Hacker News new | past | comments | ask | show | jobs | submit login

If you have no presence in the EU, to what sort of "risk" do you refer?



I havent read the papers but only few online summaries, but each mentions very strongly that GDPR directive are not limited to you running business or webste in EU zine. You need to implement GDPR if someone in Australia is using European IP. You also should assume that signup IS EUROPEAN if you havent given them the chance to say otherwise on your registration form. For example European citizen can visit your US based website when he/she visits USA, sign up then go home. Since she/he is EU citizen, you need full complience on your end. Or face €20 mil fine (I assume your startup is not making more than that off of 4% revenue)


How is the EU court going to fine your American corporation?


They can arrest the CEO if they step foot on EU soil.


I don't imagine a European country arresting an American for something that was done in America that is legal to do in America would go over real well with the US government.


https://en.m.wikipedia.org/wiki/United_States_v._Elcom_Ltd.?

This stems from the United States making their laws apply globally.


Your link does not work, because it ends in a period. HN takes the period as being the end of the sentence rather than as being part of the link. Here are working links (mobile, non-mobile):

https://en.m.wikipedia.org/wiki/United_States_v._Elcom_Ltd.?

https://en.wikipedia.org/wiki/United_States_v._Elcom_Ltd.?


Also question how would they know who owns the company? I don't think US Gov would easily give out info on US company to foreign country or Union for such no-crime related abuse.


Yes, I understand all of that. But you didn't answer my question.

My company has no presence in EU, and neither myself, nor any one of my employees are going there.

What's the risk?


The risk is an EU court telling google to stop dealing with you because you're in violation, or even worse: a payment processor like Visa. No to mention that you and your employees are now unable to safely fly anywhere within the EU or anywhere with an extradition treaty with them.


so would it be sufficient to add a line to the TOS checkbox label: "I affirm that I am not a citizen of a EU-affiliated country"

that seems simple enough - I think I'll add that to the projects I'm working on.


Not enough. You also need a screenshoot of the form they completed and you need to keep it on file.

There is so much info I read on this today I closed the article but it said that their ticked-box consent and IP is not sufficient.


You don't necessarily need a screenshot, a copy of the webpage the user saw would IMO be sufficient.

You need to be able to show the user agreed and what they agreed to exactly. A screenshot might do that but might also not be sufficient (if there is more text elsewhere on the signup process related to privacy)


For all downvoters:

https://www.mailjet.com/gdpr/consent/

Scroll to: How do I store consent under GDPR?

The record of the IP address, location and time at which someone submitted a consent form is insufficient without a screen capture of the form itself.

You welcome!


The specific recital is here: https://gdpr-info.eu/recitals/no-42/

A screen capture is the easiest way to achieve compliance but the regulation leaves open other methods as long as you can show that someone gave consent and to what exactly. (IMO you could also store the HTML of the webpage they viewed at the time)


That’s the weirdest thing. What do the law mean with a “screenshot of the form”


There is nothing about a screenshot in the law.

The law says you have to be able to prove the user ticked the box and provide an audit trail for it, IIRC some recitals mentioning that you should be able to reproduce the exact agreements the user made (ie, either in text or as a screenshot) so that you can later show the user and any regulatory body that asks what they agreed on.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: