*According to Article 3(2), a business that targets individuals in the EU for offering goods or services (even if it’s free) or monitoring their behaviour falls under the scope of GDPR. Monitoring activities such as tracking through cookies or other technologies, behavioural advertising, geolocation, market surveys etc performed by a non-EU business can be subject to GDPR. A US business that has no establishment in the EU, but sells goods or services to consumers in the EU, will fall under the scope of GDPR in the US. Note that the law extends to any resident of the EU, irrespective of citizenship. *
Many US companies were fined, it doesn’t matter where your servers are, it matters if you target EU customers. In this case, Reddit very clearly targeted EU citizens.
IANAL and this obviously won’t happen (because it’s one of if not the stupidest way to go about it right from the get go) but still:
They can literally demand any and all European ISPs block all their traffic, they can still raise the fees and if they don’t pay accrue interest/late claims on it.
Will this change anything? Not immediately, but the moment that company does anything the courts can reach they are in a whole lot of trouble.
Anyway besides this are there really companies that are so US centric that a European court can’t (like really absolutely can’t) reach them?
Which is a GDPR violation and should be treated as such when they get caught
And what jurisdiction does the gdpr have over servers hosted in America?
We’re all still waiting for the court case that sets this precedent.
Reddit has employees and servers in Europe, including EU countries. GDPR most definitely applies.
*According to Article 3(2), a business that targets individuals in the EU for offering goods or services (even if it’s free) or monitoring their behaviour falls under the scope of GDPR. Monitoring activities such as tracking through cookies or other technologies, behavioural advertising, geolocation, market surveys etc performed by a non-EU business can be subject to GDPR. A US business that has no establishment in the EU, but sells goods or services to consumers in the EU, will fall under the scope of GDPR in the US. Note that the law extends to any resident of the EU, irrespective of citizenship. *
Source: https://www.cookieyes.com/blog/gdpr-in-the-us-a-checklist-for-compliance/
Many US companies were fined, it doesn’t matter where your servers are, it matters if you target EU customers. In this case, Reddit very clearly targeted EU citizens.
Can you cite a case where an American company with no holdings or dealings in the EU was fined successfully?
If the company has no infrastructure within the jurisdiction of the gdpr, how can they hope to enforce it?
IANAL and this obviously won’t happen (because it’s one of if not the stupidest way to go about it right from the get go) but still:
They can literally demand any and all European ISPs block all their traffic, they can still raise the fees and if they don’t pay accrue interest/late claims on it. Will this change anything? Not immediately, but the moment that company does anything the courts can reach they are in a whole lot of trouble.
Anyway besides this are there really companies that are so US centric that a European court can’t (like really absolutely can’t) reach them?
Reddit has holdings in Dublin, Ireland, where they have a large contingent of employees. thus they are required to adhere to GDPR.