Results 1 to 9 of 9
  1. #1
    Join Date
    Mar 2018
    Posts
    4

    Question What is the Effect of the E.U.'s General Data Protection Regulation on U.S. Forums

    Hello. I am sorry for asking questions on this topic before contributing to the forum first. But I was wondering if the GPDR (General Data Protection Regulation) has any effect on a US-based forum located in California. The forum has members from all around the world thus including members located in the EU. I have read the territorial scope of the GDPR but I couldn't quite make out whether such a forum falls under this regulation or not.

    The reason why this concerns me is that IF is falls under the GDPR, users can request information to be deleted from the forum. This will create big holes in conversations and threads which will render them useless. I would like to preserve all information because the majority of users often look back at older threads because they hold valuable information or give them ideas for their own work.

    I believe that according to the GDPR's territorial scope (article 3.2a), any US-based forum falls under the regulation because a forum offers the service of providing information and letting members share their content.

    Quote Quoting Art. 3 GDPR: Territorial scope
    (1) Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.

    (2) This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

    a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or

    b) the monitoring of their behaviour as far as their behaviour takes place within the Union.​

    (3) This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
    Please, if you be so kind to help me. If you would like to know more about the situation, I can answer your questions.

    Ps. I hope this thread is posted in the right section. Sorry if it's not.

  2. #2
    Join Date
    Jun 2006
    Location
    Massachusetts
    Posts
    23,856

    Default Re: Gpdr: Effect on Us-Based Forums

    The GPDR is an EU law. It applies only in the EU. It does not apply to the US, or US servers, or US forums. Even if the poster is in the EU, if the forum is based in the US on a US based server, the GPDR does not apply.

  3. #3
    Join Date
    Mar 2018
    Posts
    4

    Default Re: Gpdr: Effect on Us-Based Forums

    Quote Quoting cbg
    View Post
    The GPDR is an EU law. It applies only in the EU. It does not apply to the US, or US servers, or US forums. Even if the poster is in the EU, if the forum is based in the US on a US based server, the GPDR does not apply.
    Thank you for the reply and yes, that is usually the case. But when I take a look at article 3.2a, you'll read that regardless of where the server is based (incl. US), if it does business with a person who lives in the EU, it must mply with the data protection regulations.

    From the quote in the OP: "this regulation applies to the processing of personal data of the data subject who are in the Union by a controller or processor outside the Union, where the processing activities are related to the offering of services even if there is no payment required." (roughly) So anyone US-based company/website who offers services to a EU-citizen will be required to handle the EU-citizen's data according to the GDPR. So my question, legally speaking: does a forum offer a service or not? I would assume that the term service is taken very broad so it'll include offering and sharing information and offering members the service to share their content with other members on the forum.

    Or if I am reading article 3.2a all wrong, please could you explain why I interpreted it wrong?

  4. #4
    Join Date
    Oct 2014
    Posts
    7,149

    Default Re: Gpdr: Effect on Us-Based Forums

    Quote Quoting cbg
    View Post
    The GPDR is an EU law. It applies only in the EU. It does not apply to the US, or US servers, or US forums. Even if the poster is in the EU, if the forum is based in the US on a US based server, the GPDR does not apply.
    That is not the view taken by the EU. If the persons the site serves are in EU member states the EU asserts the rule applies even to firms outside the EU so long as those firms serve persons in the EU. Specifically, the European Commission in its page addressing to whom the data protection law applies says the following:

    The law applies to:

    1. a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
    2. a company established outside the EU offering goods/services (paid or for free) or monitoring the behaviour of individuals in the EU.

    (Bolding added.) There certainly can be problems for the EU in trying to enforce that view on sites that are owned and operated entirely in the U.S. but enforcement is a risk for any site serving persons in the EU. Indeed, the U.S. and the EU have entered into a privacy shield agreement in which the Commerce Department will facilitate a process for U.S. companies to sign up for certification for compliance with the EU data privacy law and the Commerce Department helps the EU in carrying out that agreement. The U.S. also offered to the EU certain assurances regarding government access to information of persons in the EU as part of the privacy shield agreement.

  5. #5
    Join Date
    Jun 2006
    Location
    Massachusetts
    Posts
    23,856

    Default Re: Gpdr: Effect on Us-Based Forums

    I must have misunderstood something I was reading on another site. Sorry if I misled.

  6. #6
    Join Date
    Mar 2018
    Posts
    4

    Default Re: Gpdr: Effect on Us-Based Forums

    Quote Quoting Taxing Matters
    View Post
    That is not the view taken by the EU. If the persons the site serves are in EU member states the EU asserts the rule applies even to firms outside the EU sol long as those firms serve persons in the EU. Specifically, the European Commission in its page addressing to whom the data protection law applies says the following:

    The law applies to:

    1. a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
    2. a company established outside the EU offering goods/services (paid or for free) or monitoring the behaviour of individuals in the EU.

    (Bolding added.) There certainly can be problems for the EU in trying to enforce that view on sites that are owned and operated entirely in the U.S. but enforcement is risk for any site serving persons in the EU. Indeed, the U.S. and the EU have entered into a privacy shield agreement in which the Commerce Department will facilitate a process for U.S. companies to sign up for certification for compliance with the EU data privacy law and the Commerce Department helps the EU in carrying out that agreement. The U.S. also offered to the EU certain assurances regarding government access to information of persons in the EU as part of the privacy shield agreement.
    Thank you for reassuring that the entirely US-based forum does not have to comply with the GDPR, if I'm understanding that correctly. So as long as the forum isn't specifically targeted at EU-member state's citizens, it doesn't have to comply with the GDPR. But the percentage of EU-citizen visitor visiting the forum (even though it's not specifically targeted at them) might be as much as 50% (incl. UK) according to public data, I hope that because of these statistics, the Union doesn't consider the forum to be aimed at their citizens. The forum is an English-languaged forum without aim for a specific country.

    So in short, the entirely US-based forum with up to 50% of EU-member state's visitors does not have to comply with the GDPR?

  7. #7
    Join Date
    Oct 2014
    Posts
    7,149

    Default Re: Gpdr: Effect on Us-Based Forums

    Quote Quoting GDPRdummy
    View Post
    Thank you for reassuring that the entirely US-based forum does not have to comply with the GDPR, if I'm understanding that correctly. So as long as the forum isn't specifically targeted at EU-member state's citizens, it doesn't have to comply with the GDPR. But the percentage of EU-citizen visitor visiting the forum (even though it's not specifically targeted at them) might be as much as 50% (incl. UK) according to public data, I hope that because of these statistics, the Union doesn't consider the forum to be aimed at their citizens. The forum is an English-languaged forum without aim for a specific country.

    So in short, the entirely US-based forum with up to 50% of EU-member state's visitors does not have to comply with the GDPR?
    Id wonder how the U.S. forum is attracting so many visitors from EU member states if it was not purposely targeting the EU as a part of its audience. Nevertheless, the EU seems to say if the non-EU site is not targeting or directing its activities to the EU that it is not subject to the rule. You'd need to ask a lawyer in a EU member nation (which, for the moment, still includes the UK as the Brexit is not final) who is familiar with these rules exactly how the EU interprets them and enforces them. Even if the site is subject to the rules, it applies only to the data of EU persons using the site; the EU law would not give any benefit to Americans using the site.


  8. #8
    Join Date
    Mar 2018
    Posts
    4

    Default Re: Gpdr: Effect on Us-Based Forums

    Quote Quoting Taxing Matters
    View Post
    I’d wonder how the U.S. forum is attracting so many visitors from EU member states if it was not purposely targeting the EU as a part of its audience. Nevertheless, the EU seems to say if the non-EU site is not targeting or directing its activities to the EU that it is not subject to the rule. You'd need to ask a lawyer in a EU member nation (which, for the moment, still includes the UK as the Brexit is not final) who is familiar with these rules exactly how the EU interprets them and enforces them. Even if the site is subject to the rules, it applies only to the data of EU persons using the site; the EU law would not give any benefit to Americans using the site.

    It's a kinky website so it doesn't really matter where you're from to enjoy the content on the website. About 38% of the visitors are from the USA and an even bigger chunk comes from Europe (percentages of EU countries combined). I see only limited statistics but knowing that the UK takes 20%, Germany 10% and Poland 3%, it's natural to other EU countries also have between 1% to 3% of the total visitors.

    By the way, I looked at the Recital 23 of the GDPR (link: https://gdpr-info.eu/recitals/no-23/) and read that as long as you don't use EU-Member State's languages or currency and don't mention EU data subjects, it is insufficient to ascertain the intent of targetting EU data subjects. The forum I'm talking about only uses American English and the Dollar currency, and doesn't mention members individually anywhere. So the forum is not applicable to article 3.2a and thus, not applicable to the GDPR, right?

    1. Sponsored Links
       

Similar Threads

  1. Civil Rights Issues: Enforcement of EU Personal Data Protection Laws
    By thecombo in forum Civil Rights
    Replies: 1
    Last Post: 10-17-2016, 11:34 AM
  2. Business Regulation: How and when Does the Data Protection Act Apply
    By movedx in forum Business Law
    Replies: 2
    Last Post: 06-08-2014, 05:26 AM
  3. Business Issues: General Contractor Filed Protection Under A Plan Of Reorganization
    By najua in forum Business Law
    Replies: 1
    Last Post: 04-28-2008, 08:04 AM
 
 
Sponsored Links

Legal Help, Information and Resources