Two quick points here:

The money collected by Data Protection Agency fines aren’t for the ones claiming, but for the respective governments.
If the abuse country don’t have an agreement with the EU to collect that fine, the EU can seize it later on, at any time, when there is a payment from the EU to that company or person, depending on the case.
Meanwhile, this company, which has been fined, will not be able to continue business with EU companies.

So even if procmail saves time, I feel more responsible, as citizen, to make sure that the law that protects me, is called upon when/if it comes the time for it.

Further to that, at least in Spain, I guess is the same in other countries, if you receive spam or any other abuse towards your network, you have law recognized compensation for the damages. Of course this is not millions of euros, even not a few thousands, however a collective claim against a spammer, which my turn the cost for the spammer in something really bad for his/her pocket.

Last, but not least, a quick google search shows that there is an agreement for GDPR related issues among the EU and Israel, and Israel has adapted to their equivalent law, which is understandable, because there is a lot of business among those region.

Regards,

Jordi

@jordipalet

El 12/5/20 21:49, "anti-abuse-wg en nombre de Sabri Berisha" <anti-abuse-wg-bounces@ripe.net en nombre de sabri@cluecentral.net> escribió:

----- On May 12, 2020, at 12:32 PM, Töma Gavrichenkov <ximaera@gmail.com> wrote:

On Tue, May 12, 2020, 10:13 PM Sabri
First of all, there is the requirement for the non-EU company to intentionally provide goods or services to the EU. That can be found in article 3(2)a.

Well, virtually that's exactly our case: an employee of an Israeli company promotes their services (in multiple local EU languages such as Czech language) through an intentional mailing.

Yes, you are absolutely correct in that.

Second, and most important, for a law to protect it must be enforceable. For a law to be enforceable, a court must be able to issue a judgement, and that judgement must be executable.

Still fine: AFAIK Israeli companies with a remote offering directed to the EU citizens are subject to extraterritorial reaches. At least, I've seen some of those working in GDPR compliance. What do I miss here?

This is the part where I disagree. According to EU law, they are subject to what's called "universal jurisdiction", but unless there are treaties in place, or the local Israeli courts are willing to recognize foreign judgements, that EU law is nothing but a useless piece of paper. The EU cannot enforce their laws in a different country without the local courts granting jurisdiction. And that, in turn, means that EU laws cannot be applied to those outside of its reach.

It would be different if said entity (whether that's a person or business) had any assets in the EU. In that case they could be seized upon a monetary judgement. Which is the case with Google, Facebook etc.

In more simpler terms: EU courts can award you 100 million euros, but without a way to collect it you're still poor.

Hence my recommendation to just plonk the guy into oblivion instead of pursuing a theoretical and practically impossible avenue (GDPR enforcement).

Just procmail the guy's emails, and vote for the other candidates. Saves you a lot of headaches :)

Thanks,

Sabri