple follows. Despite being an US based company, Apple complies with the regulations of Canada, Europe, Japan, Singapure, Russia etc.
How do you even imagine that a company will be doing business in one country byt will be excepted from the regulations because it's based in some other country? That would not be possible, companies would simply move to the least regulated place with the lowest taxes. Oh and they do that wherever possible(i.e sell to EU from Ireland).
Also, burger shops that do business in EU(usually chains, McDonald's and Burger King) do care about the EU food regulations, why shouldn't they and why shouldn't you? You are aware that McDonald's isn't steamrolling in the EU, right? They do follow the EU food regulations. And no, you don't have to be a big company to sell burgers in the EU, we have plenty of local independent burger shops all over the continent.