Comment by miki123211
1 year ago
But that only applies to companies that the EU has any kind of control over.
If you're in a hypothetical country that the EU has no relevant treaties with, the EU has no power over you. They might claim that EU laws are extraterritorial and affect everybody who dares to appear on the internet without blocking EU citizens, but that claim can't be enforced in such a country.
At what scale do I need to worry about this? If I make an app and don’t want to comply but I live in the US, do I open myself up to extradition if I have users in the EU?
You don’t worry. The best the EU can do is try (and likely fail) to block access to your application
The EU doesn't even have a continent-wide DNS-blocking system.
Most countries have their own, but they're mostly for copyright infringement, not GDPR violations.
Even that isn't universal, Poland's system only affects unregistered gambling websites for example, and I've seen quite a few ISPs that don't even bother enforcing it, even though they're legally supposed to do so.
There's nothing (except talking to your government) that the EU could realistically do at this time to block a website, and I genuinely don't know how receptive the US would be to these arguments.
The largest "hook" the EU has is that most companies that provide services to you, whether that'd be payment processors, hosting services or ad networks, (still) want to maintain good relations with them and don't want to burn bridges, and I don't believe it's beneath the European commission to put pressure on those to make your life difficult.
They will block you through DNS. For 99% of the users base, it’s generally enough.
For an app, get you kicked off the App Store.
If you app is in the App store or Google Play store, you'll have to care about the EU the moment you open your app to EU users. Not complying will either get you removed from the EU store or get your whole account banned, US included, depending on how bad the store owner feels about you.
If you take direct payments, you'll probably have a talk to your card acquirer on how they feel about EU clients and how you deal with them. They might decide to not do any business with you depending on that.
In these above examples, I think having wider scale actually helps negotiating better terms instead of getting kicked out at the first occasion.
In the EU? These are all civil matters, so the worst they can do is fine you and then try to get a US court to enforce it.
Sure the EU can; the EU can block any payments leaving the EU going toward a legally non-compliant entity (company, country, etc) if they wish.
Technically cryptocurrency could get around this.
As if any of the targeted users know how to use it.