undefined | Better HN

0 pointsMR4D7y ago0 comments

ICANN is a US company. Technically, the rules don’t apply to them, because it is an EU law, not a global one.

However, the maliciousness that the EU is proposing to go after any company, whether they operate in the EU or not, is going to break things in ways they have not thought of.

So regardless of how long ago it came out (and trust me, 2 years is nothing for dealing with something like this), it still wasn’t well thought thru.

For what it’s worth, this law affects my company, as we have clients that are EU citizens. But only those that live in the US with a social security number. (I work in finance). My company has one office with just a few people. I never heard about GDPR until earlier this year. So my question is what happens if someone files a GDPR issue with my company? My clients information is available all over the world via login to our staff. We travel to various places. So what happens now? Some law in a place I’ve not been in a decade (exempting EU-controlled islands in the Caribbean) has just put my company in a strange legal position. Am I going to spend tens of thousands of dollars with lawyers and consultants to figure it out? No. Why? Because it would put me out of business. Plus, as a financial company, I have a requirement for saving information for 7 years. All data? Hard to say, as the IS law leaves that discretion to my company (as it should be).

So this law was horribly thought thru. I’ll probably get downvotes for this, but wait a couple years and see how crazy fines affect companies large and small for innocent issues, and I’ll be proven right.

0 comments

obscura7y ago

If the laws didn't apply to them, they would just ignore them. The fact that they haven't proves otherwise.

The GDPR has been discussed for well over 2 years. It came out in 2012. Before then, it was being discussed publicly. Its predecessor, the Data Protection Directive, has been around for a long time.

You really have no justification for calling it horribly thought through. Laws like this don't appear overnight and without wide consultation. In any case, if the requirement was to apply the law out every scenario before implementing it, pretty much no law would ever be implemented.

The aim of the GDPR is to make organisations treat personal information properly, not to penalise them for every little infringement. I very much doubt there will be enough capacity to deal with every minor offence; it's more likely that large companies or those with many complaints against them will be the first targets.

Ultimately, if you're not sure about something, you most likely aren't the only one. Things will become clearer as regulations and guidelines appear, and the first complaints are dealt with. If you believe you're behaving fairly, you're probably fine or at least that's something you can argue.

guitarbill7y ago

> However, the maliciousness that the EU is proposing to go after any company, whether they operate in the EU or not, is going to break things in ways they have not thought of.

Hmm, so you're saying the US doesn't do anything like this? DCMA, FBAR & FATCA, etc, etc.

The only reason Americans are complaining about this one is that they're the ones having to comply with a very sane law. Or because they haven't read it, and have no fucking clue how it or privacy works.

> are EU citizens. But only those that live in the US with a social security number. [...] So my question is what happens if someone files a GDPR issue with my company?

Read the GDPR. Only companies outside the EU that specifically go after EU residents are in scope. It has nothing to do with e.g. EU nationals residing abroad.

So enough of this "woe is us" bollocks. It happens every post about GDPR, and I'm sick of the FUD tactics.

MR4DOP7y ago

Not a FUD tactic on my part, so please don't put "woe is me" on me.

For what it's worth, FATCA, DCMA , et al really suck too, and I think those have terrible unintended consequences. But this post was about GDPR because that's what the topic of the oringinal post is.

And no, I'm not complaining about it - I'm saying it's poorly implemented.

And before you go off on Americans having to comply with a law OUTSIDE OUR JURISDICTION, how about we hold all of our crappy laws over your head. And fine you 4% of revenues for one of our bullshit laws? You wouldn't like it either, WHICH IS MY POINT - it's a poorly implemented law.

My company has a (damn good) privacy policy. We take privacy very seriously. But fuck all if some other country wants to put a regulation on MY interaction with someone from their country in my hometown. (And I have the same opinion if the US wants to regulate some American doing something in another country - the US should fuck-off then as well).

You seem super supportive of this law, but what will your position be when China "improves" their Social Credit system to require anybody in any country who deals with a Chinese national to report their information/conversation/etc to the Chinese govt within 24 hours of gathering the data? Will you support that because the Chinese have the noble goal of social stability? Or will you decide that in this particular case, and because you don't like their extra-territorial law, that "they can't do it." ?

I have no intention of reading the GDPR because IT'S NOT MY LAW ! Does that not resonate with you? I don't expect you to read the DMCA, FATCA, Patriot Act, etc, so why do you expect me to read yours? It has nothing to do with me (except for those unintended consequences that I'm trying to explain above).

Semirhage7y ago

For what it's worth, FATCA, DCMA , et al really suck too, and I think those have terrible unintended consequences. But this post was about GDPR because that's what the topic of the oringinal post is.

Kind of hard to reconcile those two positions, given that the former is just a perfect example of the latter.

1 more reply

j / k navigate · click thread line to collapse