How can the EU enforce GDPR requirements on a US company?
April 23, 2022 4:55 PM Subscribe
Imagine the case of a US-based company that has no business presence in the EU. And this company has a website that is clearly intended to sell goods and services to EU residents following the criteria of GDPR. According to the EU's rules, this company must comply with GDPR. But how would the EU enforce this?
My question is based on the premise of "who must comply" as described by the EU -
It seems that since a solely US-based company has no presence in the EU, it wouldn't be in a jurisdiction where the law could be enforced.
Maybe there is some treaty with the EU that requires the US to enforce GDPR?
Or is the EU stating a requirement that has no real consequences if it isn't followed? They may hope that companies just go along with it to be safe.
Or possibly the EU has ways of penalizing companies for not following GDPR that don't involve legal action against the violator. For example, banning violators from domain name hosts, banks, and payment processors.
Of course, it's wise to seek legal counsel to figure out what is needed for a specific company. But I am asking this question in a general way to learn about situations where countries can extend their legal influence into other countries.
My question is based on the premise of "who must comply" as described by the EU -
It seems that since a solely US-based company has no presence in the EU, it wouldn't be in a jurisdiction where the law could be enforced.
Maybe there is some treaty with the EU that requires the US to enforce GDPR?
Or is the EU stating a requirement that has no real consequences if it isn't followed? They may hope that companies just go along with it to be safe.
Or possibly the EU has ways of penalizing companies for not following GDPR that don't involve legal action against the violator. For example, banning violators from domain name hosts, banks, and payment processors.
Of course, it's wise to seek legal counsel to figure out what is needed for a specific company. But I am asking this question in a general way to learn about situations where countries can extend their legal influence into other countries.
« Older Expected symptoms / when to be concerned | what is this person's service that makes decisions... Newer »
This thread is closed to new comments.
I am no EU compliance officer but that seems like a good enforcement vector.
posted by Sauce Trough at 5:17 PM on April 23, 2022 [3 favorites]