No Privacy Policy in D tools (dmd, dub, phobos, etc)

Danny Arends Danny.Arends at gmail.com
Thu Jan 25 15:21:25 UTC 2024 

On Thursday, 25 January 2024 at 00:15:57 UTC, Adam Wilson wrote:
> On Wednesday, 24 January 2024 at 13:07:26 UTC, Arafel wrote:
>> IANAL, so I have no idea of how this applies to the DLF, who I 
>> assume sits in the US, but I thought it might be of interest.
>
> IANAL either, but I did the GDPR compliance engineering for my 
> teams product at MSFT. The basic principle is that, unless the 
> service is physically hosted in the EU, GDPR has no legal 
> force. If a European connects to a US hosted service, they can 
> have no legal expectation that GDPR regulations will be 
> followed and if they do it is as a courtesy and no action may 
> be brought under the GDPR.
>
> IIRC, the EU originally tried to write the law as "any service 
> that any European connects to must comply", but I think someone 
> somewhere along the way pointed at that most of these services 
> were held in the US and the most effective way to "comply" was 
> to simply block EU IPs until the engineering work was completed 
> (if the company had any compelling reason to stay accessible in 
> the EU market). And enforcement would be impossible without US 
> support and they got a hard "no" on that.
>
> When I was doing this for MSFT, we just held off deploying our 
> product into the EU datacenters and product offerings until the 
> engineering and documentation was complete. Took a year of my 
> life that work did.
>
> For my current project, our non-US plans consist of "block 
> their IPs." GDPR is a massive capital sink for an small 
> business.

Erm, IANAL either, but the GDPR does apply to US companies that 
want to operate inside he EU, since the regulation is 
extra-territorial in scope[1]. Basically any company/organisation 
outside of the EU storing/processing information about EU 
nationals (or non-EU national living in the EU) should be aware 
that they do run the risk of being fined for non-compliance with 
the GDPR.

[1] https://gdpr.eu/compliance-checklist-us-companies/

More information about the Digitalmars-d mailing list