> you agree to American terms and conditions, arbitrated by American courts.

"Designated Countries. We use the term “Designated Countries” to refer to countries in the European Union (EU), European Economic Area (EEA), and Switzerland."

"If you reside in the “Designated Countries”, you are entering into this Contract with LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”) and LinkedIn Ireland will be the controller of your personal data provided to, or collected by or for, or processed in connection with our Services."

"If you live in the Designated Countries, the laws of Ireland govern all claims related to LinkedIn's provision of the Services" "With respect to jurisdiction, you and LinkedIn agree to choose the courts of the country to which we direct your Services where you have habitual residence for all disputes arising out of or relating to this User Agreement, or in the alternative, you may choose the responsible court in Ireland."

Source: https://www.linkedin.com/legal/user-agreement

I'm not sure from where you got your information.

Nobody cares. They keep a skeleton crew office in the EU for compliance purposes only. Whether they have an office in the EU or not is inconsequential. If they closed it tomorrow, the EU would literally have nothing to go after...

> They keep a skeleton crew office in the EU for compliance purposes only

According to LinkedIn, they have over 2,000 employees in Dublin alone.

You're saying they are buccaneers, and validating that as the fundamental working principle of American capitalism.

Call them whatever you want. All I'm saying is that Europeans are hypocrites for fucking over their greatest ally via unenforceable and anti-competitive regulation that's not worth the paper it's written in (and that European institutions have even exempted themselves from). The one ally that they desperately depend on for safety and security, technology, medicine, research, etc.

According to AP News (https://apnews.com/article/international-court-sanctions-tru...) at least one judge had his bank accounts closed. So it's not just your own government who can debank you in Europe.

Of course in this judge's case there might still be some banks who are willing to work with him even at the risk of getting sanctioned as there weren't language in the news that he was completely debanked which I assume they would highlight if it was the case.

The main problem IMHO that a bank access not seen as a right. Even Russia which is neither powerful (unlike the US) nor an EU ally can de-bank Russian critics living in the EU (and other places) by reporting them to FATF. AML is ripe for abuse.

Personally I found Flowdock's thread model the best at least for small'ish teams (company size was <30). You can see it in action at https://web.archive.org/web/20210728031306/http://blog.flowd.... Unfortunately the company itself didn't survive. It was eventually acquired by CA which then killed it later.

(from my older comment) Essentially there is a default view which contains all messages as usual. Each message also has a symbol next to it. If it's grey message bubble, it's a message that is not tied to any thread (it can be replied to to start a new thread. Previously if no other messages have appeared on channel so far, it can be dragged & dropped to another thread). If it's colored message bubble, it's the first message in the thread. A colored arrow means it's part of the thread with that color.

This allows you to mostly just stay in default view with all of the channel's messages. As long as people are putting the messages in the thread itself, you could quickly use the colors to see which thread the message is on (color collisions did happen, but they were fairly rare). You would need to open the thread only if you needed more context or wanted to reply to it, though replying can also be done by writing to channel & dragging the message to thread.

Yes it's odd that nobody I know has copied this. Clearly better than what Slack and Teams are doing.

It's important to note that this is what European Commission has determined to be acceptable for them. One very important distinction here is, as far as I understand, that EC is not bound by ePrivacy Directive as directives bound member states and require them to include them on their national law. They do still try to be consistent with how the directive is applied in the member states though but since it can be varied they have more leeway compared to most other controllers.

The text on that website does state that some DPAs have found some first-party analytics acceptable, but that's not something that is confirmed by CJEU. And ePD does not have single-stop shop so you need to follow every DPAs directions if you are offering services to that DPA's country.

On the "German DPA can only forward it to Czech DPA" there is now regulation (2025/2518) around the cross-border enforcement and as far as I understand it actually has hard deadlines. However it will only start being in effect around May 2027 and will only affect cases which were filed after that. It is still very long process and does require that the original DPA actually initiates things.

The spam filter loophole is unlikely to be legal. It it contrary to other DPA rulings (like Norwegian DPA ruling on Mowi ASA), EDPB guidelines don't strictly define it but I would say tilt towards that excuse not being sufficient & my understanding is that there are also some court cases from Germany and Austria that treat messages routed to spam as recieved (https://www.nospamproxy.de/en/emails-in-spam-folders-are-con...). Of course if you want to actually enforce it you would need to appeal the decision in court, I have no clue how easy or hard that is in Germany.

If you mean what they are planning to change (as part of the omnibus) there is report by NOYB https://noyb.eu/sites/default/files/2025-12/noyb%20Digital%2...

If you mean how CCPA/CPRA differs from GDPR there are lots of things. For example you are not entitled to know actual recipients of your data, only the categories. So you cannot really know who actually received your data which then prevents you from exercising your rights against those controllers (or covered entities in CPRA language). GDPR also requires companies to usually notify you if they receive your data as controller (though there are some exceptions), in reality that's not really happening though (e.g. how many payments processors or acquiring banks have notified you about your credit card payments?).

CPRA also allows selling your personal data if you do not opt-out, in GDPR that would generally require consent (except in certain situations where you can use legitimate interest as the basis). GDPR also regulates cross-border transfers a lot more closely as the idea is that the protections & rights travel with the data.

> mpanies to usually notify you if they receive your data as controller (though there are some exceptions), in reality that's not really happening though (e.g. how many payments processors or acquiring banks have notified you about your credit card payments?).

Depending on why they received your data, they may not be allowed to tell you about this. The Bank Secrecy Act has had a lot of weird downstream consequences.

Sure, but that's in connection with SARs and such (which have legal obligations are around secrecy). What I mean are the "generic" credit card payments where payment processors & banks process the personal data for things like fraud detection. That's perfectly fine legitimate interest, but that doesn't absolve them from article 14 requirements as fraud prevention doesn't have such requirements around secrecy around the fact that it even exists. They can restrict some detailed information e.g. regarding algorithm itself by relying on trade secrets, but that is different from their obligation to inform data subject that they received the information.

> fraud prevention doesn't have such requirements around secrecy around the fact that it even exists

This is a tricky one, I really really dislike that accounts can be deleted with no recourse under the banner of fraud prevention.

But, OTOH, the best way to stop fraud is to prevent the fraudsters from knowing how you've detected them. It's not an easy problem.

So just to clarify there are two different things here:

The information that fraud detection is being performed is something that needs to be disclosed. That's what would be part of the article 13/14 (13 is when controller collects data directly from subject, 14 is when they receive it from anywhere else (including generating it themselves)) notices. It's very rare that any law would forbid giving any kind of article 13 notice, that's why banks do disclose that they process personal data for AML purposes in their privacy policies.

Article 14 itself however does allow omitting the notice in certain circumstances, but those are quite limited. Fraud detection can fit here, but usually only in the context where controllers transmit the information to other controllers regarding risky clients and such. The actual fraud detection itself is a different purpose and it's objectives are not, generally speaking, in risk just because someone knows that certain company ran the fraud detection on this transaction (since fraud detection is run on every single transaction).

The "how" is part of the second thing. That's generally more on article 15 (and 22) territory where controller could omit the information why exactly the transaction was denied (and possibly things like transaction's fraud score). I don't really like the current interpretations either (as it makes it pretty impossible to fix incorrect information) but unless CJEU gives some ruling in the issue it's unlikely that DPAs & EDPB are going to enforce some changes there.

> European companies selling only to non-European customers don’t have to comply with GDPR.

Usually they do. European company processing personal data of non-EU customers falls with article 3(1) "This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not."

Of course if they do not process any personal data then it wouldn't apply but that's pretty unlikely (and if that was the case the EU customers data wouldn't fall within GDPR either).

Not quite true. In Finland YEL (yrittäjän eläkevakuutus, pension insurance for entrepreneurs) is required and it's based on estimated value of the entrepreneur's work input. Even if you pay yourself 0 euros your YEL income is likely higher. The models that insurance companies use take revenue in account.

There seems to be grey deny button at top-right on first view but it disappears if you select the details. You need hide the details first if you want to click it.

Thank you. ALLOW SELECTION is still a mystery though.