GDPR (Hornby)

[ejstubbs]

The ICO won't give a monkeys about these as, like most spam, they originate from outside the UK.

 

Point of information for the barrack-room lawyers: GDPR applies to the personal data of all EU residents, regardless of where the actual data controller (the "spam merchant" in this case) is located (reference: GDPR Article 3 Territorial Scope).  So the ICO are legally obliged by the regulation to give at least a few monkeys (GDPR Article 51 Supervisory Authority).

 

Hence actions such as reported here on 24th May being taken by some companies:

 

...a growing number of companies are taking the nuclear option to ensure compliance: blocking all European users from their servers.

 

Instapaper, a service owned by the US firm Pinterest which enables users to save articles to read at a later date, became the latest to disconnect European customers on Thursday. It said the cutoff was temporary while it made the required changes, and told users: “We apologise for any inconvenience, and we intend to restore access as soon as possible.” Pinterest did not respond to a request for comment.

 

Other companies have taken a more permanent approach. Unroll.me, an inbox management firm, announced it was completely withdrawing services for EU companies due to an inability to offer its product – which is monetised by selling insights gleaned from reading users’ emails – in a way that was compatible with EU law. “We are truly sorry that we are unable to offer our service to you,” the company told EU users.

 

American media network A+E has blocked EU visitors from all its websites, including History.com, and some multiplayer online games, including Ragnarok Online, have switched off their EU servers.

Edited June 2, 2018 by ejstubbs

[jjb1970]

What's the legal position if the sender is domiciled outside Europe and with no presence in Europe ? I can see that the regulation is clear but if you are outside Europe and with no presence here then can regulators do anything? I ask it as a genuine question.
In my own area of work there has been some significant tension between the EU and the rest of the world following EU attempts to extend the reach of certain regulations beyond Europe and beyond European companies. That led in more than one case to countries informing Europe that they were violating sovereign rights and Europe backed down. However I suspect those matters were more politically sensitive and easier for Europe to act on if the regulations were violated.

Edited June 3, 2018 by jjb1970

[ejstubbs]

I think the answer is, in the immortal words of Sir Patrick Moore: "No-one really knows."  It is a new law and certain aspects of it (in particular the bits that are new cf the old directive) have yet to be tested in/through the courts.

[jjb1970]

I guess a lot will depend on where the actual entity you have an issue with is domiciled and the nature of the complaint. For example, I suspect an on-line retailer in the US selling via their US website will be subject to US law and if they distribute bulletins to a customer list then I'm not sure what Europe could do, block access to European customers?  

[adb968008]

I suspect it’s who initiates the sale and where the order is booked that counts.

 

If you don’t do business in Europe and your not based in Europe then it doesn’t apply.

If a European customer comes to your website and buys something subject to your t&c’s under that non-EU law you reside and requests shipping internationally to the EU I would also see that it doesn’t apply as its customer initiated.

 

However if your actively promote selling into the European market, then GDPR will apply.. as it’s you initiating the promotion not a customer coming to you.

 

For example, if I go to the US buy a burger in a US only chain and subscribe to it’s email, GDPR is unenforceable. I approached them and the sale was in the US under US law. If I goto a US mail order site, pay in dollars and they agree to ship to Europe it’s still a sale under US law as I initiated the transaction and requested a sale to the EU.

 

But if it was a US chain, with a .co.uk domain, selling in GBP under Uk law and flew a 767 full of warehouse stock to the UK every week to service that market, then quite definitely GDPR applies. Additionally a US based retailer, exclusively in the US trading in USD under US law, but maintaining a European customer mailing list and advertising European shipping with European promotions would also arguably find GDPR applies.

 

Regardless what the EU law says, US law will prevail if they tried chasing a US entity wholly based in the US that doesn’t have any business presence in Europe, even if they did advertise to Europeans. There is no way the EU is going to extradite Grandma Jane from Grandma Janes wine shop in Idaho, even if she emails a bunch of European wine lovers and sells the odd bottle or 100.

Edited June 3, 2018 by adb968008

[57xx]

Point of information for the barrack-room lawyers: GDPR applies to the personal data of all EU residents, regardless of where the actual data controller (the "spam merchant" in this case) is located (reference: GDPR Article 3 Territorial Scope).  So the ICO are legally obliged by the regulation to give at least a few monkeys (GDPR Article 51 Supervisory Authority).

 

I'm well aware that GDPR is an EU wide piece of legislation, thanks. However, the ICO's jurisdiction is limited to the UK...

 

• 1. Who owns the email account you received the message at?

  An individual (including sole traders and partnerships, except partnerships with limited liability and those based in Scotland)

  Change this answer

• 2. Do you know who sent the message?

  Yes

  Change this answer

• 3. Is the sender based in the UK?

  No

  Change this answer

Outside the UK

The ICO's authority only covers organisations based in the UK. If the sender is based in another country in the European Union, that country’s data protection authority may be able to help you further. See the Europa website for contact details of the other data protection authorities.

Edited June 7, 2018 by 57xx