It’s pretty sad that only EU seems to care about the privacy of its citizens.
Tbh this seems more like a right, it’s my account and i should be able to delete it whenever i want, not ‘request’ meta to delete it
None of this is an attack on you but the simple reality we live under. I don't like any of it but it is true.
Tbh this seems more like a right,
Sadly, the only rights anyone has are those they receive from the nation state/political entity they belong to.
it’s my account
While you created it, it is on their system and I guarantee their Terms and Conditions (which nobody ever reads) state they can do whatever they want when ever they want.
What else can the EU do? They can't force an American company to follow EU regulation outside of the EU.
Edit: oh damn I read your comment wrong. I read it as "It’s pretty sad that the EU seems to only care about the privacy of its own citizens." To that I'd say get your own regulation, but that's exactly what you called for. Nvm then.
Could be a person at an airport, a shipping container in a port, or an internet packet traveling down a series of intercontinental tubes to an isp. Result is still the same.
To do business in another country, you have to play by their rules. Literally nobody else on the planet gives a shit if it's "an American company". Hell, not even most AMERICANS give that much of a shit.
The EU is doing all they can here. They require EU citizens need a way to have their data deleted, within 1 month or after a response with specific reasons within 3 months.
This ofc makes companies act like this for accounts located inside the EU. Then further, every EU citizen outside the EU has a right to this too, so if a company chooses to geolock the deletion feature, all those outside citizens act as a minefield and strain on the system until they stop geolocking the feature.
This then means everyone (EU citizens or not) can manually contact support, both straining their system and making them look into making this process as difficult as possible. This will inevitably lead to them blocking actual EU citizens outside the EU, who can then sue them until they stop locking the feature and make it available to everyone. The company can't just ask for some legal document proving citizenship either, since that itself would be a gdpr violation. So the end state has to be a system that everyone can use - EU citizen or not.
The EU can't demand anything about non-citizens, so as I see it this is the best they can do, by demanding certain rights only to their citizens. The downside is it may take years and a few court battles, but the final state should be the law applying for all users.
FYI. its for anyone who is within the territory of the EU, not necessarily citizens. So if a EU citizen is outside the EU, these rights no longer apply (based solely on the location of the user. there are other factors which might give everyone the same rights no matter the location)
Theoretically, yes. (Art.3.2: https://gdpr-info.eu/art-3-gdpr/)
And because many compaies usually only have the IP as location information, a VPN should do the trick in most cases too.
Of course good luck enforcing your rights when you dont actually live there and the company ignores you…
They can't send data from the EU to hoard in America in the first place and considering they have headquarters in Ireland and data centers all over the show it's not like the EU does not have plenty of recourse.
I am not a legal experte, but in the EU you might be able to sue the now.
It’s pretty sad that only EU seems to care about the privacy of its citizens. Tbh this seems more like a right, it’s my account and i should be able to delete it whenever i want, not ‘request’ meta to delete it
None of this is an attack on you but the simple reality we live under. I don't like any of it but it is true.
Sadly, the only rights anyone has are those they receive from the nation state/political entity they belong to.
While you created it, it is on their system and I guarantee their Terms and Conditions (which nobody ever reads) state they can do whatever they want when ever they want.
What else can the EU do? They can't force an American company to follow EU regulation outside of the EU.
Edit: oh damn I read your comment wrong. I read it as "It’s pretty sad that the EU seems to only care about the privacy of its own citizens." To that I'd say get your own regulation, but that's exactly what you called for. Nvm then.
In order to operate in the EU they must follow EU rules and part of that rule set is the GPDR which says an individual has the right to be forgotten.
Ninja edit: Nevermind, I completely misunderstood the comment I responded to.
"An American company" means very little when they operate outside of America.
"Im an american (company)!"
"so go back to America"
revokes domain access to country
Could be a person at an airport, a shipping container in a port, or an internet packet traveling down a series of intercontinental tubes to an isp. Result is still the same.
To do business in another country, you have to play by their rules. Literally nobody else on the planet gives a shit if it's "an American company". Hell, not even most AMERICANS give that much of a shit.
Ninja edit: Nevermind, I completely misunderstood the comment I responded to.
The EU is doing all they can here. They require EU citizens need a way to have their data deleted, within 1 month or after a response with specific reasons within 3 months.
This ofc makes companies act like this for accounts located inside the EU. Then further, every EU citizen outside the EU has a right to this too, so if a company chooses to geolock the deletion feature, all those outside citizens act as a minefield and strain on the system until they stop geolocking the feature.
This then means everyone (EU citizens or not) can manually contact support, both straining their system and making them look into making this process as difficult as possible. This will inevitably lead to them blocking actual EU citizens outside the EU, who can then sue them until they stop locking the feature and make it available to everyone. The company can't just ask for some legal document proving citizenship either, since that itself would be a gdpr violation. So the end state has to be a system that everyone can use - EU citizen or not.
The EU can't demand anything about non-citizens, so as I see it this is the best they can do, by demanding certain rights only to their citizens. The downside is it may take years and a few court battles, but the final state should be the law applying for all users.
FYI. its for anyone who is within the territory of the EU, not necessarily citizens. So if a EU citizen is outside the EU, these rights no longer apply (based solely on the location of the user. there are other factors which might give everyone the same rights no matter the location)
Does that mean I can go to Europe and be covered by GPDR?
Theoretically, yes. (Art.3.2: https://gdpr-info.eu/art-3-gdpr/)
And because many compaies usually only have the IP as location information, a VPN should do the trick in most cases too.
Of course good luck enforcing your rights when you dont actually live there and the company ignores you…
They can't send data from the EU to hoard in America in the first place and considering they have headquarters in Ireland and data centers all over the show it's not like the EU does not have plenty of recourse.
Yes, in the EU, they have to comply within a month. If they don't you'll take it to your countries data protection ombudsman.
You can't sue, but you can and should report it and hopefully they will fine them.