Hacker News new | past | comments | ask | show | jobs | submit login

The JS file creates cookies, which would break GDPR I am guessing.



The GDPR lets you set as much cookies as you want. They are mostly an irrelevant implementation detail.

The GDPR will however care that your traffic passes through GoDaddy, no matter if they set cookies or not. To be more precise, the GDPR will consider GoDaddy a processor of your data and you as a controller will need a proof from all your processors that they process data in a GDPR compliant way.

In practice, most european web hosting companies set up a web page somewhere that gives you this proof, and will,for a small payment, give you a signed, printed copy of this page. For most small to medium sites, either option will do.


While this seems pretty terrible in general. The GDPR is generally irrelevant. A large amount of websites will never need to even think about GDPR. If anything there is an over reaction complying to a law that will never be applicable.

GDPR matters to the EU. It doesn't apply elsewhere.


It matters to EU citizens. We are everywhere.


I'm sure it matters to you, but as a rule it doesn't apply to you if you reside outside the EEA.

It applies to "an enterprise established in the EEA or—regardless of its location and the data subjects' citizenship—that is processing the personal information of data subjects inside the EEA" (emphasis mine, text from Wikipedia)


This is the actual text of Article 3 of the Directive. Check point 2. It applies to (for example) an e-commerce in the USA if selling to somebody in the EU or to a USA company doing behavioral tracking if tracking somebody in the EU. In both cases, even if they are not EU citizens. Only the location matters.

Territorial scope

1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.


Sure, they're trying to broaden the scope as far as they can. But is it enforceable outside the EEA? I'd love to see a U.S. court do anything but throw out a GDPR case or a European court's ruling based on the GDPR.


Why do you think the EU would use US courts to enforce EU law?

The EU would use EU courts to enforce EU law. This might mean that non-compliant websites are blocked, via court orders to ISPS, in the EU.

This already happens with some piracy sites. The blocking is inconsistant and easily circimvented.


US citizens fall under US tax law no matter where they are on this planet. Also, thanks for France, the sun never sets in the EU.


GDPR applies to any company with a significant prescene in the EU. I think it's hard to believe GoDaddy doesn't. They sell large number of domains with EU based TLDs. They've even bought EU based hosting companies.

GDPR doesn't apply to companies that only have a tiny portion of EU customers. Good examples would be: small local news, US only shops. (K-Mart, gun shops, etc)

GDPR being an EU law doesn't matter so much when there are so many treaties allowing fines to be forced. This means not being in the EU just makes it more expensive to deal with.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: