On 5/23/18, 12:10 PM, "NANOG on behalf of Anne P. Mitchell Esq."
wrote:
> On May 23, 2018, at 9:59 AM, Owen DeLong wrote:
>
>
>
>> On May 23, 2018, at 08:53, John Levine wrote:
>>
>> In article
you write:
>>> I asked one of the EU regulators at RSA how they intended to enforce
GDPR
>>> violations on businesses that don't operate in their jurisdiction and
>>> without hesitation he told me they'd use civil courts to sue the
offending
>>> companies.
>>
>> He probably thought you meant if he's in France and the business is in
>> Ireland, since they're both in the EU. Outside the EU, on the other
>> hand, ...
>>
>> If they try to sue in, say, US courts, the US court will ask them to
>> explain why a US court should try a suit under foreign law. There is
>> a very short list of reasons to do that, and this isn't on it.
>
> Actually, due to treaty, it is. At least according to some lawyers that
have been advising ICANN stakeholder group(s).
>
>Also, don't forget the private right of action. Anyone can file anything
> in the U.S. courts... you may get it dismissed (although then again you may
> not) but either way, it's going to be time and money out of your pocket
> fighting it. MUCH better to just get compliant than to end up a test case.
Isn't "better" a factor of how much it costs to become compliant with GPDR?
I'm no expert, but some of the things I've heard sounded not trivial to
implement (read potentially BIG investment).
-dan