Comment by throwaway287391
5 years ago
What I don't understand is, why are these local US news sites required to comply with GDPR? I wouldn't think they'd have any obligation to follow it (or any possible recourse for not doing so) unless they have business operations in the EU. Are these local news sites in fact all owned by multinationals that do have operations in the EU?
Edit: I'm getting downvoted -- just in case it helps to clarify, I'm not trying to say anything anti-GDPR here... I'm just genuinely surprised these ostensibly US-only companies feel obligated to follow it and genuinely asking why? Is there an actual legal risk to non-compliance for them? Given the already low level of effort just to detect an EU-based IP address and show the patronizing error message, it seems like they must have had some motivation to even do that much and I'm just wondering what that was.
Any company that serves EU residents has to comply. If they block users from the EU, they don't have to comply. Fines can be massive (up to 2% global revenue).
Nexstar might not have any European assets, but non-compliance might not be a smart move if they get fined and business executives travel to Europe...
A company in the US has no legal obligation to pay fines in the EU. There is no ability to enforce these rules on US companies.
Also, individuals traveling to the EU will never be liable for the fines of their company.
Our company just completely ignores GDPR - and I suspect no one will ever care.
It sounds like you do some tracking, but don't do business in Europe. Okay, fine.
Do you do only your own tracking? Or do you directly or indirectly sell Europeans' personal data to other companies, who in turn may be doing business in Europe?
You can probably see where I'm going with this: those other companies may then potentially be liable in Europe for improperly handling Europeans' personal data. If I was buying personal data from US company as a European, I would make it part of the contract that the seller must comply with GDPR at least for Europeans, to avoid this potential liability.
1 reply →
I understand it as: if you're taking my data as European citizen, that is protected; even if you're in the US I'm still European.
That’s incorrect. What matters is where you are, not whether you’re an EU citizen.
If an EU citizen accesses a site from inside the USA, the GPDR does not apply. That’s also why these sites can use geo-blocking without knowing who accesses their site (for some definition of ‘can’. Technically they can’t because geo-blocking can’t be perfect. If you access a site from the EU through a VPN in the USA, the GDPR still applies)
The EU can still, in theory, sue them because they're serving Europeans. Especially in the beginning many companies became afraid of the possibility so they simply blocked access to see where it goes. Then it probably became clear the European customers are not worth the effort to change back. But actually it's still illegal what they're doing because the GDPR also states that customers have to be treated neutral regardless of their location, as long as it's not about licensing of course.
GDPR applies whenever you're providing services to EU citizens, regardless of where you have operations. If you want those people to read your stuff, it applies to you.
And before you say that's crazy, look at US tax laws.
Also, US Foreign Corruption Practices Act.
> GDPR applies whenever you're providing services to EU citizens
That's a common misconception. GDPR applies to the data of people "in the Union". There is no mention of citizens at all in GDPR.
If someone is not an EU citizen but is in the Union, it applies.
If someone is an EU citizen but is not in the Union, it does not apply.
> US-only companies feel obligated to follow it and genuinely asking why?
It doesn't matter where a company is located, only where its products are accessible. If you offer a product/service to EU citizens - for example a globally accessible news website - you have to comply with GDPR. Or you deny access to EU citizens, which is fine too.
The vast majority of "local" news sites are in fact owned by just a handful of media conglomerates.