undefined | Better HN

0 pointsthemanmaran4y ago0 comments

I feel like this is either a mis-interpretation, or the scope of this law would prevent 95% of websites from existing in the EU (including hackernews which stores your email).

So any US company cannot store PII on an EU citizen? If someone from the EU comes to my site to make a purchase, I can't allow them to do that?

0 comments

theptip4y ago

The key is consent and right to deletion. GDPR is ok with you storing data if the user consents, you list all the data, you list who you share it with, and you have a contract with anyone you share data with so you can comply with a deletion request.

The US government won’t honor deletion requests for any IPs it requests from GA, therefore you can’t comply with GDPR if you use GA.

If you don’t share data it’s much simpler. You collect just what you need to do the processing the user consented to. And you delete it when a user asks.

Edited to add: I should say the 2nd paragraph seems to be the regulator's position. It seems a bit extreme to me and I don’t fully endorse it. But my main point was to try to highlight why most essential and consented processing is unaffected by this ruling.

cowl4y ago

Yes that is my interpretation of it. The whole point being that any data stored in US can not be guaranteed to respect GDPR because the US government can request access to that data and the EU citizens don't have a recourse to that. any US buisness that want to have EU citizens PI needs to have a host in EU.

judge20204y ago

Not just a host, but the corporation in control of the data can't be controlled by a US corporation at all, lest the US corporation be able to pressure the EU subsidiary into handing over that data.

themanmaranOP4y ago

So every US company needs to have a separate, non-controlled, entity in the EU? Seems pretty unrealistic to me.

In this scenario, I feel like the US company would be better off blocking traffic from the EU.

1 more reply

j / k navigate · click thread line to collapse