GDPR outside Europe, was Whois vs GDPR, latest news

John Levine johnl at iecc.com
Thu May 24 22:30:14 UTC 2018


In article <0BB31BBB-388D-4832-85DD-30C01C187BA1 at jeffmurphy.org> you write:
>There’s speculation that enforcement could occur via the FTC Privacy Shield program. 

Privacy Shield is entirely optional. Joining it requires a lot of
paperwork and a substantial administrative fee.  If you don't do all
that, it doesn't apply to you.  Please see my previous comment about
people who think they understand the GDPR vs. people who actually do.

https://www.privacyshield.gov/welcome

Also, Privacy Shield is a retread of the Safe Harbour deal which EU
courts invalidated in 2015.  Max Schrems, the guy who filed the case
against Safe Harbour, has filed a similar suit against Privacy Shield,
with Facebook as the defendant.  I wouldn't bet a lot on Privacy
Shield lasting any better than Safe Harbour did.

https://techcrunch.com/2018/04/13/privacy-shield-now-facing-questions-via-legal-challenge-to-facebook-data-flows/

R's,
John

PS: For anyone who came into the middle of this argument, my point is
that if you have no EU nexus, the realistic chances of the EU taking
action against you round to zero.  If you do have EU nexus, you better
behave.



More information about the NANOG mailing list