HiFiKabin wrote: ↑
Tue Dec 26, 2017 4:21 pm
The GDPR is confusing at best, and it covers more than just cookies.
That is exactly
the torture I have been dealing with at work for the past three months.
My god, no one has a clue what the regulations really mean right now. To make matters worse, we get conflicting advice from different lawyers who are apparently the best in their field.
If you are based in the USA, you are not subject to EU data protection law unless you have a presence within the European Union and export data to the United States. You need to be subject to the EU-US Privacy Shield in order for you to lawfully export information protected under EU data protection law because indivduals need to be guaranteed the same rights to their personal information in the US as they are within the EU in these circumstances (this is not the same as saying US companies need to comply with EU data protection law simply because an EU national chooses to do business with them). Essentially the question is this: do you do business or other dealings within
the European Union? This also includes whether or not you have servers within the EU. If yes to any of these questions, you are subject to EU law.
As everyone is aware by now, the UK is leaving the European Union in April 2019 (unless an extension is agreed between the member states before then) and GDPR comes from the EU. This means that technically, the UK will no longer be required to implement EU data protection law after jurisdiction is returned to Parliament. However, the UK government will
be transferring all European laws into UK law with effect from the same time
the UK ceases to be a member of the EU, so initially there will be no legal change in terms of the rights people have, and the obligations companies are bound by, under EU data protection law in effect at the time the transition happens
. However, this is dependent on a) whether Parliament even does this, even though it is the government's intention, and b) whether Parliament imports the EU legislation in full or if they choose to make amendments to the law when it is imported.
I highly suspect the UK government will reach an agreement with the European Commission in the future (perhaps before the UK withdraws from the EU) in the same way that the US government reached an agreement with the European Commission to form the EU-US Privacy Shield (and this, by the way, is the successor to the Safe Harbour Principles which were ruled unlawful by the European Court of Justice in 2015). Hopefully the UK's agreement with the US carries a better name than something that sounds like an item from Toys R Us. Anyway, if an agreement is reached between the UK and EU, the UK government might also seek to reach a separate agreement with the US, unless this will be covered in some kind of future trade agreement.
Should clarify this is not legal advice and I might be wrong - I'm not a lawyer.