On May 23, 2018, at 9:59 AM, Owen DeLong <owen@delong.com> wrote:
On May 23, 2018, at 08:53, John Levine <johnl@iecc.com> wrote:
In article <CAE-M_OBdDv1+DFto=h1O-ghLbs2TQ_x_P9kuw4LS24mSBaw9Ww@mail.gmail.com> you write:
I asked one of the EU regulators at RSA how they intended to enforce GDPR violations on businesses that don't operate in their jurisdiction and without hesitation he told me they'd use civil courts to sue the offending companies.
He probably thought you meant if he's in France and the business is in Ireland, since they're both in the EU. Outside the EU, on the other hand, ...
If they try to sue in, say, US courts, the US court will ask them to explain why a US court should try a suit under foreign law. There is a very short list of reasons to do that, and this isn't on it.
Actually, due to treaty, it is. At least according to some lawyers that have been advising ICANN stakeholder group(s).
Also, don't forget the private right of action. Anyone can file anything in the U.S. courts... you may get it dismissed (although then again you may not) but either way, it's going to be time and money out of your pocket fighting it. MUCH better to just get compliant than to end up a test case. Anne Anne P. Mitchell, Attorney at Law GDPR Compliance Consultant Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant CEO/President, Institute for Social Internet Public Policy Legal Counsel: The CyberGreen Institute Legal Counsel: The Earth Law Center Member, California Bar Association Member, Cal. Bar Cyberspace Law Committee Member, Colorado Cyber Committee Member, Board of Directors, Asilomar Microcomputer Workshop Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop