You’re right…but it really depends on the definition of “under their jurisdiction”. If a company has a business presence in the EU…then I can see a valid court case to allow a decision as to whether the EU privacy laws apply…but even then will other countries in the world enforce their decision?
If a website based in the EU wants to collect data from a visitor in a non EU country they have to give that person the right to approve or not approve. If they do approve, they also have the right to opt out and have the data that was accumulated deleted, and while people remain in the system they must have the ability to easily review any information that was collected. If they don’t approve, the site can block access to the site, or they can allow the visitor to access the site without being tracked. Sites are also required to report any security breeches to the EU within either 2 or 3 days.
It doesn’t matter if the site is selling anything or not. The US Courts ruled that a US based company used information collected in the US serve targeted information in the EU or visa versa, the US gets to collect on the sale of the data. I do wish the US went the extra miles the EU did to ensure privacy, data security and the ability to determine and makes decisions about what can be sold about me.
It’s also a political issue…google and MS and whoever else has agreed to pay fines may have simply decided that it was easier, cheaper, and more politically expedient to just pay the fine than it was to either fight it or change their business practices
Nope, Google and Facebook fought tooth and nail all the way to the US Supreme Court over the tax issue and spent fortunes in attorneys. And Apple fought tooth and nail and probably even made a little dent in their big cash pile to protect its privacy policy. I think MS currently has a privacy case before the Supreme Court, but the one I was referring to was the Netscape monopoly case.
It’s not the way the corporate world works. If a big corporation doesn’t fight a particular battle of this magnitude and settle instead, it it most likely to cause an epidemic of suits that would either bankrupt the company or eventually end up in the Supreme Court anyway.
and again, eventually it comes down to whether the US would enforce an EU court decision.
The EU can enforce rules in the US the same way the US enforces litigation in other countries. They garnish the revenues they collect, or the holdings companies have, within their boundaries. If I remember correctly, the new EU law requires a % of annual income. They can freeze bank accounts and assets while in litigation.
For a small company based in the US with no presence in the EU…then I would argue that the EU should’t have jurisdiction
Whether or not they do or don’t, the government is unlikely to go after some sweet little grandma’s site about knitting and crocheting. But if millions of grandmas and grandpas are signed up with a second or third party ad network, then the network could possibly be sued. If they lost, grannies and grampies might not collect the few dollars from ads served on their site. But Facebook and Google would have to pay up.
Marilyn