#2 is simply not a fact. Wikipedia has a page on extraterritorial jurisdiction. There's a list[1] of specific laws passed around the world that grant extraterritorial jurisdiction. How can you say there is no precedent?
GDPR asserts that anyone anywhere in the world must adhere to the GDPR if any EU citizens supply data to them. I'm not aware of any remotely similar laws in commerce or communications in any other country.
Having read this comment thread I feel compelled to comment that I find your reasoning bizarre. You started out with saying:
> GDPR tries to enforce its rules on servers outside of its territory.
Which you then clarified to
> It's still fascinating (and, I believe, a first) that the EU thinks they have extraterritorial jurisdiction just because their citizens are affected.
So it would appear as if your argument is:
GDPR is unique, because it exerts extraterritorial jurisdiction over servers whenever EU citizens are affected.
However, you won't relent. In the latest iteration of your argument you claim:
> I mean specifically in the way GDPR does it.
which you specify to mean
>GDPR asserts that anyone anywhere in the world must adhere to the GDPR if any EU citizens supply data to them. I'm not aware of any remotely similar laws in commerce or communications in any other country.
But you never ask yourself WHY ByteDance has a US presence in the first place? We could ask similar questions: Why does Facebook have a EU presence (on Ireland), why does Google?
I can concede that maybe I have not expressed myself well or articulated my points clearly. Allow me to try and clarify.
> GDPR is unique, because it exerts extraterritorial jurisdiction over servers whenever EU citizens are affected.
It's not simply the extraterritorial jurisdiction, it's that combined with how far-reaching and broad the GDPR is. The other examples people have given were either a seizure after an act was committed via a court order, or far more narrow in scope.
> However, you won't relent
Regarding COPPA, I provided references showing that a) the legislation itself does not assert extraterritorial jurisdiction in the way the GDPR does, b) that the wiki claims the FTC asserts extraterritorial jurisdiction but I can find no actual link to the FTC asserting that, and c) that legal scholars and the legal community seems to be of the opinion that COPPA is only applies domestically.
Why should I relent when those points show that COPPA is indeed quite different from GDPR? What's the flaw in my reasoning here?
> But you never ask yourself WHY ByteDance has a US presence in the first place? We could ask similar questions: Why does Facebook have a EU presence (on Ireland), why does Google?
But that's the point! The US sued someone via COPPA when they had a US presence, and it was in a US court. There was nothing extraterritorial about it!
GDPR is saying they could take action against one lone Chinese person operating a small business from home within China, someone who has never even left China, just because they collected data on someone in France.
That's frankly ridiculous, and I maintain, unprecedented.
>Why should I relent when those points show that COPPA is indeed quite different from GDPR? What's the flaw in my reasoning here?
The flaw, in my view, is that you begin with something that sounds very general (GDPR is the first extraterritorial law!!) and wind up defending a very particular and narrow statement which is appears distant from your starting position (GDPR is the first extraterritorial law that targets SERVERS).
>GDPR is saying they could take action against one lone Chinese person operating a small business from home within China, someone who has never even left China, just because they collected data on someone in France.
Personally I wouldn't base my interpretation of a complex, and to a large extend untested, international law on some document from a international conglomerate (i.e. Deloitte). I would ask myself, if there are any ulterior motives (i.e. profit) that might be biasing their view.
[1] https://en.wikipedia.org/wiki/Extraterritorial_jurisdiction#...
reply