> Furthermore, it affects companies all over the world that serves EU citizens.
No gdpr applies if companies target EU citizens [1][2]. My personal opinion of the law is that its as useless as cookie law but way more costly and unpredictable.
The mere accessibility of your website by individuals in the Union or use of the languages of one of the Member States in the Union (if the same as the language of your home state) should not by itself make you subject to the Regulation. However, the following factors are a strong indication that you are offering goods or services to individuals in the Union and so are subject to the Regulation:
> Language - You are using the language of a Member State and that language is not relevant to customers in your home state (e.g. the use of Hungarian by a US website).
> Currency - You are using the currency of a Member State, and that currency is not generally used in your home state (e.g. showing prices in Euros).
> Domain name - Your website has a top level domain name of a Member State (e.g. use of the .de top level domain).
> Delivery to the Union - You will deliver your physical goods to a Member State (e.g. sending products to a postal address in Spain).
> Reference to citizens - You use references to individuals in a Member State to promote your goods and services (e.g. if your website talks about Swedish customers who use your products).
> Customer base - You have a large proportion of customers based in the Union.
> Targeted advertising - You are targeting advertising at individuals in a Member State (e.g. paying for adverts in a newspaper).
All the big (and smaller) players in tech are working hard to implement all the requirements of this law (control over what data is stored, TTLs, encryption).
How is this useless for end-users? It forces companies to encrypt this data at rest, and allow users to delete it when they want.
I can't really envision Facebook or Google removing all EU-only language options and doing away with targeted advertisements, so how come you think these criteria won't work?
No gdpr applies if companies target EU citizens [1][2]. My personal opinion of the law is that its as useless as cookie law but way more costly and unpredictable.
[1] (122), Pg 22, https://docs.google.com/viewer?url=http%3A%2F%2Fec.europa.eu...
[2] Pg 13, https://docs.google.com/viewer?url=http%3A%2F%2Fwww.linklate...
The mere accessibility of your website by individuals in the Union or use of the languages of one of the Member States in the Union (if the same as the language of your home state) should not by itself make you subject to the Regulation. However, the following factors are a strong indication that you are offering goods or services to individuals in the Union and so are subject to the Regulation:
> Language - You are using the language of a Member State and that language is not relevant to customers in your home state (e.g. the use of Hungarian by a US website).
> Currency - You are using the currency of a Member State, and that currency is not generally used in your home state (e.g. showing prices in Euros).
> Domain name - Your website has a top level domain name of a Member State (e.g. use of the .de top level domain).
> Delivery to the Union - You will deliver your physical goods to a Member State (e.g. sending products to a postal address in Spain).
> Reference to citizens - You use references to individuals in a Member State to promote your goods and services (e.g. if your website talks about Swedish customers who use your products).
> Customer base - You have a large proportion of customers based in the Union.
> Targeted advertising - You are targeting advertising at individuals in a Member State (e.g. paying for adverts in a newspaper).