In article <0BB31BBB-388D-4832-85DD-30C01C187BA1@jeffmurphy.org> you write:
There’s speculation that enforcement could occur via the FTC Privacy Shield program.
Privacy Shield is entirely optional. Joining it requires a lot of paperwork and a substantial administrative fee. If you don't do all that, it doesn't apply to you. Please see my previous comment about people who think they understand the GDPR vs. people who actually do. https://www.privacyshield.gov/welcome Also, Privacy Shield is a retread of the Safe Harbour deal which EU courts invalidated in 2015. Max Schrems, the guy who filed the case against Safe Harbour, has filed a similar suit against Privacy Shield, with Facebook as the defendant. I wouldn't bet a lot on Privacy Shield lasting any better than Safe Harbour did. https://techcrunch.com/2018/04/13/privacy-shield-now-facing-questions-via-le... R's, John PS: For anyone who came into the middle of this argument, my point is that if you have no EU nexus, the realistic chances of the EU taking action against you round to zero. If you do have EU nexus, you better behave.