> There's lots of bullshit in legal journals too, partly due to how most of those journals are student-reviewed rather than peer-reviewed, and partly due to how politicized the legal academy is. Care to provide a cite?
I do't care to provide a cite, but this seems rather dismissive. Plenty of peer reviewed legal journals also found the idea mockable.
> No, I'm saying that a UK entity can sue a Brazilian for defamation in UK court, not Brazilian court, and win jurisdictional arguments in the UK court based on the Brazilian's publications being targeted to the UK - even if the Brazilian has never been to the UK. And all of this would be based on UK law, not Brazilian law.
Oh, sure. There's nothing really special about that. I can sue anyone in the world if I want to, it won't matter much if they are not in the same country as me and never come. A best case scenario would be getting a default judgement that couldn't be enforced and if they ever did come would be overturned instantly, so basically worthless.
That doesn't mean US laws apply to everyone in the world though.
> I said nothing about the foreign defendant being present in Quebec, no. Everything I said applies even when that is not true.
OK. Then like your previous example it isn't relevant or analogous.
> This is among the common global misinformation about the GDPR that does not reflect the EU's actual legislation or their actual guidance about the GDPR
Except it does. They explicitly assert extra-territorial jurisdiction for cases like this. That's why there was so much written about it.
> However, monitoring behavior by visitors where that behavior occurs in the EU does. So if a website's preferred online advertising model depends on monitoring the behavior of their visitors and they don't want to make an exception to that for visitors in the EU, that's the source of the GDPR applicability - not the online advertising itself.
Right, and that's nonsense. It still all boils down to the basically zero possibility of practically enforcing any of their laws against, say, actors in developing countries with no relationship with the EU, or worse, hsotile to the EU.
> And I already explained why this is necessary to avoid a huge truck-sized loophole.
And I responded explaining why I think you're explanation is incorrect.
> Again, read Article 3 of the GDPR and Recitals 23 and 24 of the official guidance. The EU does not claim the GDPR applies there.
Instead of just quoting the GDPR, which we've both read, how about sharing the text you think applies and your interpretation? Something I can actually refute.
> You would be amazed at how many countries would apply their jurisdiction to foreigners with respect to how many laws in this kind of secnario. People have been persuaded otherwise by anti-GDPR propaganda by the industries that depend on routinely violating the GDPR, but it's really true.
I don't think it has anything to do with "anti-GDPR propaganda", more the GDPR being uniue. The examples you gave didn't map to the GDPR, can you give some that do?
> They claim just as much jurisdiction as most countries do
This is false. They claim more than any other western country does.
> Everything and everyone is mockable, even me, even you, even everyone we know. That doesn't mean what you think it does.
It means exactly what I think it does. To try and dismiss the meaning I intended and suceeded in conveying and that you understood, you are taking the meaning literally when you know that isn't the meaning conveyed here - "mockable" here means, having something juicy and rich to milk for material, the results of which are relateable and appreciated by the intended audience. Not everything meets that definition, certainly not everything and everyone.
> while there are indeed some multilateral treaties about the recognition of foreign judgments such as can happen for unpaid GDPR fines,
Can you name one non EU country that has a treaty that specifically covers the GDPR?
> However, US state laws do allow recognition of foreign judgments, with the details varying widely.
They sure do, and the details as to why can be interesting, but usually it's going to be a case of there being an equivalent US law. There isn't in this case, and several judges would be repulsed by the suggestion that the law should apply in the US at all.
> I would be quite surprised if all US states would never enforce a court judgment from an EU country resulting from a GDPR violation. Said differently, I expect that at least some US states would enforce it in some scenarios, dependent on the relevant facts and circumstances.
I don't really see that ever happening, to be honest. Well, to be fair, maybe states with data privacy legislation like CA might, as long as only parts that map to CA's own legislation were being enforced. Although even then they would have to be present in the state. I can make a site in the US, target it as much as I can to EU citizens, blatantly violate the GDPR as much as I can, and the EU can't touch me if I didn't break any US laws. I can do what I like with that EU citizen data I collected, sell it to whoever I want, etc - as long as I don't break any US laws.
> Even when the company has no assets in a jurisdiction that allows recognition of EU judgments resulting from GDPR fines, they can also seize movements of money or goods into or out of the EU which belong to the company that isn't paying the judgment.
Sure, like I said, they have power within their borders and that's it. If the entity never goes through EU borders, then they can't really be touched.
> Anyway, "police and punish its own citizens" isn't the scenario being discussed here
I mentioned it because it's one of only 3 things the EU can do to try and deal with a website violating the GDPR outside their borders. The other is dealing with it any way they can if anything physical, or any money goes through their borders, and the final is what I suggested - to police and punish its own citizens. This nonsense of claiming global jurisdiction is nothing but theater.
> The violation is the website's alone.
And when that website is firmly out of EU jurisdiction, they can't do a damn thing about it. Sometimes, they might get a country to enforce a fine, but that has yet to happen despite fines being issued.
I can’t force you to see parallels you are very firmly convinced don’t exist, nor can I force you to provide new evidence or arguments instead of rehashing conclusions I’ve already refuted as best I can.
This is especially true when you’ve declined my open-ended request to provide one of the “plenty of” peer-reviewed legal journal citations you say exist and don’t engage substantively with the evidence I do share, even while making ever more specific legal citation requests to me and asking me to do all the legwork of substantively explaining “some [interpretation of my evidence] that [you] can actually refute.”
These asymmetries are beyond the scope of what’s warranted here: we are two people having a casual unpaid Hacker News discussion, not you as a judge or juror and me as a lawyer trying to prove my client’s case in court. Similarly, if the point of me doing interpretive legwork is just to give you something to refute, that’s not worth my time.
I don’t think we have anything productive left to say to each other in this subthread, so don’t be surprised if this turns out to be my last reply to you here.
> I can’t force you to see parallels you are very firmly convinced don’t exist, nor can I force you to provide new evidence or arguments instead of rehashing conclusions I’ve already refuted as best I can
Oh. OK. So you're not actually providing any of the proof I asked you to, you're just wanting me to trust your arguments as correct in spite of all the evidence I've seen to the contrary. Yeah, that sure is reasonable. The 'trust me bro' defense.
> This is especially true when you’ve declined my open-ended request to provide one of the “plenty of” peer-reviewed legal journal citations you say exist and don’t engage substantively with the evidence I do share
Because I'm not particularly interested in doing research for you. That would actually take me maybe 10 0or 15 minutes, to find something you wouldn't just dismiss because it was cited by students and whatever reason you found convenient.
You're making a claim which against common knowledge and understanding, so the onus is on you to support it. Not just say 'read X section of the GDPR' and treat that as though you've provided proof.
> asking me to do all the legwork of substantively explaining “some [interpretation of my evidence] that [you] can actually refute.”
No. I'm just first asking you to support your point directly and not with vague handwaving. That's more than reasonable.
> These asymmetries are beyond the scope of what’s warranted here: we are two people having a casual unpaid Hacker News discussion, not you as a judge or juror and me as a lawyer trying to prove my client’s case in court.
Sure. I'm not trying to make it that. But clearly one of us is incorrect. You've been confident from the start it's me, but instead of actually showing how, you're just saying read section X of the GDPR and wanting me to trust your interpretation as correct. How is that reasonable?
There's plenty of peer reviewed legal articles talking about EU overreach. There really are not many saying "whoah, hold up guys, there's been a huge misunderstanding!" - you didn't even provide so much as a blog post claiming that.
The way I see it, EU tribalism can be just as bad as US tribalism, and EU citizens often try to defend EU laws even when it doesn't necessary make sense to do so. Likek how many EU citizens will try and say cookie banners are not the fault of the EU and try to shift blame to the websites, which is nonsense.
> Similarly, if the point of me doing interpretive legwork is just to give you something to refute, that’s not worth my time.
WHy do you think that stance wouldn't apply to me?
> I don’t think we have anything productive left to say to each other in this subthread, so don’t be surprised if this turns out to be my last reply to you here.
I do't care to provide a cite, but this seems rather dismissive. Plenty of peer reviewed legal journals also found the idea mockable.
> No, I'm saying that a UK entity can sue a Brazilian for defamation in UK court, not Brazilian court, and win jurisdictional arguments in the UK court based on the Brazilian's publications being targeted to the UK - even if the Brazilian has never been to the UK. And all of this would be based on UK law, not Brazilian law.
Oh, sure. There's nothing really special about that. I can sue anyone in the world if I want to, it won't matter much if they are not in the same country as me and never come. A best case scenario would be getting a default judgement that couldn't be enforced and if they ever did come would be overturned instantly, so basically worthless.
That doesn't mean US laws apply to everyone in the world though.
> I said nothing about the foreign defendant being present in Quebec, no. Everything I said applies even when that is not true.
OK. Then like your previous example it isn't relevant or analogous.
> This is among the common global misinformation about the GDPR that does not reflect the EU's actual legislation or their actual guidance about the GDPR
Except it does. They explicitly assert extra-territorial jurisdiction for cases like this. That's why there was so much written about it.
> However, monitoring behavior by visitors where that behavior occurs in the EU does. So if a website's preferred online advertising model depends on monitoring the behavior of their visitors and they don't want to make an exception to that for visitors in the EU, that's the source of the GDPR applicability - not the online advertising itself.
Right, and that's nonsense. It still all boils down to the basically zero possibility of practically enforcing any of their laws against, say, actors in developing countries with no relationship with the EU, or worse, hsotile to the EU.
> And I already explained why this is necessary to avoid a huge truck-sized loophole.
And I responded explaining why I think you're explanation is incorrect.
> Again, read Article 3 of the GDPR and Recitals 23 and 24 of the official guidance. The EU does not claim the GDPR applies there.
Instead of just quoting the GDPR, which we've both read, how about sharing the text you think applies and your interpretation? Something I can actually refute.
> You would be amazed at how many countries would apply their jurisdiction to foreigners with respect to how many laws in this kind of secnario. People have been persuaded otherwise by anti-GDPR propaganda by the industries that depend on routinely violating the GDPR, but it's really true.
I don't think it has anything to do with "anti-GDPR propaganda", more the GDPR being uniue. The examples you gave didn't map to the GDPR, can you give some that do?
> They claim just as much jurisdiction as most countries do
This is false. They claim more than any other western country does.
> Everything and everyone is mockable, even me, even you, even everyone we know. That doesn't mean what you think it does.
It means exactly what I think it does. To try and dismiss the meaning I intended and suceeded in conveying and that you understood, you are taking the meaning literally when you know that isn't the meaning conveyed here - "mockable" here means, having something juicy and rich to milk for material, the results of which are relateable and appreciated by the intended audience. Not everything meets that definition, certainly not everything and everyone.
> while there are indeed some multilateral treaties about the recognition of foreign judgments such as can happen for unpaid GDPR fines,
Can you name one non EU country that has a treaty that specifically covers the GDPR?
> However, US state laws do allow recognition of foreign judgments, with the details varying widely.
They sure do, and the details as to why can be interesting, but usually it's going to be a case of there being an equivalent US law. There isn't in this case, and several judges would be repulsed by the suggestion that the law should apply in the US at all.
> I would be quite surprised if all US states would never enforce a court judgment from an EU country resulting from a GDPR violation. Said differently, I expect that at least some US states would enforce it in some scenarios, dependent on the relevant facts and circumstances.
I don't really see that ever happening, to be honest. Well, to be fair, maybe states with data privacy legislation like CA might, as long as only parts that map to CA's own legislation were being enforced. Although even then they would have to be present in the state. I can make a site in the US, target it as much as I can to EU citizens, blatantly violate the GDPR as much as I can, and the EU can't touch me if I didn't break any US laws. I can do what I like with that EU citizen data I collected, sell it to whoever I want, etc - as long as I don't break any US laws.
> Even when the company has no assets in a jurisdiction that allows recognition of EU judgments resulting from GDPR fines, they can also seize movements of money or goods into or out of the EU which belong to the company that isn't paying the judgment.
Sure, like I said, they have power within their borders and that's it. If the entity never goes through EU borders, then they can't really be touched.
> Anyway, "police and punish its own citizens" isn't the scenario being discussed here
I mentioned it because it's one of only 3 things the EU can do to try and deal with a website violating the GDPR outside their borders. The other is dealing with it any way they can if anything physical, or any money goes through their borders, and the final is what I suggested - to police and punish its own citizens. This nonsense of claiming global jurisdiction is nothing but theater.
> The violation is the website's alone.
And when that website is firmly out of EU jurisdiction, they can't do a damn thing about it. Sometimes, they might get a country to enforce a fine, but that has yet to happen despite fines being issued.