On Wed, Nov 21, 2018 at 03:41, John Hardin <jhar...@impsec.org> wrote:
> On Tue, 20 Nov 2018, Rupert Gallagher wrote: > >> The email address is an address, part of your personally identifiable >> data. > > I'm not disputing that. I write software that deals with PII in my day job. > >> If an identifiable entity in the US sends mass mail to European >> addresses, then they must have a representative in Europe and comply >> with the GDPR. > > (1) how do you *force* someone in the US to have a representative in > Europe? > You file a complaint with your national ombudsman. In your case, stress the > fact that they are processing political data in addition to common data. Do > not expect immediate termination of spam. The ombudsman will proceed to > verify the facts, identify the parties involved, check compliance claims, and > enforce the EU-US bilateral agreement. In the end, the spammers will most > likely refuse to appoint an EU representative, and the EU will shut down > their website. > (2) if they do no business in the EU, and do not have any presence in the > EU (sending email to addresses in the EU is not "having a presence in the > EU"), how are they subject to fines for violating the law in the EU? > > If, for example, I - a private, non-commercial entity - hosted a mailing > list on my private server (which I have done in the past), and someone in > the EU subscribed and posted to that list and their email address was > captured in the list archives, and they later unsubscribed and asked for > their email address to be removed from the list archives, and I (for > whatever reason) did not do so, *how* would an EU court levy fines against > me? > > The US is not a signatory to the GDPR as far as I am aware, and I have > *no* legal presence outside the US. > The US signed a bilateral agreement with the EU: https://www.privacyshield.gov/ > >> On Tue, Nov 20, 2018 at 17:03, John Hardin <jhar...@impsec.org> wrote: >> >>> On Tue, 20 Nov 2018, Rupert Gallagher wrote: >>> >>>> Yes, if you are European, and might get some money as compensation. >>> >>> From a US political advocacy group which has no commercial presence in EU? >>> How does GDPR apply in that situation? >>> >>>> On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 <j...@j4computers.com> >>>> wrote: >>>> >>>>> Gents, >>>>> >>>>> I somehow became subscribed to a list, political in nature, in whose mail >>>>> I have no interest. This is a legitimate AFAIK, US organization. >>>>> >>>>> Thus far, several uses of their unsubscribe link had not provided relief. >>>>> Direct email to the founder and operations manager seem to have been >>>>> ignored as well. >>>>> >>>>> While I can just dump their mail, it offends my finely hones sense of >>>>> propriety, justice and my all around good nature. Besides, it hoses me >>>>> off. >>>>> >>>>> So, is there some "authority" to which I can report these a**holes? that >>>>> might have an effect? > > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > ----------------------------------------------------------------------- > The question of whether people should be allowed to harm themselves > is simple. They *must*. -- Charles Murray > ----------------------------------------------------------------------- > 600 days since the first commercial re-flight of an orbital booster (SpaceX)
