Hacker News new | past | comments | ask | show | jobs | submit login

GDPR applies to people located in the EU. Citizenship does not matter.



I wrote this in another comment, but this is only partially true. The GDPR protections can potentially extend to non-EU citizens who travel to the EU, but the letter of the law seems to state that that's only true if data is actually collected while the person is in the EU. In other words, Facebook and others could potentially say "if this data is geotagged in the EU, don't record it. Wait until they're back in the US." Then, since no data collection happened in the EU, they wouldn't have the right to get it deleted.

Edit: rereading https://gdpr-info.eu/art-3-gdpr/, it specifically mentions the "processing of data", not just storing. In other words, Facebook could potentially stop an American from logging in when in Europe. Would they? Likely not, it would hurt their business. But what if I (an American) sign on via a British VPN?

It also doesn't answer what would happen to the data of EU citizens who are never geotagged in the EU (due to living outside of it), but also have shadow profiles created without their consent anyway. The first GDPR lawsuit will be fascinating.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: