Forget all the stuff out there that says the GDPR protects EU citizens. This is a question of jurisdiction and enforcement. Say I run a blog under a business registered in the US funded by advertisers in the US. A EU citizen that comments on posts issues a GDPR request that I ignore. Their government fines me. I tell them to get bent, I am out of their jurisdiction. What can they do at that point?

  • FlowVoid@kbin.social
    link
    fedilink
    arrow-up
    0
    arrow-down
    1
    ·
    2 years ago

    There is no treaty. And the GDPR is not “law” in the US. You cannot sue a company for damages in the US like in the EU.

    However, there is an executive order that allows you to file a complaint if you think your privacy rights have been violated.

    You can find a good explainer here.