No Privacy Policy in D tools (dmd, dub, phobos, etc)
Adam Wilson
flyboynw at gmail.com
Thu Jan 25 00:15:57 UTC 2024
On Wednesday, 24 January 2024 at 13:07:26 UTC, Arafel wrote:
> IANAL, so I have no idea of how this applies to the DLF, who I
> assume sits in the US, but I thought it might be of interest.
IANAL either, but I did the GDPR compliance engineering for my
teams product at MSFT. The basic principle is that, unless the
service is physically hosted in the EU, GDPR has no legal force.
If a European connects to a US hosted service, they can have no
legal expectation that GDPR regulations will be followed and if
they do it is as a courtesy and no action may be brought under
the GDPR.
IIRC, the EU originally tried to write the law as "any service
that any European connects to must comply", but I think someone
somewhere along the way pointed at that most of these services
were held in the US and the most effective way to "comply" was to
simply block EU IPs until the engineering work was completed (if
the company had any compelling reason to stay accessible in the
EU market). And enforcement would be impossible without US
support and they got a hard "no" on that.
When I was doing this for MSFT, we just held off deploying our
product into the EU datacenters and product offerings until the
engineering and documentation was complete. Took a year of my
life that work did.
For my current project, our non-US plans consist of "block their
IPs." GDPR is a massive capital sink for an small business.
More information about the Digitalmars-d
mailing list