You should also know that hosting a service in the US without explicitly denying service to Europeans, and not abiding by the GDPR makes you liable to criminal prosecution in the US. US federal law has a version of GDPR that does not protect US citizens, just EU ones.
Where can we read more about this?
It’s very dry and boring legalese, but look up the EU-US Data Privacy Framework.
TL;DR: Biden signed a law last year letting EU courts enforce GDPR fines in US courts. It never happens because companies are not stupid and defend themselves in the EU courts.
It’s a recent edition of a string of increasingly privacy-favouring legislation attempts by the US to placate the EU about the rights of its citizens being respected abroad. The gist of it is that it is a US federal law signed into force by Biden last year, which makes it so that EU citizens have legal standing in US courts to enforce EU GDPR court decisions. There is not a lot of precedent yet, but that’s part of the point.
It precludes companies from using the loophole of not having any EU presence to evade fines and rules. Companies can and almost always exempt themselves from this by having an EU entity and subjecting themselves to GDPR directly, since if they get you through this, the EU court will already have tried and found against you, and the US federal court has little room to get you off the hook, because if they do, they risk Big Tech bottom lines by endangering EU-US data transfers.
I’m sorry, but I think you’re mistaken. May I ask where you got this information?
As I understand it, the DPF is merely an executive order and not a federal law, so it’s very limited in what it can do. It doesn’t create the ability to enforce fines through US courts because breaking the GDPR is still perfectly legal under US law.
This loophole is still used unfortunately. For example, Clearview AI was fined by various data protection authorities, but their fines cannot be enforced so the company just never paid up.l
Europe is also leading the world in terms of progressive AI laws, something we’re not likely to see in any meaningful way for some time here in the US.
yepp, but I’ve seen criticism about these laws holding back AI companies’ development. In that they can’t just steal a tonne of data and get away with it
Yeah, that’s always the argument on the part of corpos: “This regulation is killing our profits, waaa waaa waaa.”
Colorado has a similar AI law
Except Lemmy. I wish luck to anyone trying to get rid of their comments when they could have been federated to any number of known and unknown servers throughout pretty much any country in the world. The legal nightmares to get it enforced basically make it a non-starter.
The right to be forgotten is a separate thing from GDPR. GDPR lets the EU go after criminals illegally using private data, like Facebook.
Edit: This is wrong. The right to be forgotten appears in Recitals 65 and 66 and in Article 17 of the GDPR.
Everything about this comment is wrong. Sincerely, Your next door former DPO
You are right. I should not comment on stuff after driving for a day straight. Thanks for correcting the record.
Thanks for sharing these lists. There’s several I hadn’t heard of before
I can recommend Filen.io to replace google drive or onedrive. It’s a german company.
Very first thing on the list - support local businesses
Aye they need the support because the taxes are fucking crippling for small business 😅
But at least the taxes aren’t quite so much being funnelled into “turning Palestinian toddlers into skeletons”