rs, regardless of their physical location…for those who don’t, it’s the most significant new framework for data regulation in recent history. Not only does every company that does business with an EU citizen have to comply with GDPR, but most major Internet companies (like Google, Facebook, etc) have already announced they intend to export the “spirit” of GDPR to all of their customers, regardless of their physical location. Given that most governments still don’t know how to think about data as a social or legal asset, GD…
No, “Every company” does not have to comply, and will not be affected. Only those in the EU who fall within EU jurisdiction. It will be interesting to watch this story unfold, and to see who is the first case to be tested in the courts.
Google and the other big gorillas know this, but they’re playing along. They also cherish this moment as a rare opportunity to grandstand and further their public image.
“Of course we’re complying. Of course we’re protecting your privacy.”
They think we’re stupid. They think we don’t know they’ve already amassed the digital footprints of every connected person in the EU. They think we don’t know that the only people GDPR will help are the unborn and those in the EU living under a rock for the past thirty years. They think we’re all going to celebrate what good sports they are. They are convinced that we don’t know what’s really going on in the background.
It’s a big deal now, simply because of all the press, and the new cottage industry the GDPR has spawned. All the grandstanding and flag waving and approval pop-ups are but marketing/PR fodder. However, I’m predicting it will soon blow over, and all the tech industry, including the cyber crime industry, outside the EU will return to business as usual.
John, don’t get me wrong — I enjoyed the article, and have clicked to follow each and every update. You’ve made excellent points, and I’m glad someone with a following is shedding some light on the unasked, unanswered questions! I have no following, so my questions will remain unanswered. But you could ask the big questions that need to be asked, and get real attention.
Some things still need full accountability and disclosure, even in the EU. We all have a right to know who owns a web site, and where they are located. You could not operate a brick-&-mortar business without proof of ownership and an address. Yet, the GDPR seems to now be legitimizing domain masking. Who does this benefit? It benefits any entity wishing to maintain complete anonymity. It benefits any entity in the world who wants to operate a business without disclosing who they are or where they are located. It benefits any entity wishing to conduct business transactions then suddenly disappear without a trace.