Remix.run Logo
applfanboysbgon a day ago

The GDPR doesn't try to remove anything from the global internet. You're free to not serve your site in the EU. Texas is free to block sites in Texas. But Texas trying to remove the ability of Europeans to access European websites is a completely different matter.

jasonfarnon a day ago | parent | next [-]

"But Texas trying to remove the ability of (for instance) Europeans to access websites is a completely different matter."

I fail to see the difference in principle from the federal government doing this for copyright violations.

applfanboysbgon a day ago | parent [-]

There is no difference in principle. That is equally unacceptable.

There is a difference in kind, because it becomes impossible for the global internet to exist if thousands of local jurisdictions are being given their way, with conflicting local legislation resulting in global takedown when it is impossible to comply with two different jurisdictions. So this is noteworthy as an escalation of an already existing problem into an even worse direction.

---

Rate-limit edit:

> Which is why the Internet hasn't been global in a long time, and looks pretty different in China vs EU vs Russia.

China and Russia aren't part of the global internet because they have national firewalls and segregated themselves. The EU very much is, and with limited exceptions the internet doesn't look much different from the US, the EU, Japan, Canada, Australia, Mexico, Thailand, Brazil, or South Africa. It seems absurd to suggest that the internet isn't global when I'm in all likelihood talking to you from the opposite side of the world and this is the norm. And what is the point you're making? That we should embrace the China/Russia model and give not only every country but also every state/province/city its own Great Firewall?

jasonfarnon a day ago | parent | next [-]

"That we should embrace the China/Russia model and give not only every country but also every state/province/city its own Great Firewall?"

I actually don't have much of an opinion about what it should be, I was only discussing this from a descriptive legal standpoint. My guess is what will happen is companies will voluntarily target their sites to different regions and different legal regimes (like many big US sites do for their foreign versions, or gambling sites do here). That's kind of what's happening here, Verisign is complying probably so they can still have the TX market.

numpad0 a day ago | parent | prev | next [-]

> It seems absurd to suggest that the internet isn't global

Internet from L1 to L4 is global but WWW at L5 and above was always sort of fragmented. Look at chat apps: Messenger, WhatsApp, WeChat, LINE, KakaoTalk, Telegram, etc. The fault lines for userbases of these apps roughly align regional borders.

jasonfarnon a day ago | parent | prev [-]

Which is why the Internet hasn't been global in a long time, and looks pretty different in China vs EU vs Russia.

walrus01 a day ago | parent [-]

The major architectural difference is that through enforcement of their own domestic legislation, China and Russia both force their ISPs to run all international internet traffic through certain choke points (chinese great firewall, russian "SORM" traffic interception boxes and similar).

Whereas this is for the most part not the scenario for major IP transit providers in Europe, the USA, Canada (top 50 by size CAIDA ASRank scale/scope ISPs ranked by ASN which are not Russian or chinese).

bmelton a day ago | parent | prev [-]

> The GDPR doesn't try to remove anything from the global internet

GDPR Article 17 expressly requires the removal of things from the global internet

> You're free to not serve your site in the EU

Geoblocking is functionally impossible

sitharus a day ago | parent | next [-]

GDPR Article 17 expressly requires the removal _of your personal data_ from the internet _upon your request_, which is very different from a US state trying to remove a website hosted in and run by a company incorporated in another country.

And geo blocking may be functionally impossible but the law cares about intent and actions, not if you prevented someone who used a VPN or lied about their location from using your service.

fc417fc802 a day ago | parent | next [-]

> .. which is very different from ...

And yet still an attempt at extraterritorial overreach. Regardless, I imagine that the rest of us who don't do business in the EU will continue to disregard its very existence. (Except in principle when we write negative comments about it on the internet that don't in practice matter whatsoever, such as this one that you're reading right now.)

applfanboysbgon a day ago | parent [-]

How is it extraterritorial overreach when you acknowledge in the same comment that you can ignore it because you aren't in the EU? Unlike the site that is the subject of the thread, which has actually been subjected to extraterritorial overreach. This criticism and false equivalency is ridiculous.

fc417fc802 13 hours ago | parent [-]

I wrote "an attempt at" did I not? Attempted murder and murder have the same intent behind them despite the fact that the former failed. Attempting to claim that as a false equivalency is what's ridiculous.

bmelton a day ago | parent | prev [-]

> which is very different

If you say so

inigyou a day ago | parent | prev | next [-]

HN ignores GDPR, in particular Article 17, and it hasn't been taken down from the internet or even blocked in the EU.

ndsipa_pomu 21 hours ago | parent [-]

I'm curious - what kind of PII does HN make available and has it ever refused to remove it when asked by the individual concerned?

I can't recall HN asking/requiring PII from me in any fashion, so I don't see the relevance. If a commenter published some PII about me, then I wonder if HN would remove the comment if I complained to them about it. As I see it, HN isn't acting as a data controller.

inigyou 21 hours ago | parent [-]

You can post your home address in a comment and then you can't delete it.

ndsipa_pomu 20 hours ago | parent [-]

That seems a bit contrived, but it would be similar to if someone else posted your home address in a comment. Presumably emailing HN to request its removal would be the correct thing to do and I wonder if HN would remove the PII.

Edit: it's covered by HN Privacy policy which is available here: https://www.ycombinator.com/legal/

TLDR: email privacy@ycombinator.com for privacy concerns which should cover removing comments.

In my opinion, that seems compliant with GDPR.

applfanboysbgon a day ago | parent | prev [-]

> GDPR Article 17 expressly requires the removal of things from the global internet

...as part of compliance with GDPR, if you choose to be compliant. Please name one instance of the EU suing and successfully removing an American website from the internet under this article, or any part of the GDPR? Considering we're talking about an actual case of the US seizing the domain of a European website, whataboutting a hypothetical with the GDPR which has never done the reverse despite being in force for 10 years is incredibly disingenuous.

---

Rate-limit edit:

> Are you saying that you don’t think that the GDPR text is written to apply outside of the EU, or that it does say that but it’s not relevant because it’s not viable for anybody to enforce that?

The GDPR is European legislation, written for the territory the EU has legal jurisdiction over. Why would anybody think it's meant to apply outside of the EU? Plenty of businesses choose to operate by two sets of privacy policies, one where they continue fucking over their American users and one where they adhere to the GDPR for European users, and that is perfectly acceptable. There is no "think" about it, the legislation obviously does not apply outside the EU, nor is it intended to.

fc417fc802 a day ago | parent | next [-]

> Why would anybody think it's meant to apply outside of the EU?

Because it's clearly worded in such a manner, similar to US financial laws. The key difference is that the EU so far lacks the leverage to throw its weight around outside its own territory to the extent that the US does. (Also presumably politicians won't be willing to burn bridges over PII handling violations to the same extent that they do over financial crimes.)

akerl_ a day ago | parent | prev [-]

Are you saying that you don’t think that the GDPR text is written to apply outside of the EU, or that it does say that but it’s not relevant because it’s not viable for anybody to enforce that?