----- On May 12, 2020, at 4:51 AM, Töma Gavrichenkov <ximaera@gmail.com> wrote:
Peace,
Peace,
On Tue, May 12, 2020 at 1:29 PM Arash Naderpour
<arash.naderpour@gmail.com> wrote:
EU laws are for EU
Perhaps sadly for some, but this is not how it works. EU laws protect
EU citizens wherever they are, or the EU citizens' personal and
sensitive data wherever it is accessed, processed, or stored.
Perhaps sadly for some, but this is not how it works.
First of all, there is the requirement for the non-EU company to intentionally provide goods or services to the EU. That can be found in article 3(2)a.
This means that, per EU rules, the GDPR will not apply to the mom&pop ice cream shop in San Francisco that takes online orders from a EU citizen that happens to be visiting the U.S. The GDPR only affects companies (in or outside the EU) that market to EU citizens or territories.
Second, and most important, for a law to protect it must be enforceable. For a law to be enforceable, a court must be able to issue a judgement, and that judgement must be executable.
EU judgements based on the GDPR are not necessarily enforceable outside the EU, at least not in the U.S. Treaties must be in place, and a good example is the Hague Convention on Foreign Judgments in Civil and Commercial Matters.
In the U.S., foreign judgements are enforceable if they comply with the Uniform Foreign Money Judgments Recognition Act. This law specifies that a judgement may not be recognized if the foreign court did not have "personal jurisdiction" on the U.S. entity. If that entity
does not have a physical presence in the EU, establishing the foreign court’s personal jurisdiction will be very difficult if not impossible.
But, for folks that did not go to law school, here is a simpler explanation:
https://www.youtube.com/watch?v=CD2FlW79PfU :-)
Thanks,
Sabri