Another GDPR? Electric googleoo?
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
If the salesman comes to me where I live, then the transaction indisputably occurs where I live.
If I go to the salesman's place of business, the transaction just as indisputably occurs at that place of business, not at the place where I live. Stop being disingenuous and throwing out false analogies to confuse the issue.
So… what happens when you mail order something?
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
@remi said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
Because once you start taking things that are exactly the same as doing something in the physical world and tack "but on a computer" on the end and claiming that it's now fundamentally different, all sorts of serious problems ensue.
So you agree that if a salesman comes to your door and sells you something, the jurisdiction that applies is where you live, not where the salesman lives?
If the salesman comes to me where I live, then the transaction indisputably occurs where I live.
If I go to the salesman's place of business, the transaction just as indisputably occurs at that place of business, not at the place where I live. Stop being disingenuous and throwing out false analogies to confuse the issue.
Not sure what I think about it, but what about basing it off who initiates contact? Click on an ad on the web or email from whatever store, it's kind of like a door to door salesman. User directly visits store.com, more like visiting a store. Essentially push vs pull for the interaction.
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
If the salesman comes to me where I live, then the transaction indisputably occurs where I live.
If I go to the salesman's place of business, the transaction just as indisputably occurs at that place of business, not at the place where I live. Stop being disingenuous and throwing out false analogies to confuse the issue.
Stop being disingenuous and throwing out false analogies to confuse the issue yourself. I am very seriously asking you that question but apparently you can't even conceive that someone who doesn't agree with you might not be trolling.
Why would a transaction that happens between my browser and your server be assimilated to me going to your shop, rather than you coming to my house?
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
@bobjanova said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
the arrogance of certain overreaching nations in thinking they can assert universal jurisdiction over the entire world
You're talking about the USA, right? I think you're the only country that tries that.
These days it feels like we're the only country that doesn't!
Iran and Cuba would like to have a word with you.
-
-
@dkf said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
If the salesman comes to me where I live, then the transaction indisputably occurs where I live.
If I go to the salesman's place of business, the transaction just as indisputably occurs at that place of business, not at the place where I live. Stop being disingenuous and throwing out false analogies to confuse the issue.
So… what happens when you mail order something?
It seems that if it's being shipped from a foreign country, it's happening there. Now, here in the US, the states are limited in what they can do about interstate commerce. I assume they have to abide by local laws and federal laws and the consumer has to do the same. But of course, we also say that states have to play nice in recognizing each others' laws. I don't know what happens when they contradict each other.
Unless countries have some kind of treaty, I don't think there's any "higher level" of jurisdiction mediating between the two. I guess the "oughts" of that is what we're debating here.
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
Apparently the age of consent in Japan is surprisingly low
AFAIK that's only technically true, because the states all have stricter laws than the federal government or something.
-
@dfdub said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
Apparently the age of consent in Japan is surprisingly low
AFAIK that's only technically true, because the states all have stricter laws than the federal government or something.
We have the opposite here. In Texas, age of consent is 17, so I can legally have sex with a 17 year old, but if I were to take a photograph or video of it, I'd have broken federal child pornography law. Marriage also opens some weird loopholes in many states.
-
I don't understand why sales tax isn't just split between two locations. If I'm in Pennsylvania and I buy something from Wisconsin, it would make sense to charge half the order at 6% and the other half at 5%. Or charge half of each state's rate on the entire amount, same deal.
The way they do it now just punishes people in states with a higher sales tax. Oh, you can say they want me to spend in my own state. Well, genius, if there were stores here willing to exchange goods for money, I would. But there aren't, so I have to waste resources getting stuff shipped from everywhere else.
-
@remi said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
If the salesman comes to me where I live, then the transaction indisputably occurs where I live.
If I go to the salesman's place of business, the transaction just as indisputably occurs at that place of business, not at the place where I live. Stop being disingenuous and throwing out false analogies to confuse the issue.
Stop being disingenuous and throwing out false analogies to confuse the issue yourself. I am very seriously asking you that question but apparently you can't even conceive that someone who doesn't agree with you might not be trolling.
Why would a transaction that happens between my browser and your server be assimilated to me going to your shop, rather than you coming to my house?
I assume by "assimilated" you mean "analogized"?
And the answer is, because you're the one performing an action analogous to travel. You performed some affirmative act to visit the page, whether it be clicking a link or typing a URL into the address bar. (
Yes, I'm aware that popups and redirect attacks exist. I'm only talking about legitimate business actions here, not malware and deceptions.)
-
@remi said in Another GDPR? Electric googleoo?:
Why would a transaction that happens between my browser and your server be assimilated to me going to your shop, rather than you coming to my house?
Because the payment is collected at the server, not at the client. When you go to a store, the payment is collected at the store, not at your house.
Traveling salesmen would take payments themselves, which is why the law that applied would be the law at the customer's house.
-
@Zenith said in Another GDPR? Electric googleoo?:
I don't understand why sales tax isn't just split between two locations. If I'm in Pennsylvania and I buy something from Wisconsin, it would make sense to charge half the order at 6% and the other half at 5%. Or charge half of each state's rate on the entire amount, same deal.
The way they do it now just punishes people in states with a higher sales tax. Oh, you can say they want me to spend in my own state. Well, genius, if there were stores here willing to exchange goods for money, I would. But there aren't, so I have to waste resources getting stuff shipped from everywhere else.
Who gets the money? PA wants 100% of the total. WI wants 100% of the total. Who's entitled to it?
-
@Zenith said in Another GDPR? Electric googleoo?:
I don't understand why sales tax isn't just split between two locations. If I'm in Pennsylvania and I buy something from Wisconsin, it would make sense to charge half the order at 6% and the other half at 5%. Or charge half of each state's rate on the entire amount, same deal.
Congress. Plus vendors have traditionally been vehemently opposed to it, which feeds back into why Congress has never done that.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
@Zenith said in Another GDPR? Electric googleoo?:
I don't understand why sales tax isn't just split between two locations. If I'm in Pennsylvania and I buy something from Wisconsin, it would make sense to charge half the order at 6% and the other half at 5%. Or charge half of each state's rate on the entire amount, same deal.
The way they do it now just punishes people in states with a higher sales tax. Oh, you can say they want me to spend in my own state. Well, genius, if there were stores here willing to exchange goods for money, I would. But there aren't, so I have to waste resources getting stuff shipped from everywhere else.
Who gets the money? PA wants 100% of the total. WI wants 100% of the total. Who's entitled to it?
They split it? I spend $100. PA gets $3.00 and WI gets $2.50. The states make it sound like it's Solomon proposing to cut a baby in half.
-
@Zenith said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
@Zenith said in Another GDPR? Electric googleoo?:
I don't understand why sales tax isn't just split between two locations. If I'm in Pennsylvania and I buy something from Wisconsin, it would make sense to charge half the order at 6% and the other half at 5%. Or charge half of each state's rate on the entire amount, same deal.
The way they do it now just punishes people in states with a higher sales tax. Oh, you can say they want me to spend in my own state. Well, genius, if there were stores here willing to exchange goods for money, I would. But there aren't, so I have to waste resources getting stuff shipped from everywhere else.
Who gets the money? PA wants 100% of the total. WI wants 100% of the total. Who's entitled to it?
They split it? I spend $100. PA gets $3.00 and WI gets $2.50. The states make it sound like it's Solomon proposing to cut a baby in half.
But PA needs all $6 dollars, and WI needs all $5.
It will take about 10 minutes before both states double their sales tax rates.
-
@boomzilla said in Another GDPR? Electric googleoo?:
Unless countries have some kind of treaty, I don't think there's any "higher level" of jurisdiction mediating between the two. I guess the "oughts" of that is what we're debating here.
This is what I'd expect too.
However, in the case of Facebook they've been actively soliciting for business in the EU and have quite a business presence there (to the point where it represents a fair old chunk of their revenue). They didn't have to do that, they volunteered, but doing so makes for a reasonable expectation that, for the business so solicited, they would follow the laws of the place that they did the soliciting within. Yes, this might cause them some business problems, but they largely brought them on themselves: what they most definitely don't get is any sort of right to pick laws à la carte.
Right now, the main options seem to be:
- Pull out
- Comply
- Bleat and bluster about it (an approach that historically hasn't worked at all well with EU institutions, especially with non-EU complainants).
Zuck's gone for… option #3.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
But PA needs all $6 dollars, and WI needs all $5.
It will take about 10 minutes before both states double their sales tax rates.
And kill e-commerce. Better hurry because marketplaces and shippers have a huge lead on them.
This isn't in the trolleybus or lounge yet so I can't say what I'm really thinking about their needfulness.
Edit: I do see where you're going though. It's a similar situation with marketplaces and shippers. They're trying to grab so much money/control that it's unprofitable to sell online. Yet, somehow, the entire house of cards hasn't collapsed so far.
-
@Zenith said in Another GDPR? Electric googleoo?:
And kill e-commerce.
“Why are things dying when I keep on stabbing them in the heart?”
-
@Zenith said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
But PA needs all $6 dollars, and WI needs all $5.
It will take about 10 minutes before both states double their sales tax rates.
And kill e-commerce. Better hurry because marketplaces and shippers have a huge lead on them.
This isn't in the trolleybus or lounge yet so I can't say what I'm really thinking about their needfulness.
I hope you're not the one who downvoted me, because I kind of have been giving my opinion on how needful they are.
-
@GuyWhoKilledBear No, I just upvoted you back to zero to prove it. I can read sarcasm when you italicize it :P
-
@dkf said in Another GDPR? Electric googleoo?:
However, in the case of Facebook they've been actively soliciting for business in the EU and have quite a business presence there
Agreed. Their situation is not two parties conducting business from separate jurisdictions.
-
@boomzilla said in Another GDPR? Electric googleoo?:
@Zenith said in Another GDPR? Electric googleoo?:
I don't understand why sales tax isn't just split between two locations. If I'm in Pennsylvania and I buy something from Wisconsin, it would make sense to charge half the order at 6% and the other half at 5%. Or charge half of each state's rate on the entire amount, same deal.
Congress. Plus vendors have traditionally been vehemently opposed to it, which feeds back into why Congress has never done that.
Likely because it would be painful to code and debug.
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
And the answer is, because you're the one performing an action analogous to travel. You performed some affirmative act to visit the page, whether it be clicking a link or typing a URL into the address bar.
And what if I booked a visit for a travelling salesman to come to my house (yes, that's a thing... or maybe "was"...)? That's actually closer to what happens on the web, I don't "visit the a page", I send a request to get a page sent to me. The actual page I see is the one that was sent to me, and I have no way to know whether it is in any way different from the page another customer would get, in the same way as I have no way to know whether a salesman coming to my house would make the same offer to another customer (as opposed to going to a physical shop where I can see other people performing the same transaction around me).
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
Because the payment is collected at the server, not at the client. When you go to a store, the payment is collected at the store, not at your house.
Traveling salesmen would take payments themselves, which is why the law that applied would be the law at the customer's house.Now that's a better argument. But still doesn't really hold: what if I pay the salesman by check, or even just sign an order form? He's not getting any money the moment I sign the order.
So now you might argue that the signing of the contract takes place in my home, and that, I think, is a much stronger argument (the paiement might happen at any time, related or not to the signing, the fulfilment of the contract by the seller, any point in between, or after... basically it's not really relevant!).
Which now comes to that question, when you click on the "submit order" button on a web page, and at some point in time (which may or may not be the same as clicking...) the sales agreement becomes binding on both parties, where does that act happen? And frankly, we're back to my original question, why would you say that's in the seller's server rather than in the buyer's browser, or in both? My browser is registering my agreement, at my location, at the moment I click, while your server processing the resulting HTTP request registers your agreement, at your location. I get a confirmation message on my browser (sent by your server) and you get a record in your database (out of the HTTP request I sent you), so there is a constant back-and-forth between the two locations and I still don't see why one party would have obviously precedence on the other.
Someone mentioned mail order and if that ever happened internationally (on a wide-enough scale for there to be some jurisprudence about it...), that would actually be the comparison I would use, not a physical store or travelling salesman, none of which fit (I only took it up to show how @Mason_Wheeler was twisting things by pretending that there was obviously no other way it could work).
-
What if my ecommerce site and database are distributed across hundreds of cloud servers in various countries?
-
@remi said in Another GDPR? Electric googleoo?:
Which now comes to that question, when you click on the "submit order" button on a web page, and at some point in time (which may or may not be the same as clicking...) the sales agreement becomes binding on both parties, where does that act happen? And frankly, we're back to my original question, why would you say that's in the seller's server rather than in the buyer's browser, or in both?
I'm willing to bet that in your jurisdiction, a sales contract needs to be agreed to by both the buyer and seller, and only becomes binding once the second party signs the contract.
For all kinds of reasons, the buyer is usually the first one to sign the sale contract for a retail sale. Online stores in particular require the buyer to present a nearly-complete sales contract (that lacks only the seller's approval) in order for them to approve the sale.
The buyer sends the nearly-complete sales contract to the seller's server, where the contract is usually signed by the seller and becomes official.
The seller can pull out after the contract is sent but before they approve it (like is done in cases where the seller is out of stock of the product or when the sales contract presented by the buyer is deficient in some way.)
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
I'm willing to bet that in your jurisdiction, a sales contract needs to be agreed to by both the buyer and seller, and only becomes binding once the second party signs the contract.
For all kinds of reasons, the buyer is usually the first one to sign the sale contract for a retail sale. Online stores in particular require the buyer to present a nearly-complete sales contract (that lacks only the seller's approval) in order for them to approve the sale.
The buyer sends the nearly-complete sales contract to the seller's server, where the contract is usually signed by the seller and becomes official.
The seller can pull out after the contract is sent but before they approve it (like is done in cases where the seller is out of stock of the product or when the sales contract presented by the buyer is deficient in some way.)Hm. So if I tamper with the hidden price field on vendor's poorly built website, I'm not committing a crime, just amending a proposed contract, and it's the seller's fault for accepting my amended contract?
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
I'm willing to bet that in your jurisdiction, a sales contract needs to be agreed to by both the buyer and seller, and only becomes binding once the second party signs the contract.
Yes, but that doesn't mean that the last signing decides on the jurisdiction -- otherwise the second party could just take the contract signed by the first one, cross the border and sign it, and come back to give it, and the first party would suddenly find out that they'd agreed on something very different. I'm sure you agree (!) that this is wrong...
In fact, the applicable jurisdiction is likely very much something that has to be fixed before any party can give their agreement, as it is probably part of the agreement itself (for international contracts between e.g. large companies, it's normally specified in the contract itself, and may be different from any of the locations where the contract will be actually executed!). And since the agreement normally includes the official physical address of both parties, it's likely that the second party can sign anywhere they want in the world, what matters (in the absence of a specifically set out location) is those official addresses.
Now that still doesn't tell us which location applies when no jurisdiction is explicitly set out in the contract, and both parties don't reside in the same jurisdiction. But my point is that there is no simple or obvious answer to that question.
-
@error said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
I'm willing to bet that in your jurisdiction, a sales contract needs to be agreed to by both the buyer and seller, and only becomes binding once the second party signs the contract.
For all kinds of reasons, the buyer is usually the first one to sign the sale contract for a retail sale. Online stores in particular require the buyer to present a nearly-complete sales contract (that lacks only the seller's approval) in order for them to approve the sale.
The buyer sends the nearly-complete sales contract to the seller's server, where the contract is usually signed by the seller and becomes official.
The seller can pull out after the contract is sent but before they approve it (like is done in cases where the seller is out of stock of the product or when the sales contract presented by the buyer is deficient in some way.)Hm. So if I tamper with the hidden price field on vendor's poorly built website, I'm not committing a crime, just amending a proposed contract, and it's the seller's fault for accepting my amended contract?
If you trick them by misrepresenting your contract, you have committed fraud, which is a crime in reasonable jurisdictions.
If you try to trick them, but fail (because they catch that your contract is deficient), you have committed attempted fraud, which is probably a crime in some jurisdictions but not others.
-
@error See the Russian guy who did that and got a credit card, and yes, it was ruled that it was OK since the bank agreed (posted
, maybe in the TIL or Other news?).
-
@GuyWhoKilledBear I'm not misrepresenting it. I'm changing it materially. It's not my fault they don't read the contract I present them. If they haven't signed it yet, it should be my right to make changes.
-
@error said in Another GDPR? Electric googleoo?:
What if my ecommerce site and database are distributed across hundreds of cloud servers in various countries?
Then you're running the type of site I am specifically not referring to here.
-
@remi said in Another GDPR? Electric googleoo?:
In fact, the applicable jurisdiction is likely very much something that has to be fixed before any party can give their agreement, as it is probably part of the agreement itself (for international contracts between e.g. large companies, it's normally specified in the contract itself, and may be different from any of the locations where the contract will be actually executed!).
And every online company worth their salt has exactly such a clause in their Terms of Service, stating that the applicable jurisdiction in case of any dispute is the laws of the location where the company is located.
-
@remi said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
I'm willing to bet that in your jurisdiction, a sales contract needs to be agreed to by both the buyer and seller, and only becomes binding once the second party signs the contract.
Yes, but that doesn't mean that the last signing decides on the jurisdiction -- otherwise the second party could just take the contract signed by the first one, cross the border and sign it, and come back to give it, and the first party would suddenly find out that they'd agreed on something very different. I'm sure you agree (!) that this is wrong...
In fact, the applicable jurisdiction is likely very much something that has to be fixed before any party can give their agreement, as it is probably part of the agreement itself (for international contracts between e.g. large companies, it's normally specified in the contract itself, and may be different from any of the locations where the contract will be actually executed!). And since the agreement normally includes the official physical address of both parties, it's likely that the second party can sign anywhere they want in the world, what matters (in the absence of a specifically set out location) is those official addresses.
Now that still doesn't tell us which location applies when no jurisdiction is explicitly set out in the contract, and both parties don't reside in the same jurisdiction. But my point is that there is no simple or obvious answer to that question.
-
Remember the context. You asked when and where the contract becomes binding on both parties. The answer is "when (and where) the second party executes it." That physical location is the only physical location that makes sense to use as the place of sale.
-
Both parties need to agree to EXACTLY THE SAME contract in order for it to be binding. If the buyer and seller are negotiating, and one party submits a signed contract to the other, the second party is still allowed to modify it, but those modifications aren't binding on the first party until the first party signs off on them.
-
Sales contracts from online sellers normally DO come with a clause that specifies the jurisdiction under which the sale occurs, even for B2C retail sales. That's not what we're talking about. We're talking about which jurisdictions are allowed to impose their own regulations on both the buyer and the seller that neither party necessarily wants.
-
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
By the principle of dual criminality, if it's illegal in the US but not in your jurisdiction, they can't extradite you.
The US requests extradition in exactly those circumstances - https://en.wikipedia.org/wiki/Gary_McKinnon had never been to the US and what he did was not illegal in the UK. Fortunately he was eventually not extradited, but that doesn't mean the US didn't try to apply its laws abroad.
If I have my company located in the US, and all of my servers located in the US, with no assets whatsoever in the EU, and the EU tries to tell me I have to play by their rules
But that isn't what it's about. It isn't telling you you have to play by EU rules. It's saying, if you don't, you can't offer services or goods in the EU market. Which, if you have no presence there, you shouldn't care about.
-
@Mason_Wheeler Congratulations, you've finally reached the real argument that holds as to why it should be the server's location that matters. If only you'd started with that one from the start, rather going on wrong analogies about physical shops.
From that point the discussion shifts to a different one, i.e. consumers rights and whether the two parties are equal, but at least we're back into reality.
-
@bobjanova said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
By the principle of dual criminality, if it's illegal in the US but not in your jurisdiction, they can't extradite you.
The US requests extradition in exactly those circumstances - https://en.wikipedia.org/wiki/Gary_McKinnon had never been to the US and what he did was not illegal in the UK. Fortunately he was eventually not extradited, but that doesn't mean the US didn't try to apply its laws abroad.
So... the guy did something that did not meet the dual criminality standard, and he didn't get extradited. My point exactly.
If I have my company located in the US, and all of my servers located in the US, with no assets whatsoever in the EU, and the EU tries to tell me I have to play by their rules
But that isn't what it's about. It isn't telling you you have to play by EU rules. It's saying, if you don't, you can't offer services or goods in the EU market. Which, if you have no presence there, you shouldn't care about.
There is no such thing as "offering services on a local market" on the World Wide Web. That's why it's called the World Wide Web, for heaven's sake! By default, by the nature of the Internet, establishing a website invites anyone in the world to visit your establishment, and if they choose to do so, why is where they live your fault?
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
- Remember the context. You asked when and where the contract becomes binding on both parties. The answer is "when (and where) the second party executes it." That physical location is the only physical location that makes sense to use as the place of sale.
Maybe. I'm not entirely convinced. But remember also that this matter of where the contract is when it becomes final only came up as a way to determine a location that would fix the jurisdiction. But if that location is entirely up to the last party to sign, then that party could impose any jurisdiction that they'd like, without the knowledge of the first party to sign. Ergo, the location where that second agreement happens doesn't matter.
(i.e., I didn't really think through my previous post and it turns out that this question of physical location of any of the party matters even less than I initially thought)
- Both parties need to agree to EXACTLY THE SAME contract in order for it to be binding. If the buyer and seller are negotiating, and one party submits a signed contract to the other, the second party is still allowed to modify it, but those modifications aren't binding on the first party until the first party signs off on them.
Absolutely. And the jurisdiction under which the contract must be resolved is a very strong part of the contract, so definitely when the first party to sign does so, they must know it unambiguously. So this rules out once more the actual location of where the second party is as defining the jurisdiction.
If anything, this goes in favour of picking the location of the first party (i.e. the buyer clicking on the "order now" button) as this is the only location that can be unambiguously fixed (in the absence of a specific jurisdiction being explicitly set out in the contract) by the first party that is signing at that instant (the other party needs to know that location when they sign, later, but they know that by the address on the first party's agreement).
(the contract could specify that the address of the second party, as set out in the contract signed by the first party, decides the location and jurisdiction, but that's equivalent to explicitly setting out the jurisdiction (just using a slightly more contorted way))
- Sales contracts from online sellers normally DO come with a clause that specifies the jurisdiction under which the sale occurs, even for B2C retail sales. That's not what we're talking about. We're talking about which jurisdictions are allowed to impose their own regulations on both the buyer and the seller that neither party necessarily wants.
I would argue that if you admit that a jurisdiction can impose regulations that neither parties want, then the whole discussion is meaningless. Almost by definition, when taken in isolation my jurisdiction applies to me and yours to you. If either of those says that when we do a transaction, that jurisdiction applies to our transaction, then it applies. But that's just tautologies, at this point. The whole discussion was trying to find out which jurisdiction should "naturally" apply.
-
@remi said in Another GDPR? Electric googleoo?:
The whole discussion was trying to find out which jurisdiction should "naturally" apply.
I don't know the numbers, but the higher the number of online terms of service include an agreed jurisdiction the less "naturally applies" matters. But it's still an interesting thing to discuss.
-
@mikehurley You know, that's actually kind of what I'm arguing from the start. Some people think that naturally the seller's location applies, and I showed that similar arguments can be made to show that the buyer's location should apply.
The only conclusion is that there is no "natural" jurisdiction (which isn't really a surprise... welcome to international relationships!), and that it's all down to countries jostling to get more for them (again, welcome to international relationships). But at least let's be honest about it.
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
So... the guy did something that did not meet the dual criminality standard, and he didn't get extradited
You don't know this case, and couldn't be bothered to visit Wikipedia, apparently. A US court indicted him - claiming jurisdiction over the case - and he was only not extradited after several years of legal process and on a medical technicality, not because the US accepted that its laws don't apply outside the US.
By default, by the nature of the Internet, establishing a website invites anyone in the world to visit your establishment
I rather prefer the analogy used earlier - I'm not visiting your establishment, I'm writing to you requesting that you make me an offer. The content that is actually delivered to me - and is read by me in my house, in my browser, in my jurisdiction - may come from your country, but it's being read in mine and any actions I take are in mine. That's particularly true given that the content delivered to users in different countries may be different (e.g. Youtube copyright blocks by country). Any data you may collect about me through me typing into my browser is subject to data protection law (i.e. GDPR) - although how you handle it is based on the location of your cloud hosting, for it to be legal to take it in the first place your jurisdiction needs to be one it's legal to export my data to.
It's pretty strange to suggest that while I sit in my house in the UK I am somehow travelling between jurisdictions every time I click.
There is no such thing as "offering services on a local market" on the World Wide Web
The reductio ad absurdam of that is that there is no law at all that can be applied to Internet services. But this isn't true, countries can choose to block content and so there is a local market - it's just so far it's been completely permissive in western countries, and some companies have taken the piss with that.
-
@remi said in Another GDPR? Electric googleoo?:
But if that location is entirely up to the last party to sign, then that party could impose any jurisdiction that they'd like, without the knowledge of the first party to sign.
Huh? The second party can't change the contract after the first party signs it and have it binding on the second party. Both parties need to agree to exactly the same contract.
@remi said in Another GDPR? Electric googleoo?:
I would argue that if you admit that a jurisdiction can impose regulations that neither parties want, then the whole discussion is meaningless.
How do sales taxes work?
More relevantly, imagine Facebook made the rule that says "Our service is only available with US-style privacy regulations, even in Europe. The GDPR does not apply to European customers of our website."
Some Europeans would probably stop using Facebook. Others would probably make that compromise and keep using it.
The GDPR is being imposed by a third party (the EU government) on both the buyer and seller in that transaction.
-
@remi said in Another GDPR? Electric googleoo?:
I would argue that if you admit that a jurisdiction can impose regulations that neither parties want, then the whole discussion is meaningless. Almost by definition, when taken in isolation my jurisdiction applies to me and yours to you. If either of those says that when we do a transaction, that jurisdiction applies to our transaction, then it applies. But that's just tautologies, at this point. The whole discussion was trying to find out which jurisdiction should "naturally" apply.
The argument used by the seller is that a website is merely an extension of the storefront and the seller is "travelling" to that store front. So the jurisdiction is located at the storefront. This has been largely upheld by courts. The only major change that has occurred in recent years (thought I will admit I no longer follow as closely as my parents no longer have their own company) was that the "store front" can correspond to any physical entity that the seller owns. The specific case involved Amazon and their Warehouses, where their warehouses are considered "store fronts" and they are required to use that location as the selling location if the buyer is located in that location. (i.e. I am in colorado, they have to use colorado as the jurisdiction if they have a warehouse here.)
-
@remi said in Another GDPR? Electric googleoo?:
@mikehurley You know, that's actually kind of what I'm arguing from the start. Some people think that naturally the seller's location applies, and I showed that similar arguments can be made to show that the buyer's location should apply.
Yeah, for mail / phone / online ordering in the US the jurisdiction is based on the buyer / shipping location. So if they don't have operations in your state then you don't pay state sales tax. If they do then you pay your state's tax. For instance, Amazon has operations pretty much everywhere so local (state, at least, there can also be county / local in effect, but I don't think you pay that) sales tax applies.
-
@bobjanova said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
So... the guy did something that did not meet the dual criminality standard, and he didn't get extradited
You don't know this case, and couldn't be bothered to visit Wikipedia, apparently. A US court indicted him - claiming jurisdiction over the case - and he was only not extradited after several years of legal process and on a medical technicality, not because the US accepted that its laws don't apply outside the US.
So... the guy did something that did not meet the dual criminality standard, and he didn't get extradited.
By default, by the nature of the Internet, establishing a website invites anyone in the world to visit your establishment
I rather prefer the analogy used earlier - I'm not visiting your establishment, I'm writing to you requesting that you make me an offer. The content that is actually delivered to me - and is read by me in my house, in my browser, in my jurisdiction - may come from your country, but it's being read in mine and any actions I take are in mine.
That's a massive misrepresentation of what's going on, and even if it were true, it's still a terrible model because of the precedent it sets. Once you admit the validity of universal jurisdiction, you're not only admitting it for the jurisdictions you personally like.
That's particularly true given that the content delivered to users in different countries may be different (e.g. Youtube copyright blocks by country).
Once again, I am specifically not talking about multinational companies that choose to establish places of business in the EU.
Any data you may collect about me through me typing into my browser is subject to data protection law (i.e. GDPR)
Question-begging at its finest.
It's pretty strange to suggest that while I sit in my house in the UK I am somehow travelling between jurisdictions every time I click.
There's nothing strange at all about that. That's literally the nature of the Internet. It's so obvious that it's been the standard terminology for decades now. How often have you heard some ad on TV or the radio inviting you to "visit our website"?
There is no such thing as "offering services on a local market" on the World Wide Web
The reductio ad absurdam of that is that there is no law at all that can be applied to Internet services.
Reductio ad absurdum means proof by contradiction, not "reduce an argument to an absurd strawman so as to not have to deal with the real argument."
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
@remi said in Another GDPR? Electric googleoo?:
But if that location is entirely up to the last party to sign, then that party could impose any jurisdiction that they'd like, without the knowledge of the first party to sign.
Huh? The second party can't change the contract after the first party signs it and have it binding on the second party. Both parties need to agree to exactly the same contract.
Yes, exactly, which is why the if above can't be right. Go back and read again, that's what I said already.
I would argue that if you admit that a jurisdiction can impose regulations that neither parties want, then the whole discussion is meaningless.
How do sales taxes work?
How does that matter regarding where does a transaction "naturally" happen?
You seem to confuse two things: you are arguing as to what law does actually apply (or not). I am arguing as to, in the absence of any specific law, which law "should" apply (i.e. by trying to use analogies -- or rather, by showing that someone's else analogy trying to do that was incorrect). Scroll back to where it started (for me at least).
-
This post is deleted!
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
@error said in Another GDPR? Electric googleoo?:
What if my ecommerce site and database are distributed across hundreds of cloud servers in various countries?
Then you're running the type of site I am specifically not referring to here.
You don't need to be a multinational business to use distributed cloud hosting (though it's probably a poor investment).
-
@remi said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
@remi said in Another GDPR? Electric googleoo?:
But if that location is entirely up to the last party to sign, then that party could impose any jurisdiction that they'd like, without the knowledge of the first party to sign.
Huh? The second party can't change the contract after the first party signs it and have it binding on the second party. Both parties need to agree to exactly the same contract.
Yes, exactly, which is why the if above can't be right. Go back and read again, that's what I said already.
How does the second party change the jurisdiction after the first party has signed? Assume that the second party decides to change the jurisdiction while the first party is signing and present the new party with a new contract with a corrected jurisdiction.
How mechanically could they change the jurisdiction?
I would argue that if you admit that a jurisdiction can impose regulations that neither parties want, then the whole discussion is meaningless.
How do sales taxes work?
How does that matter regarding where does a transaction "naturally" happen?
Because the location that the transaction happens in should be the one that gets to charge sales tax, a fee charged to the buyer that neither they not the seller want.
More broadly, ALL government regulations are restrictions on contracts that disallow you from including certain provisions in certain situations.
The GDPR is a set of regulations that prevent companies and would-be customers from entering into contracts that include data-gathering provisions that the EU has outlawed.
-
@Zenith said in Another GDPR? Electric googleoo?:
I don't understand why sales tax isn't just split between two locations. If I'm in Pennsylvania and I buy something from Wisconsin, it would make sense to charge half the order at 6% and the other half at 5%. Or charge half of each state's rate on the entire amount, same deal.
The bureaucracy of that could get quite difficult. The shop’s side is fairly easy, because you can expect shops to do proper bookkeeping — so all the Wisconsin government has to do, is ask the shop to declare for how much it sold things to people in other states, and hand over the relevant amount of tax.
At the same time, Pennsylvania would have to ask individual people for how much they bought in other states. One way would be to track down those customers, which is going to be difficult because the only realistic way involves each state requesting the records of all shops and then forwarding the relevant names and addresses to each other state involved. The other way would be asking everyone in the state for proof of purchase of everything they bought in other states over the past fiscal year or something, which they have every incentive to destroy all evidence of.
-
@Gurth Why would they involve individuals at all? The shop collects the entire amount and routes parts of it to different states. See below:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
@boomzilla said in Another GDPR? Electric googleoo?:
@Zenith said in Another GDPR? Electric googleoo?:
I don't understand why sales tax isn't just split between two locations. If I'm in Pennsylvania and I buy something from Wisconsin, it would make sense to charge half the order at 6% and the other half at 5%. Or charge half of each state's rate on the entire amount, same deal.
Congress. Plus vendors have traditionally been vehemently opposed to it, which feeds back into why Congress has never done that.
Likely because it would be painful to code and debug.
decimal Tax1 = 0.00; decimal Tax2 = 0.00; foreach (item Temporary in Cart.Items) { if (IsTaxable(Temporary.Type, Customer.State) == true) { Tax1 += Temporary.Price * Temporary.Count * GetTaxRate(Temporary.Type, Customer.State) * 0.5; } if (IsTaxable(Temporary.Type, Store.State) == true) { Tax2 += Temporary.Price * Temporary.Count * GetTaxRate(Temporary.Type, Store.State) * 0.5; } } if (IsTaxable("shipping", Customer.State) == true) { Tax1 += Cart.Shipping * GetTaxRate("shipping", Customer.State) * 0.5; } if (IsTaxable("shipping", Store.State) == true) { Tax2 += Cart.Shipping * GetTaxRate("shipping", Store.State) * 0.5; } RunCreditCard(Cart.Cost + Cart.Shipping + Tax1 + Tax2); TransferToTaxHoldingAccount(Customer.State, Tax1); TransferToTaxHoldingAccount(Store.State, Tax2);
