Hacker News new | past | comments | ask | show | jobs | submit login

GDPR is the other way around. It applies to non-EU companies that deal with EU citizens (or people living there). It doesn't gain access to data stored by a Canadian company in Canada on servers owned and run by OVH.

It generally doesn't grant access to prosecutors, it tries to protect consumers and can lead to fines in case of violation.




The point is that it's basically a "global law". Non-EU companies could choose to ignore it, but they would risk losing access to the EU market, which is too big to ignore, and so they comply. A company could forego this or that individual nation, possibly even a big one; but the entirety of the EU market is simply too large to accept the risk.

Similarly, a US company could relocate to Iceland and thumb its nose at the PATRIOT Act and so on, but then "good luck doing any business" in the huge US market. The principle is the same: big markets can impose rules that more or less the entire world ends up following.


But you can choose to restrict your compliance to the GDPR to your EU clients. It's not the same as a law that applies to all your clients.


You've just rediscovered the jurisprudence of the Commerce Clause and the power of Federalism. Alexander Hamilton would be proud.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: