Comment by sroussey

1 year ago

Many jurisdictions, including EU, China, and others, require data on their citizens to be hosted locally.

43 comments

sroussey

Reply
miki123211  1 year ago

But that only applies to companies that the EU has any kind of control over.

If you're in a hypothetical country that the EU has no relevant treaties with, the EU has no power over you. They might claim that EU laws are extraterritorial and affect everybody who dares to appear on the internet without blocking EU citizens, but that claim can't be enforced in such a country.

  • octopoc  1 year ago

    At what scale do I need to worry about this? If I make an app and don’t want to comply but I live in the US, do I open myself up to extradition if I have users in the EU?

    • makeitdouble  1 year ago

      If you app is in the App store or Google Play store, you'll have to care about the EU the moment you open your app to EU users. Not complying will either get you removed from the EU store or get your whole account banned, US included, depending on how bad the store owner feels about you.

      If you take direct payments, you'll probably have a talk to your card acquirer on how they feel about EU clients and how you deal with them. They might decide to not do any business with you depending on that.

      In these above examples, I think having wider scale actually helps negotiating better terms instead of getting kicked out at the first occasion.

    • immibis  1 year ago

      In the EU? These are all civil matters, so the worst they can do is fine you and then try to get a US court to enforce it.

wredue  1 year ago

And that’s the way it *should* be.

When Steven Harper unilaterally attempted to empower private data to be offshored, it would have been an absolute nightmare.

North American security is bad enough as it is. Imagine handing all your health, credit card, government information over to a Nigerian prince just for free.

throwawayk7h  1 year ago

what would happen if a US company, with US servers, ignored those requirements?

  • Teocali  1 year ago

    It would blocked in the EU.

    Also the company could be asked to forbid EU customer to access the product. Wouldn’t be a big threat but it would prevent the company to do any futur business in Europe.

    Tech savvy customer could still access the product but that is not a market as big as every EU potential customer.

M2Ys4U  1 year ago

The EU does not require data to be hosted locally, though.

  • Teocali  1 year ago

    As far as I know, they do. That’s part of their consumer data protection act (didn’t remember the exact name).

    Do you have any source for that ? it would n’a quite helpful, honestly.

    • cccbbbaaa  1 year ago

      The law you're thinking about is GDPR. It does allow to host data outside of the EU if the rights of the data subjects are not weakened.

      Source: GDPR articles 44, 45, and 46.

    • com  1 year ago

      The EU GDPR has requirements for processing (including storage) of personal data (much larger scope than US PII, but still nowhere near all data) in jurisdictions with legal adequacy for data protection.

      It’s not quite data sovereignty like India’s regulations around payment transaction data but it does theoretically limit where you can store EU personal data.

      You can find the current GDPR adequacy list at the EU’s EDPB site. https://commission.europa.eu/law/law-topic/data-protection/i...

gcbirzan  1 year ago

I'm not sure about Chinese law, or any other law, but GDPR for sure does not require that. The fact that the US is not an option doesn't mean you cannot store data in any other country, just that the safe harbour and then the privacy shield were considered inadequate. For example, storing personal data in the UK is just fine.