The Official GDPR Lawsuit thread

topspin

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

This is nothing more than flat-out extortion. "We don't like that American businesses have figured out how to be successful on the Internet and ours haven't, so we're going to invent out of thin air a new 'right' for them to need to pay money to Europe in order to do business here." Let's call a spade a spade here: that's a protection racket!

I can't roll my eyes hard enough at this.

You're not forced to do business in the EU. If you want to do business in the EU, you have to play by EU rules. That is the same for EU companies, US companies, and any other international companies.
Do you honestly think I can do business in the US from the EU without having to follow your rules?

You have to follow HIPAA regulations etc.: protection racket.
You have to pay customs when importing/exporting: protection racket.
You can't mention The Mouse or anything after copyright got extended indefinitely: protection racket.
You have to pay taxes: protection racket.
You can't fire your employees out of a literal cannon without going to jail: protection racket.

According to your definition, everything outside of anarchy is a protection racket.

We don't like that American businesses have figured out how to be successful on the Internet and ours haven't

Mostly what we don't like is that you come up with new ways to undermine regulations. It's easy to be successful if, like UBER, you just break the laws. Nice competitive advantage.

Mason_Wheeler

@topspin said in The Official GDPR Lawsuit thread:

If you want to do business in the EU, you have to play by EU rules.

I'm not doing business in the EU. I'm doing business in the USA. If EU citizens want to come to my business to do business with me, they are free to do so, in the USA. And the EU has zero right to tell me that the citizenship of my customers magically changes the place where I am doing business. The place of business is the place of business, and that's defined by the server, not by the customer.

dfdub

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

I'm not doing business in the EU. I'm doing business in the USA. If EU citizens want to come to my business to do business with me, they are free to do so, in the USA. And the EU has zero right to tell me that the citizenship of my customers magically changes the place where I am doing business. The place of business is the place of business, and that's defined by the server, not by the customer.

Thought experiment: So if Alphabet Inc. had been founded in Belize and Google had transferred ownership of its services to Alphabet, you'd be perfectly fine with having to sue them in Belize and ignoring US regulations?

Mason_Wheeler

@dfdub TBH if they shut down all their US-based servers, so that I could no longer do business in the US and had to visit a Belize-based site, I'd most likely end up using Google a lot less due to their business being rather latency sensitive. (And if that's not the answer you were expecting, please read what I actually said, rather than what you're trying to respond to here, which is not what I actually said.)

dfdub

@Mason_Wheeler
What you said was that buying from a US company online is like travelling to the US and buying something on holiday. I would dispute that.

Before the internet, if you wanted to target a significant amount of customers in another country, you opened a shop in that country and had to abide by its laws. Why should the internet work differently? You can easily choose to only accept domestic customers if you don't want that. I guarantee you that the EU won't impose fines just because a single EU citizen residing in the EU managed to get a US bank account and phone number and thereby bypassed your restrictions intentionally.

topspin

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

@Rhywden So let me get this straight. You want to reap the benefits of using products offered in other countries, but don't want to deal with the consequences of stepping outside the rules of your own country to observe the relevant laws where the product is actually offered?

So let me get this straight, you want to run a business in other countries don't want to deal with the consequences of stepping outside the rules of your own country? You think if a US company's EU subsidiary offers services in the EU the US wouldn't order them to hand over data physically located inside the EU even if that breaks EU laws?

Big Data: Latest Articles, News & Trends | TechRepublic

CLOUD Act - Wikipedia

Primarily the CLOUD Act amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.

I think you called this "Universal Jurisdiction".
At least the GDPR doesn't force you to break US laws.

By the way, what @Rhywden mentioned is that you again want to have your cake and eat it too. US laws should apply for business inside and international business outside the US, but EU law shouldn't apply for international business.

Mason_Wheeler

@dfdub said in The Official GDPR Lawsuit thread:

Before the internet, if you wanted to target a significant amount of customers in another country, you opened a shop in that country and had to abide by its laws. Why should the internet work differently?

Because the Internet does work differently. The "shop" is the server. If the server is located in the USA, then no law outside the USA has jurisdiction over that server. Period. Not gonna budge on this one, because giving ground here leads to madness. I'm sure there are plenty of laws from North Korea that my web presence is violating, and probably yours too. I don't care. Do you? Under your line of reasoning, you have to care about that!

topspin

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

If the server is located in the USA, then no law outside the USA has jurisdiction over that server.

And if the server is inside the EU, then US law still has jurisdiction over it.

Mason_Wheeler

@topspin said in The Official GDPR Lawsuit thread:

You think if a US company's EU subsidiary

I'mma stop you right there. I never said anything about EU subsidiaries. If you have a subsidiary in another country, then obviously then have to play by that country's rules. I'm talking about me, not having any such subsidiaries, and not anything else, and that's exactly what I've been talking about since the beginning. Please stop with the .

Mason_Wheeler

@topspin said in The Official GDPR Lawsuit thread:

And if the server is inside the EU, then US law still has jurisdiction over it.

I never said that. In fact, I specifically said the exact opposite a few posts back. Leave out of it plx. If you can't make your point without twisting my point of view into literally the exact opposite of my point of view... doesn't that say something about how strong your point is(n't)?

dfdub

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

Because the Internet does work differently. The "shop" is the server.

And so we should just give up all consumer protection laws? Because of the physical location of a server?

Making the physical location of the server determine the jurisdiction is just your personal way of applying previous laws to the internet. It's neither the most sensible option nor the way things actually worked before GDPR.

topspin

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

@topspin said in The Official GDPR Lawsuit thread:

And if the server is inside the EU, then US law still has jurisdiction over it.

I never said that. In fact, I specifically said the exact opposite a few posts back. Leave out of it plx.

No, you didn't. THE US LAW does! It's not shoulder aliens, it's your law.
You might have noticed that if you actually read posts instead of "stopping right there".

Mason_Wheeler

@dfdub said in The Official GDPR Lawsuit thread:

And so we should just give up all consumer protection laws? Because of the physical location of a server?

Of course not. The consumer protection laws that exist in the jurisdiction of the server apply, obviously!

It's neither the most sensible option

It's literally the only sensible option, unless you want to bow before the laws of North Korea.

Zerosquare

You should open a business selling counterfeit merchandise from a server located in a country that doesn't care about such stuff. According to you, you'd make a lot of money and nobody could do anything against you, right?

dfdub

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

It's literally the only sensible option, unless you want to bow before the laws of North Korea.

A country that doesn't have extradition treaties with any other country and doesn't allow its citizens to access the internet anyway? What a great straw man.

Mason_Wheeler

@Zerosquare If I did -- which I wouldn't want to due to personal ethics -- I'd still run into complications at the border, when shipping the counterfeit merchandise, so I wouldn't make all that much money afterall.

Mason_Wheeler

@dfdub said in The Official GDPR Lawsuit thread:

What a great straw man.

Not a strawman at all. Can you explain, without special pleading, what makes the EU's jurisdiction valid universally but not North Korea's or Iran's or China's? Either Universal Jurisdiction is a valid principle (universally!) or it's not. I hold the position that it's not.

dfdub

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

Can you explain, without special pleading, what makes the EU's jurisdiction valid universally but not North Korea's or Iran's or China's?

Like pretty much anything concerning trade and police cooperation between different countries: The acceptance of EU laws by those other countries.

And you'd be surprised by how many US and EU companies (have to) accept Chinese laws, because they're selling physical or virtual goods in China. Due to the nature of the Chinese regime, this is in fact a huge problem that is frequently talked about in the media.

Mason_Wheeler

@dfdub I don't accept Chinese laws. They have no jurisdiction over me. If the Chinese government wants to firewall me out of China for proclaiming that, I'm fine with that. If Chinese citizens want to VPN around the Chinese firewall so they can come to my USA-based server and participate in the services I offer here in the USA according to US law, I'm also fine with that.

dfdub

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

I don't accept Chinese laws.

That's fine, but that doesn't mean they don't apply to you if you want to legally sell goods to Chinese customers.

You're of course free to break the law as well, in which case it makes a huge difference whether and to which degree the US accepts the other country's justice system.

Luhmann

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

shipping the counterfeit merchandise,

Fine ... what about pirated content? Or software? Or any other service that can be completely digital in 2020 like insurance, banking or anything healthcare related. It seems the USA very much cares about these things. Doesn't the FBI intervene on servers outside of the US territory in above cases even if said activities are not illegal in the country the company is based at and neither is the server?
Please stop using two measures where it's all a-ok if it's Murica but Evil if anybody else uses similar reasoning.

Mason_Wheeler

@Luhmann said in The Official GDPR Lawsuit thread:

Fine ... what about pirated content? Or software?

Again, this has already happened. You're asking about actual precedents as if they were hypothetical.

Doesn't the FBI intervene on servers outside of the US territory in above cases even if said activities are not illegal in the country the company is based at and neither is the server?

No. How would they? The FBI has no jurisdiction in foreign countries.

Please stop using two measures where it's all a-ok if it's Murica but Evil if anybody else uses similar reasoning.

Where did I do that? It seems the infestation is spreading!

Gąska

@Benjamin-Hall said in The Official GDPR Lawsuit thread:

I have yet to see any examples of actual harm caused by any of this tracking cookie stuff.

Plane ticket prices.

dfdub

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

No. How would they? The FBI has no jurisdiction in foreign countries.

The same way any other country tries to enforce its laws outside its borders: Through existing cooperation agreements and/or political pressure.

And if that doesn't work and they want someone badly enough, the US occasionally just abducts people on foreign soil. If you think that answer is inflammatory and OT, then that's because you're now basically asking: "How does international legal cooperation and law enforcement work?"

Mason_Wheeler

@dfdub And who exactly has the FBI abducted on foreign soil over copyright violation?

Benjamin Hall

@Gąska said in The Official GDPR Lawsuit thread:

@Benjamin-Hall said in The Official GDPR Lawsuit thread:

I have yet to see any examples of actual harm caused by any of this tracking cookie stuff.

Plane ticket prices.

I've heard of places varying their ticket price (since price discrimination is one of the key methods that airlines use), but never heard it linked to tracking cookies or anything like sensitive identifying information in particular.

Links/references?

Gąska

@Benjamin-Hall nothing to read up (probably could Google something up quite easily, but I don't have time right now), but a friend once showed me that the official website of some airline gives him different prices in and outside of private mode.

dfdub

@Mason_Wheeler As stated above, that part was intentionally inflammatory and OT because you're basically starting to ask us how international law enforcement works at all.

We could also change topics again and discuss how the US forces EU companies to follow its embargos, but I don't see how that's productive. You should just accept that legal cooperation and trade means that laws are often enforcible outside the territory they originate from.

Mason_Wheeler

@Gąska said in The Official GDPR Lawsuit thread:

@Benjamin-Hall nothing to read up (probably could Google something up quite easily, but I don't have time right now), but a friend once showed me that the official website of some airline gives him different prices in and outside of private mode.

Out of curiosity, which version gave him the better prices?

Gąska

@Mason_Wheeler I don't remember. It was years ago. It wouldn't surprise me if it gave mixed results on different dates and routes.

Benjamin Hall

@Gąska said in The Official GDPR Lawsuit thread:

@Mason_Wheeler I don't remember. It was years ago. It wouldn't surprise me if it gave mixed results on different dates and routes.

airline pricing is horribly opaque and effectively random (within bounds). I've heard of them basically A/B testing, except with prices, as well as having odd referrer policies. I'd need more than a single incident to say it was due to tracking cookies.

And that just goes to my point. So far, that's the only example I've ever seen. And it's a milquetoast, minor thing if it's even a real effect. All this data privacy stuff (beyond the basics of "don't sell ID numbers/passwords/accounts" and "don't use official records for harassment/political purposes") seems to be mountains out of molehills.

Mason_Wheeler

@dfdub said in The Official GDPR Lawsuit thread:

As stated above, that part was intentionally inflammatory and OT because you're basically starting to ask us how international law enforcement works at all.

I understand just fine how international law enforcement works. I'm starting to wonder if you do, though. You mentioned extradition, afterall, which is absurd in this context. (If you want to know why, try googling "dual criminality," which applies in both the USA and the EU. Congratulations, you're one of today's lucky 10,000!)

@error_bot xkcd lucky 10,000

error_bot

xkcd said in https://xkcd.com/1053/ :

Ten Thousand

­

(via https://www.explainxkcd.com/wiki/index.php?search=lucky+10%2C000&title=Special%3ASearch&fulltext=1)

dfdub

@Mason_Wheeler
You deliberately missed what I wrote after that to make an arrogant comment. How constructive.

Zerosquare

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

@dfdub And who exactly has the FBI abducted on foreign soil over copyright violation?

Ever heard of that guy?

Kim Dotcom - Wikipedia

hungrier

@Zerosquare said in The Official GDPR Lawsuit thread:

You should open a business selling counterfeit merchandise from a server located in a country that doesn't care about such stuff. According to you, you'd make a lot of money and nobody could do anything against you, right?

You could call it something like AliExpress, DealExtreme, or Banggood, or set up an Ebay store. But that would be ridiculous and could never happen, right?

Mason_Wheeler

@Zerosquare I have. He was arrested in New Zealand where he lives. The USA attempted to have him extradited, according to mutually-recognized law and treaty, and so far appears to be succeeding, though as far as I'm aware the extradition is still tied up in appeals. This doesn't look anything at all like a kidnapping to me...

Mason_Wheeler

@dfdub said in The Official GDPR Lawsuit thread:

@Mason_Wheeler
You deliberately dismissed what I wrote after that to make an arrogant comment. because it's not valid, because of the Dual Criminality principle.

FTFY

dfdub

@Mason_Wheeler
At this point, I'm not sure what you're talking about anymore. Are you still going on about that one mention of the FBI, the reply to which I stated multiple times was deliberately off-topic? If you're just going to make snarky comments, ignore parts of my replies and avoid the actual discussion, then I'll take that as a concession that you're out of arguments.

Zerosquare

@hungrier said in The Official GDPR Lawsuit thread:

You could call it something like AliExpress, DealExtreme, or Banggood

Yeah. The only reason those companies can get away with this is because their servers are located outside the USA. It's not that they're big Chinese companies, most probably backed by the Chinese government, and bothering them too much would be a good way to start a trade war. It's totally the same thing as Mason's example.

or set up an Ebay store.

Go ahead, set up an eBay store selling, say, counterfeit Disney movies. See how long it lasts.

hungrier

@Zerosquare said in The Official GDPR Lawsuit thread:

Go ahead, set up an eBay store selling, say, counterfeit Disney movies. See how long it lasts.

Are official Disney 3D blu-rays region-free? If not, the answer is either 5 or 18 years and counting (depending on how Ebay displays "member since" date), based on a random selection from the first page of search results.

Unperverted Vixen

@hungrier said in The Official GDPR Lawsuit thread:

Are official Disney 3D blu-rays region-free?

The two that I imported from the UK are.

Zerosquare

@hungrier said in The Official GDPR Lawsuit thread:

@Zerosquare said in The Official GDPR Lawsuit thread:
Are official Disney 3D blu-rays region-free? If not, the answer is either 5 or 18 years and counting (depending on how Ebay displays "member since" date), based on a random selection from the first page of search results.

Importing and exporting lawfully acquired works outside of their intended region isn't illegal.

Zerosquare

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

@Zerosquare I have. He was arrested in New Zealand where he lives. The USA attempted to have him extradited, according to mutually-recognized law and treaty, and so far appears to be succeeding

There's no need to kidnap people when you can strongarm foreign nations into doing the job for you.
(Not that I support Kim Dotcom. He's a criminal.)

topspin

@Zerosquare criminals have rights, though. And using a SpecOps team with helicopters and machine guns to arrest a fat-ass internet criminal isn’t exactly a shining example of law enforcement.

Zerosquare

I'm not saying it is.

Mason_Wheeler

@Zerosquare said in The Official GDPR Lawsuit thread:

@Mason_Wheeler said in The Official GDPR Lawsuit thread:

@Zerosquare I have. He was arrested in New Zealand where he lives. The USA attempted to have him extradited, according to mutually-recognized law and treaty, and so far appears to be succeeding

There's no need to kidnap people when you can strongarm foreign nations into doing the job for you.
(Not that I support Kim Dotcom. He's a criminal.)

Then why did you mention him when I asked for examples of the FBI abducting people over copyright infringement?

Benjamin Hall

@levicki said in The Official GDPR Lawsuit thread:

@Benjamin-Hall Why does there have to be the harm done by tracking cookies for you to condemn their use? Isn't tracking people's habits without their consent already deplorable enough? How about the fact that somone is making additional profit of off you when you are already paying for their goods and services, and they aren't passing the buck (i.e. you don't even get a discount because they took possession of your personal data and sold it to the highest bidder)?

Sure, it could be considered theoretical violation of some abstract privacy right...but where's the beef? Why should we care? It's like someone I've never heard of saying bad things about me in the privacy of their own home. Doesn't hurt me at all. So why do we need a big intrusive government action to solve this non-problem?

topspin

@Benjamin-Hall said in The Official GDPR Lawsuit thread:

@levicki said in The Official GDPR Lawsuit thread:

@Benjamin-Hall Why does there have to be the harm done by tracking cookies for you to condemn their use? Isn't tracking people's habits without their consent already deplorable enough? How about the fact that somone is making additional profit of off you when you are already paying for their goods and services, and they aren't passing the buck (i.e. you don't even get a discount because they took possession of your personal data and sold it to the highest bidder)?

Sure, it could be considered theoretical violation of some abstract privacy right...but where's the beef? Why should we care? It's like someone I've never heard of saying bad things about me in the privacy of their own home. Doesn't hurt me at all. So why do we need a big intrusive government action to solve this non-problem?

Would you like it if the "big intrusive government" instead tracked everywhere you go?
Can you not see any problems with the potential of abuse this data has?

Benjamin Hall

@topspin said in The Official GDPR Lawsuit thread:

@Benjamin-Hall said in The Official GDPR Lawsuit thread:

@levicki said in The Official GDPR Lawsuit thread:

@Benjamin-Hall Why does there have to be the harm done by tracking cookies for you to condemn their use? Isn't tracking people's habits without their consent already deplorable enough? How about the fact that somone is making additional profit of off you when you are already paying for their goods and services, and they aren't passing the buck (i.e. you don't even get a discount because they took possession of your personal data and sold it to the highest bidder)?

Sure, it could be considered theoretical violation of some abstract privacy right...but where's the beef? Why should we care? It's like someone I've never heard of saying bad things about me in the privacy of their own home. Doesn't hurt me at all. So why do we need a big intrusive government action to solve this non-problem?

Would you like it if the "big intrusive government" instead tracked everywhere you go?
Can you not see any problems with the potential of abuse this data has?

Potential isn't actuality. And I'd be pretty sure that anyone watching me isn't getting much that's interesting or useful at all[0]. And frankly, the government already does do that...and worse. All this talk of potentials and "creepy" behavior (none of which is actualized or even all that plausible, given the absolute flood of data out there[1]) hasn't moved my position at all.

More than that, you don't have privacy rights on things you do on other people's property, at least against the owners. Not as an essential right. At most you may have a statutory right, but that's only exactly what the powers that be decree. If you don't want people to watch you, watch where you go and what you share. Not tweeting or facebooking (both entirely voluntary) removes 90% of the actually-risky stuff.

Even more than that, most of what you list is freely shared with anyone and everyone on social media. That shows that most people don't consider it all that important.

[0] out of curiosity, I looked at my google advertising profile. Even though I'm thoroughly embedded in the google ecosystem and don't really do more than casual ad-blocking, they have this enormously broad profile that would fit millions of other people, and only fits me...sort of. Kind of. Badly. Basically the only things they have right are a broad age range and a gender. Edit: and facebook (outside of the things I explicitly shared with them and they promised not to share/sell (:snort:)) doesn't have a much better idea.

[1] Yes, if you have a particular target you could dig deeper. But the only ones who have any interest in doing so are governments, and they can and do so regardless of laws or "rights". Google aggregates data, it doesn't share individual data. Same with the vast majority of others. The ones that do identify people are also engaged in things that are, were, and will continue to be illegal separately. As in real identity theft and related issues.