On 5/23/18, 12:10 PM, "NANOG on behalf of Anne P. Mitchell Esq." <nanog-boun...@nanog.org on behalf of amitch...@isipp.com> wrote:
> On May 23, 2018, at 9:59 AM, Owen DeLong <o...@delong.com> wrote: > > > >> On May 23, 2018, at 08:53, John Levine <jo...@iecc.com> wrote: >> >> In article <CAE-M_OBdDv1+DFto=h1o-ghlbs2tq_x_p9kuw4ls24msbaw...@mail.gmail.com> you write: >>> I asked one of the EU regulators at RSA how they intended to enforce GDPR >>> violations on businesses that don't operate in their jurisdiction and >>> without hesitation he told me they'd use civil courts to sue the offending >>> companies. >> >> He probably thought you meant if he's in France and the business is in >> Ireland, since they're both in the EU. Outside the EU, on the other >> hand, ... >> >> If they try to sue in, say, US courts, the US court will ask them to >> explain why a US court should try a suit under foreign law. There is >> a very short list of reasons to do that, and this isn't on it. > > Actually, due to treaty, it is. At least according to some lawyers that have been advising ICANN stakeholder group(s). > > Also, don't forget the private right of action. Anyone can file anything > in the U.S. courts... you may get it dismissed (although then again you may > not) but either way, it's going to be time and money out of your pocket > fighting it. MUCH better to just get compliant than to end up a test case. Isn't "better" a factor of how much it costs to become compliant with GPDR? I'm no expert, but some of the things I've heard sounded not trivial to implement (read potentially BIG investment). -dan