Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Let me rephrase: If the data is in the EU it is covered by GDPR no matter where the person that creates the data is at (yes in the US too) but the person isn't covered by the GDPR, the data (that is in the EU) is covered. It is not the same thing. What most people seem to think is the EU overreaching and "making laws that reach outsides its borders" is in cases where a foreign company (like Facebook) gets regulated by GDPR even though the company is outside the EU. This is because the data is in the EU and of course data in the EU isn't under US or any other entities law but EU (and member states). If you transfer data outside the EU you either do so illegally or have to follow the rules of the GDPR. It still doesn't reach outside the EU borders. Of course if you do something criminally the EU might judge you no matter where you are at just like the US with PROTECT Act of 2003 but that is another matter.


Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: