No Privacy Policy in D tools (dmd, dub, phobos, etc)
Danny Arends
Danny.Arends at gmail.com
Thu Jan 25 15:21:25 UTC 2024
On Thursday, 25 January 2024 at 00:15:57 UTC, Adam Wilson wrote:
> On Wednesday, 24 January 2024 at 13:07:26 UTC, Arafel wrote:
>> IANAL, so I have no idea of how this applies to the DLF, who I
>> assume sits in the US, but I thought it might be of interest.
>
> IANAL either, but I did the GDPR compliance engineering for my
> teams product at MSFT. The basic principle is that, unless the
> service is physically hosted in the EU, GDPR has no legal
> force. If a European connects to a US hosted service, they can
> have no legal expectation that GDPR regulations will be
> followed and if they do it is as a courtesy and no action may
> be brought under the GDPR.
>
> IIRC, the EU originally tried to write the law as "any service
> that any European connects to must comply", but I think someone
> somewhere along the way pointed at that most of these services
> were held in the US and the most effective way to "comply" was
> to simply block EU IPs until the engineering work was completed
> (if the company had any compelling reason to stay accessible in
> the EU market). And enforcement would be impossible without US
> support and they got a hard "no" on that.
>
> When I was doing this for MSFT, we just held off deploying our
> product into the EU datacenters and product offerings until the
> engineering and documentation was complete. Took a year of my
> life that work did.
>
> For my current project, our non-US plans consist of "block
> their IPs." GDPR is a massive capital sink for an small
> business.
Erm, IANAL either, but the GDPR does apply to US companies that
want to operate inside he EU, since the regulation is
extra-territorial in scope[1]. Basically any company/organisation
outside of the EU storing/processing information about EU
nationals (or non-EU national living in the EU) should be aware
that they do run the risk of being fined for non-compliance with
the GDPR.
[1] https://gdpr.eu/compliance-checklist-us-companies/
More information about the Digitalmars-d
mailing list