Another GDPR? Electric googleoo?
-
@Gurth said in Another GDPR? Electric googleoo?:
The other way would be asking everyone in the state for proof of purchase of everything they bought in other states over the past fiscal year or something, which they have every incentive to destroy all evidence of.
Or do as CA does; just assume that you spend X% of your income on out of state purchase, and demand payment of the tax on that amount.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
No, it isn't. It's determined by where the seller is.
Legally, it's determined by where the goods are delivered to (or at least it used to be, long ago when I had a business). Practically, the jurisdiction has no power to force a seller in a different jurisdiction to collect sales tax on its behalf, so the tax doesn't get paid. But legally, the buyer owes it and is supposed to pay it him/her/xirself. The state isn't going to pursue you for the $0.085 you owe for the $1 widget you bought from Joe Smith in Pennsyltucky (unless you're unlucky enough to live in Commiefornia, where they'll just guess at how much you bought during the year), but legally you owe it and they could.
-
@Gąska said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
However, most states with sales taxes require that if a business has any location in that state, then they charge sales tax to residents of that state.
So the buyer's state can force a legal entity registered in another state to pay taxes on a transaction that happened on a server in another state? Sounds like universal jurisdiction to me.
No, the state can force a buyer in that state to pay taxes on purchases made in that state. Ordinarily, this is done by having the seller collect the tax and send it to the state. They don't have the power to require sellers in a different state do this, but if the seller is in the same state, they can and do. The seller is in the same state if it has any physical operation — store, office, warehouse, whatever, even an employee working from home — within the state, even if its main office and/or registered location is elsewhere; that's irrelevant.
-
@Gąska said in Another GDPR? Electric googleoo?:
Then how come a state law can affect how an interstate transaction is taxed?
It's taxed where the product is delivered/used. Whether that jurisdiction can collect the tax without thanking down every UPS delivery from out of state and going door to door to shake down its residents is another question, but that's where the tax is due. Where the seller is located — whether the transaction is interstate — is irrelevant to how it is taxed, but only to the practicality of collecting it.
-
@error said in Another GDPR? Electric googleoo?:
Somewhere there was a
discussion of state jurisdictiondigression into a vaguely related side discussion. I'm lost now.Welcome to TDWTF.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
@remi said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
@remi said in Another GDPR? Electric googleoo?:
But if that location is entirely up to the last party to sign, then that party could impose any jurisdiction that they'd like, without the knowledge of the first party to sign.
Huh? The second party can't change the contract after the first party signs it and have it binding on the second party. Both parties need to agree to exactly the same contract.
Yes, exactly, which is why the if above can't be right. Go back and read again, that's what I said already.
How does the second party change the jurisdiction after the first party has signed?
It... can't? That the whole point. Which, again, is why saying that the location of that signing matters (to determine the jurisdiction) is wrong.
Assume that the second party decides to change the jurisdiction while the first party is signing and present the new party with a new contract with a corrected jurisdiction.
How mechanically could they change the jurisdiction?
Uh? By presenting a new contract with a corrected jurisdiction (and getting the first party to agree to it), you just said it. Your question doesn't make any sense.
I feel like we're talking past each other here.
I would argue that if you admit that a jurisdiction can impose regulations that neither parties want, then the whole discussion is meaningless.
How do sales taxes work?
How does that matter regarding where does a transaction "naturally" happen?
Because the location that the transaction happens in should be the one that gets to charge sales tax, a fee charged to the buyer that neither they not the seller want.
There is still nothing "natural" or "obvious" in which jurisdiction charges tax. In fact, both jurisdictions could very well decide to do so, if they wanted to, and both parties couldn't do anything about it. There is no moral argument that one place has more "right" to do so.
Though actually from what's been said up-thread, sales tax in the US is apparently paid based on the buyer's location, so if that argument had any value, it would point towards the applicable jurisdiction being the buyer's, not the seller's.Edit: it's apparently much more complicated than that (we're talking laws and money, so complexity is axiomatic!), but from what others said, there is no obvious single jurisdiction that's uniquely entitled to charging sales/use/whatever the name tax, so sales tax is definitely irrelevant in determining the applicable jurisdiction.
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
Then you're running the type of site I am specifically not referring to here.
Mom and pop store websites are hosted on an lowest bidder offering from a vendor located in continent C using cloud services from B that could we anywhere.
Or they don't actually have a full website but a page, an or anything on any of those things.
-
@HardwareGeek said in Another GDPR? Electric googleoo?:
@Gąska said in Another GDPR? Electric googleoo?:
Then how come a state law can affect how an interstate transaction is taxed?
It's taxed where the product is delivered/used.
The EU solves this problem by the seller charging VAT to all customers whose address is in the EU: if I, in the Netherlands, mail-order something in Italy, I pay Italian VAT, not Netherlands VAT.
Non-EU delivery addresses should not get charged VAT, though I suspect many businesses don’t bother to inform customers of that. I’ve also seen some that charge it anyway but effectively count it towards the postage charges, meaning they can appear to be cheaper in that respect.
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
My claim has always been that if the business and the servers are both located in the US, then the EU has no grounds conclude that there is business being conducted in the EU when the company has nothing (neither offices nor servers) in the EU.
It doesn't work like that. The physical location of the servers is irrelevant for pretty much everything (except the specific matters of data management, which is where the GDPR comes in and then only in relation to the data of residents of countries where that law is on the books). The location of the company is more relevant, as that determines the enforcement options; without a business presence in the EU, the company is shielded from most of those.
But if they present themselves as doing business in the EU (perhaps by getting the
momandpop.iewebsite name, or by offering other customised content for the region) then you'd better believe that the EU is going to insist on the data protection rules applying. Given that there's a general rule that contracts cannot break the law, and contracts where the power is largely one-sided (all the various B2C things fall under this umbrella) are quite a lot more closely regulated anyway, this is an area where going “haha I double said you can't get me!” is going to end up with some judge somewhere getting very unimpressed and things getting rather expensive after that.In short, yes, things are complicated but not in the ways that
thinks they are.
-
@Gurth said in Another GDPR? Electric googleoo?:
Non-EU delivery addresses should not get charged VAT, though I suspect many businesses don’t bother to inform customers of that. I’ve also seen some that charge it anyway but effectively count it towards the postage charges, meaning they can appear to be cheaper in that respect.
IIRC, the correct rule is that if you say it is a VAT charge then you have to remit it as part of your VAT return. (Also, the applicable VAT rate is always the sellers'; if you, the consumer, has paid VAT on something in the Netherlands, you don't have to pay Italian VAT even if that is higher. There's a cross-border settlement regime operated by the EU, but consumers don't need to care about that.)
-
@error said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
@error said in Another GDPR? Electric googleoo?:
@Mason_Wheeler In a much simpler scenario, I have a small online business that uses cheap shared hosting with a datacenter in another state. My business is located in Texas. The location of the servers hosting my site is a complete red herring.
All by itself, it would be. But I wasn't using it all by itself. My claim has always been that if the business and the servers are both located in the US, then the EU has no grounds conclude that there is business being conducted in the EU when the company has nothing (neither offices nor servers) in the EU.
Somewhere there was a discussion of state jurisdiction. I'm lost now.
It was used as an analogy to facilitate thinking about international commerce.
-
@HardwareGeek said in Another GDPR? Electric googleoo?:
@remi said in Another GDPR? Electric googleoo?:
the paiement might happen at any time, related or not to the signing, the fulfilment of the contract by the seller, any point in between, or after... basically it's not really relevant
From memory of decades ago, when I had a business, for the purposes of CA sales tax, a sale occurs when the goods are delivered. An order is just an order, not a sale, even if it's a prepaid order. And if payment occurs after the goods are delivered, that's just payment of a debt for the goods that were already bought/sold. (I don't remember, if I ever knew, if the possession is transferred through a third party (USPS, FedEx, whatever), whether the sale occurs when they are shipped or received.)
But that can occur as soon as the goods are handed over to a shipper:
-
@remi said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
Assume that the second party decides to change the jurisdiction while the first party is signing and present the new party with a new contract with a corrected jurisdiction.
How mechanically could they change the jurisdiction?Uh? By presenting a new contract with a corrected jurisdiction (and getting the first party to agree to it), you just said it. Your question doesn't make any sense.
I feel like we're talking past each other hereThe point is that in order for the seller to change their jurisdiction, mechanically, they would need to shut down their operations in one jurisdiction and reopen in another jurisdiction. That's a significant emotional event. It's not impossible, but if it happens mid-sale, the seller is obviously going to let the buyer know, if only so the buyer knows where to send the contract.
Barring that case, the buyer always knows where the seller will execute the contract because they're sending the contract to the seller.
@remi said in Another GDPR? Electric googleoo?:
so sales tax is definitely irrelevant in determining the applicable jurisdiction.
The sales tax stuff is just an example of a contract provision that is required by law that neither the buyer nor the seller want.
-
@GuyWhoKilledBear I still don't see anything in what you're saying that is relevant to finding out if picking one jurisdiction rather than another would be "utterly ridiculous and counter to both logic and reality."
-
@remi said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear I still don't see anything in what you're saying that is relevant to finding out if picking one jurisdiction rather than another would be "utterly ridiculous and counter to both logic and reality."
The only logical place for the contract to become binding is the location of the contract at the time the contract becomes binding. That place is wherever the second party signs it.
The first party must know that place at the time the first party signs it because the first party executes the contract first, then gives it to the second party at that location.
In the context of an online sale, it doesn't make any goddamn sense for the buyer's browser to be the "location" of the sale because the sale isn't finalized until the seller's server accepts it.
-
@HardwareGeek said in Another GDPR? Electric googleoo?:
Or do as CA does; just assume that you spend X% of your income on out of state purchase, and demand payment of the tax on that amount.
I don't remember that when doing taxes... The software did ask how much I purchased from out-of-state that wasn't taxed. (duh, $0. Amazon takes care of that!)
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
@remi said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear I still don't see anything in what you're saying that is relevant to finding out if picking one jurisdiction rather than another would be "utterly ridiculous and counter to both logic and reality."
The only logical place for the contract to become binding is the location of the contract at the time the contract becomes binding. That place is wherever the second party signs it.
I can agree on that. However you've just established the place where the contract becomes binding, which is a totally meaningless thing (I'm not even sure it has a legal existence), not the jurisdiction that applies to the contract.
Read again our discussion, I'm not going to repeat everything.
The first party must know that place at the time the first party signs it because the first party executes the contract first, then gives it to the second party at that location.
Nope. The first party must know the jurisdiction that will apply, the place of the signing is totally irrelevant. If the CEO of BigBizness wants to go on his yacht in the middle of the ocean before signing, that's his prerogative and he doesn't have to tell me beforehand, and it will not have the slightest impact on the validity or jurisdiction applicable.
In the context of an online sale, it doesn't make any goddamn sense for the buyer's browser to be the "location" of the sale because the sale isn't finalized until the seller's server accepts it.
Again, that's irrelevant for the applicable jurisdiction.
-
@remi said in Another GDPR? Electric googleoo?:
If the CEO of BigBizness wants to go on his yacht in the middle of the ocean before signing, that's his prerogative and he doesn't have to tell me beforehand, and it will not have the slightest impact on the validity or jurisdiction applicable.
If it were the case, I have a feeling a lot of people would sign contracts in international waters.
-
@error That would also open a new meaning to "space tourism..."
-
@error said in Another GDPR? Electric googleoo?:
@remi said in Another GDPR? Electric googleoo?:
If the CEO of BigBizness wants to go on his yacht in the middle of the ocean before signing, that's his prerogative and he doesn't have to tell me beforehand, and it will not have the slightest impact on the validity or jurisdiction applicable.
If it were the case, I have a feeling a lot of people would sign contracts in international waters.
Oh, derp. I guess such a contract would have zero force. I guess except as a record of the sale.
-
@error said in Another GDPR? Electric googleoo?:
I guess such a contract would have zero force.
That's even more suitable for a contract signed in space, I guess...
-
@error said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
How can that even theoretically work
The buzzword is "eventually consistent." (Which is code for, "it doesn't.")
It only means "it doesn't" if "eventually" is used the same way as US Congress / SCOTUS uses "limited times".
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
@topspin said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
@bobjanova said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
By the principle of dual criminality, if it's illegal in the US but not in your jurisdiction, they can't extradite you.
The US requests extradition in exactly those circumstances - https://en.wikipedia.org/wiki/Gary_McKinnon had never been to the US and what he did was not illegal in the UK. Fortunately he was eventually not extradited, but that doesn't mean the US didn't try to apply its laws abroad.
So... the guy did something that did not meet the dual criminality standard, and he didn't get extradited. My point exactly.
But they did try, didn't they?
Now please show us a case of a US-based mom-and-pop shop or whatever it is you're pretending to argue about which has no presence in the EU, did not do business in the EU, got threatened with a "EU protection racket", and courts actually enforced anything in that regard? Because you just moved the goalpost from your original "asserting universal jurisdiction" to actually enforcing it. To which the US really is much closer than the EU.
People have shown the converse: An American company [Google] used an American server to show information to an American customer that the EU claimed violated the GDPR.
Since that transaction didn't have any nexus in the EU, the EU's claim was asserting universal jurisdiction. They got the court to go along with it.
Oh, but now we're back at international companies with operations in both the EU and US. Wasn't that what we're
specifically not referring to here ?Not that that case would be something I agree with, it's certainly stupid, but it isn't showing the EU asserting unprecedented universal jurisdiction. It actually sounds pretty much like the MS case where the EU subsidiary of MS with servers in the EU had to hand over data to the US under US laws, as MSFT is a US company.
-
@error said in Another GDPR? Electric googleoo?:
If it were the case, I have a feeling a lot of people would sign contracts in international waters.
“You want to enforce this? You and whose navy?”
-
@remi said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
@remi said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear I still don't see anything in what you're saying that is relevant to finding out if picking one jurisdiction rather than another would be "utterly ridiculous and counter to both logic and reality."
The only logical place for the contract to become binding is the location of the contract at the time the contract becomes binding. That place is wherever the second party signs it.
I can agree on that. However you've just established the place where the contract becomes binding, which is a totally meaningless thing (I'm not even sure it has a legal existence), not the jurisdiction that applies to the contract.
Read again our discussion, I'm not going to repeat everything.
The first party must know that place at the time the first party signs it because the first party executes the contract first, then gives it to the second party at that location.
Nope. The first party must know the jurisdiction that will apply, the place of the signing is totally irrelevant. If the CEO of BigBizness wants to go on his yacht in the middle of the ocean before signing, that's his prerogative and he doesn't have to tell me beforehand, and it will not have the slightest impact on the validity or jurisdiction applicable.
In the context of an online sale, it doesn't make any goddamn sense for the buyer's browser to be the "location" of the sale because the sale isn't finalized until the seller's server accepts it.
Again, that's irrelevant for the applicable jurisdiction.
The clause in a contract that asserts the jurisdiction is only there to settle future disputes between the buyer and the seller.
The jurisdiction that the sale actually takes place in gets to impose the kind of conditions that governments get to impose, like sales tax and data protection laws, even if the buyer and seller agree to settle future disputes between them in some third location.
-
@topspin said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
@topspin said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
@bobjanova said in Another GDPR? Electric googleoo?:
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
By the principle of dual criminality, if it's illegal in the US but not in your jurisdiction, they can't extradite you.
The US requests extradition in exactly those circumstances - https://en.wikipedia.org/wiki/Gary_McKinnon had never been to the US and what he did was not illegal in the UK. Fortunately he was eventually not extradited, but that doesn't mean the US didn't try to apply its laws abroad.
So... the guy did something that did not meet the dual criminality standard, and he didn't get extradited. My point exactly.
But they did try, didn't they?
Now please show us a case of a US-based mom-and-pop shop or whatever it is you're pretending to argue about which has no presence in the EU, did not do business in the EU, got threatened with a "EU protection racket", and courts actually enforced anything in that regard? Because you just moved the goalpost from your original "asserting universal jurisdiction" to actually enforcing it. To which the US really is much closer than the EU.
People have shown the converse: An American company [Google] used an American server to show information to an American customer that the EU claimed violated the GDPR.
Since that transaction didn't have any nexus in the EU, the EU's claim was asserting universal jurisdiction. They got the court to go along with it.
Oh, but now we're back at international companies with operations in both the EU and US. Wasn't that what we're
specifically not referring to here ?No. We're not talking about international companies headquartered in the US, but with EU operations, making transactions in the EU. The EU trying to regulate a US-to-US transaction is asserting universal jurisdiction. The EU trying to regulate an EU-subsidiary-of-a-US-company-to-EU transaction is the EU asserting regular jurisdiction.
It actually sounds pretty much like the MS case where the EU subsidiary of MS with servers in the EU had to hand over data to the US under US laws, as MSFT is a US company.
Let me refer you back to what I said at the beginning of the topic.
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
The problem with an international body like [the EU] is that they'll tend to try to enforce European law on the entire operation, and I have no way of opposing European laws I disagree with.
Whereas when the US government enforces American law on foreign companies throughout their entire operation, I have the ability to vote for better politicans who will write better laws.
I recognize that there's two problems with that view.
- I personally live in a one party state with rampant election fraud, so my ability to select better politicans is a laughable joke.
- More relevantly, if I were a European, I would probably feel exactly the opposite way.
There's a very fine line between a jurisdiction adding too much extra jurisdiction-specific rules and allowing the other jurisdiction to imperialize you with their shitty laws.
We all get why this is a problem when China does this. The only reason that this is less of a problem when Europe does it is that Europe is currently less bad than China.
-
@dcon said in Another GDPR? Electric googleoo?:
@HardwareGeek said in Another GDPR? Electric googleoo?:
Or do as CA does; just assume that you spend X% of your income on out of state purchase, and demand payment of the tax on that amount.
I don't remember that when doing taxes... The software did ask how much I purchased from out-of-state that wasn't taxed. (duh, $0. Amazon takes care of that!)
Not everybody buys exclusively from Amazon.
From https://www.ftb.ca.gov/forms/2019/2019-540-booklet.html:
You can either use your purchase receipts to calculate the actual tax you owe (you are required to do this for any purchases of $1000 or more), or you can estimate based on your income.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
The clause in a contract that asserts the jurisdiction is only there to settle future disputes between the buyer and the seller.
Which is kind of the main reason for there to be a single jurisdiction agreed between both parties... but the point is that there is no "obvious" or "logical" jurisdiction for that one, which is the only thing I have ever been talking about.
The jurisdiction that the sale actually takes place in gets to impose the kind of conditions that governments get to impose, like sales tax and data protection laws, even if the buyer and seller agree to settle future disputes between them in some third location.
Yes, but not only. Any jurisdiction that has any link can (try to) impose any kind of conditions they like on transactions that go through them. Buyer's location, seller's location, currency issuer's location... We're talking politics, international agreements, rule of the strongest, whatever you want to call it, but not "logic" as was wrongly claimed originally.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
It actually sounds pretty much like the MS case where the EU subsidiary of MS with servers in the EU had to hand over data to the US under US laws, as MSFT is a US company.
Let me refer you back to what I said at the beginning of the topic.I assume you specifically refer to these parts
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
Whereas when the US government enforces American law on foreign companies throughout their entire operation, I have the ability to vote for better politicans who will write better laws.
- More relevantly, if I were a European, I would probably feel exactly the opposite way.
However, the post I was replying to is from the guy who adamantly claims that the US is basically the only country who doesn't do that.
-
@remi said in Another GDPR? Electric googleoo?:
Which is kind of the main reason for there to be a single jurisdiction agreed between both parties... but the point is that there is no "obvious" or "logical" jurisdiction for that one, which is the only thing I have ever been talking about.
You said that it was equally logical to consider the location of the buyer's browser. That doesn't make sense, because the contract doesn't become binding until the seller agrees to it at their server.
@remi said in Another GDPR? Electric googleoo?:
Yes, but not only. Any jurisdiction that has any link can (try to) impose any kind of conditions they like on transactions that go through them. Buyer's location, seller's location, currency issuer's location... We're talking politics, international agreements, rule of the strongest, whatever you want to call it, but not "logic" as was wrongly claimed originally.
Where I come from, the government is obligated to explain the logical basis for laws that it passes. [Before you remark on this, I too feel that they do so insufficiently often.]
Neither the buyer nor the seller want to pay sales tax, but the seller's jurisdiction insists on it because the seller's jurisdiction needs to fund things the seller uses like roads and the fire department.
The more tenuous the jurisdiction's claim that they are entitled to impose a regulation, the less logical it is for the seller's jurisdiction to impose that regulation on that transaction.
If the EU wants to regulate non-EU transactions, it needs a far better reason than "the US based company with US based customers has an office in the EU."
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
the seller's jurisdiction insists on it
No. You keep saying this, but that doesn't make it true. At least in the US, the tax is imposed by the buyer's jurisdiction. Practically, it can only require the seller to collect the tax on its behalf if the seller is also in the same jurisdiction, but it is the buyer's jurisdiction that collects the tax, either through the seller or directly from the buyer, as CA does through their state income (+sales/use) tax returns. As noted above, things work differently in the EU than the US (
), so it's not a universal given, either way.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
You said that it was equally logical to consider the location of the buyer's browser.
Yes. "Equally logical" as in "not logical at all in either places", which has been my point from the start.
That doesn't make sense, because the contract doesn't become binding until the seller agrees to it at their server.
And yet we've established that the location where the contract becomes binding doesn't matter.
Neither the buyer nor the seller want to pay sales tax, but the seller's jurisdiction insists on it because the seller's jurisdiction needs to fund things the seller uses like roads and the fire department.
Apart from the fact that you're apparently wrong on implying that only the seller's jurisdiction does that, that argument works equally well for the buyer's juridiction, on which the buyer is also imposing some costs (such as roads). Not the same costs, not in the same way etc. but they're also there. So if that justifies one jurisdiction putting taxes, that also justifies another doing the same thing.
If the EU wants to regulate non-EU transactions, it needs a far better reason than "the US based company with US based customers has an office in the EU."
Their argument is that it's not a non-EU transaction if it involves one party (either the customer or the company) that is located in the EU.
-
@remi said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
You said that it was equally logical to consider the location of the buyer's browser.
Yes. "Equally logical" as in "not logical at all in either places", which has been my point from the start.
Yeah, and you're wrong.
That doesn't make sense, because the contract doesn't become binding until the seller agrees to it at their server.
And yet we've established that the location where the contract becomes binding doesn't matter.
We've established no such thing. You asserted that governance is an exercise in raw power and not something that's only supposed to be done with the consent of the government.
Frankly, the biggest reason that American companies shouldn't be subject to EU law is because too much of the EU parlimentary electorate agrees with you and not me on the issue.
Apart from the fact that you're apparently wrong on implying that only the seller's jurisdiction does that, that argument works equally well for the buyer's juridiction, on which the buyer is also imposing some costs (such as roads). Not the same costs, not in the same way etc. but they're also there. So if that justifies one jurisdiction putting taxes, that also justifies another doing the same thing.
The buyer's jurisdiction can't impose taxes on the sale that bind the seller to remit them because the seller and the buyer's jurisdiction don't have a relationship.
Taxes that the buyer's jurisdiction charges to the buyer after the sale (use taxes) have nothing to do with the sale itself. The seller is supposed to stop the sale if the buyer can't pay the sales tax. The same is not true of use taxes.
If the EU wants to regulate non-EU transactions, it needs a far better reason than "the US based company with US based customers has an office in the EU."
Their argument is that it's not a non-EU transaction if it involves one party (either the customer or the company) that is located in the EU.
Yeah, because they see the laws as an exercise in raw power and not something that needs the consent of the governed. An American company that does American transactions with American customers out of an American office should not have those transactions regulated by the EU.
The fact that the same company does EU transactions with EU customers out of an EU office is not a legitimate reason to apply EU laws to American transactions.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
Yeah, and you're wrong.
No, U!
And yet we've established that the location where the contract becomes binding doesn't matter.
We've established no such thing.
Don't tell me you still believe that it changes anything if the CEO goes yachting before signing. It should be obvious that the location where the signing takes places is entirely irrelevant.
You asserted that governance is an exercise in raw power and not something that's only supposed to be done with the consent of the government.
You're mixing feelz and realz. Both parts are true. Governance is an exercise in raw power, that's a fact, especially when looking at international politics where there is no upper authority to impose decisions on both parties. Governance is also supposed to be done with consent, that's the theory. That reality doesn't (always) match the theoretical description is... well, reality.
Yeah, because they see the laws as an exercise in raw power and not something that needs the consent of the governed.
Are you talking about the US policing all transactions in USD?
EOT for me. I've made my point about jurisdictions several times, you don't agree with it, fine. I'm not really interested in you
ing about the EU doing what the US has been doing for years since there is nothing particularly logical or moral in either of those. Especially since I've never actually told you how I feel about the EU thing so I'm not particularly interested in listening to what your 
might tell you.
-
@remi said in Another GDPR? Electric googleoo?:
I'm not really interested in you :ling about the EU doing what the US has been doing for years since there is nothing particularly logical or moral in either of those. Especially since I've never actually told you how I feel about the EU thing so I'm not particularly interested in listening to what your might tell you.
You're implying very strongly that we agree here. I'm very curious as to how this turned into such an argument.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
An American company that does American transactions with American customers out of an American office should not have those transactions regulated by the EU
That's not what the proposal that stated this whole thread is about though. It's about an American company doing things (what things is not particularly relevant to the principle) with EU customers having those things regulated by the EU.
Sending customers' data from the EU to the US is certainly something that the EU can legitimately be concerned with.
-
modules:composer.user_said_in, @bobjanova, Another GDPR? Electric googleoo?
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
An American company that does American transactions with American customers out of an American office should not have those transactions regulated by the EU
That's not what the proposal that stated this whole thread is about though. It's about an American company doing things (what things is not particularly relevant to the principle) with EU customers having those things regulated by the EU.
Sending customers' data from the EU to the US is certainly something that the EU can legitimately be concerned with.
Yeah, I know. And if you go back and read my first post about it, my objection to it is rooted in two places.
- I am worried about the EU expanding the regulation beyond the current proposal so that it affects US-to-US transactions.
- The GDPR is a bad law and an example of government overreach, even when applied to EU-to-EU transactions. To the extent that the GDPR was made with the consent of the EU citizens governed by it, I feel that the citizens made a mistake.
-
@GuyWhoKilledBear I see, so you're not actually worried about this proposal, but what might be proposed in this area in future?
GDPR has a couple of small areas of overreach (e.g. email addresses shouldn't be treated as PII) but in general I think it's a good update of data protection law for the Internet age.
-
@bobjanova said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear I see, so you're not actually worried about this proposal, but what might be proposed in this area in future?
GDPR has a couple of small areas of overreach (e.g. email addresses shouldn't be treated as PII) but in general I think it's a good update of data protection law for the Internet age.
The Right To Be Forgotten provisions are awful. That's really my big issue with it.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
- I am worried about the EU expanding the regulation beyond the current proposal so that it affects US-to-US transactions.
One problem - how would they enforce it then?
- The GDPR is a bad law and an example of government overreach, even when applied to EU-to-EU transactions. To the extent that the GDPR was made with the consent of the EU citizens governed by it, I feel that the citizens made a mistake.
I don't mean to be inflammatory, but I feel like you've been greatly misinformed what GDPR actually is about. I don't blame you; much like with COVID, 99.999% of articles, presentations, blog posts and videos explaining GDPR have been misinformation, either intentional or just due to clueless people not realizing how clueless they are.
-
@Gąska said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
- I am worried about the EU expanding the regulation beyond the current proposal so that it affects US-to-US transactions.
One problem - how would they enforce it then?
We're talking about a scenario where the US company serves American customers from an American office and EU customers from an EU office.
The EU could threaten the EU operation and the EU employees if the company doesn't follow EU regulations in US-to-US transactions.
This has actually happened. A Frenchman filed a Right to be Forgotten request asking Google to deindex a news story written about him in a French newspaper. Google deindexed the story from searches performed in France.
The man then sued because the story still showed up in American search results. The court sided with the man and demanded that Google censor search results delivered to American customers by American servers.
- The GDPR is a bad law and an example of government overreach, even when applied to EU-to-EU transactions. To the extent that the GDPR was made with the consent of the EU citizens governed by it, I feel that the citizens made a mistake.
I don't mean to be inflammatory, but I feel like you've been greatly misinformed what GDPR actually is about. I don't blame you; much like with COVID, 99.999% of articles, presentations, blog posts and videos explaining GDPR have been misinformation, either intentional or just due to clueless people not realizing how clueless they are.
Is the GDPR salvageable? Probably.
But the Right to be Forgotten stuff is an infringement on the right to freedom of the press (which is a God-given right that should apply equally in the US, France, and everywhere else.) Needing to hire an EU-based GDPR Compliance Officer is kind of a shakedown. And the law is overly broad in it's definition of PII. Also, it kind of smacks of unequal application of law. (Google was linking to a page published by a French newspaper. The newspaper wasn't censored, just Google's link. Hmm...)
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
@Gąska said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
- I am worried about the EU expanding the regulation beyond the current proposal so that it affects US-to-US transactions.
One problem - how would they enforce it then?
We're talking about a scenario where the US company serves American customers from an American office and EU customers from an EU office.
The EU could threaten the EU operation and the EU employees if the company doesn't follow EU regulations in US-to-US transactions.
I see. Although I also see why there could be legitimate reasons for that.
This has actually happened. A Frenchman filed a Right to be Forgotten request asking Google to deindex a news story written about him in a French newspaper. Google deindexed the story from searches performed in France.
The man then sued because the story still showed up in American search results. The court sided with the man and demanded that Google censor search results delivered to American customers by American servers.
The utter idiocy of the law to be forgotten aside (we're both right-wing, we both believe personal opinion is no reason to ignore a law). If the filtering is done based on detected - or even worse, self-reported - location, then there's nothing stopping French people in France from using a proxy (or just selecting a different language) to search the "forgotten" person's name. Removing results from France only is no help for that guy.
- The GDPR is a bad law and an example of government overreach, even when applied to EU-to-EU transactions. To the extent that the GDPR was made with the consent of the EU citizens governed by it, I feel that the citizens made a mistake.
I don't mean to be inflammatory, but I feel like you've been greatly misinformed what GDPR actually is about. I don't blame you; much like with COVID, 99.999% of articles, presentations, blog posts and videos explaining GDPR have been misinformation, either intentional or just due to clueless people not realizing how clueless they are.
Is the GDPR salvageable? Probably.
But the Right to be Forgotten stuff is an infringement on the right to freedom of the press (which is a God-given right that should apply equally in the US, France, and everywhere else.)
Agreed.
Needing to hire an EU-based GDPR Compliance Officer is kind of a shakedown.
Imagine if you didn't. How can anyone sue you for any violations of the EU law?
It doesn't have to be a direct employee. You can just hire services of a law firm. Considering you do business in EU, is it really that far fetched to think you already have some law firm representing you in the EU anyway?
And the law is overly broad in it's definition of PII.
Agreed. But considering that everyone and their dog is being extremely (and I mean EXTREMELYYYYYYYYYYYYYYYY) intrusive with their tracking scripts everywhere, every edge case is rather a hypothetical concern than a real problem because even with the most conservative definition of PII imaginable, everyone would still be deep into "collects PII for no valid business reason and carelessly shares it with the entire world" territory.
Did you realize than an average GDPR dialog lists over 200 partners that they're going to share data with? Over. Two. Hundred. And they're all ad agencies. And I've seen some news sites with as much as 700!
Also, it kind of smacks of unequal application of law. (Google was linking to a page published by a French newspaper. The newspaper wasn't censored, just Google's link. Hmm...)
AFAICR it was done intentionally and, somewhat ironically, exactly because of freedom of press. The reasoning being that newspapers can publish whatever they want, but Google isn't a newspaper so they cannot. And while the main purpose of a newspaper is to read newest articles, the main purpose of Google is to search the collective history of the entire humanity in the last 25 years for any appearance of a given search phrase - like, being able to dig up dirt on people is part of Google's core service, which isn't true of a newspaper.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
Needing to hire an EU-based GDPR Compliance Officer is kind of a shakedown.
It's not "kind of;" that's precisely what it is.
-
@Gąska said in Another GDPR? Electric googleoo?:
The utter idiocy of the law to be forgotten aside (we're both right-wing, we both believe personal opinion is no reason to ignore a law). If the filtering is done based on detected - or even worse, self-reported - location, then there's nothing stopping French people in France from using a proxy (or just selecting a different language) to search the "forgotten" person's name. Removing results from France only is no help for that guy.
This is true. There are two conclusions you can draw from this fact. The first is "therefore RTBF is pointless and needs to die;" the other is "therefore, universal jurisdiction." It's rather telling that the EU chose to draw the latter conclusion rather than the former.
Needing to hire an EU-based GDPR Compliance Officer is kind of a shakedown.
Imagine if you didn't. How can anyone sue you for any violations of the EU law?
Screw them. I'm a US entity, all transactions are occurring in the US, and the EU has no jurisdiction. If they don't like that, they're quite free to not use my services.
Agreed. But considering that everyone and their dog is being extremely (and I mean EXTREMELYYYYYYYYYYYYYYYY) intrusive with their tracking scripts everywhere, every edge case is rather a hypothetical concern than a real problem because even with the most conservative definition of PII imaginable, everyone would still be deep into "collects PII for no valid business reason and carelessly shares it with the entire world" territory.
Did you realize than an average GDPR dialog lists over 200 partners that they're going to share data with? Over. Two. Hundred. And they're all ad agencies. And I've seen some news sites with as much as 700!
Then make a law that deals with that, not a law that uses it as an excuse to sneak in universal jurisdiction and extortion.
AFAICR it was done intentionally and, somewhat ironically, exactly because of freedom of press. The reasoning being that newspapers can publish whatever they want, but Google isn't a newspaper so they cannot. And while the main purpose of a newspaper is to read newest articles, the main purpose of Google is to search the collective history of the entire humanity in the last 25 years for any appearance of a given search phrase - like, being able to dig up dirt on people is part of Google's core service, which isn't true of a newspaper.
...and why is that a problem? If you don't want your misdeeds to show up on future Google search results... don't commit any!
-
@Gąska said in Another GDPR? Electric googleoo?:
AFAICR it was done intentionally and, somewhat ironically, exactly because of freedom of press. The reasoning being that newspapers can publish whatever they want, but Google isn't a newspaper so they cannot. And while the main purpose of a newspaper is to read newest articles, the main purpose of Google is to search the collective history of the entire humanity in the last 25 years for any appearance of a given search phrase - like, being able to dig up dirt on people is part of Google's core service, which isn't true of a newspaper.
I understand where you're coming from on the rest of the post. And I mostly agree, so please take this in the spirit in which it's intended.
The fact that a French court draws a distinction between a newspaper's freedom of the press and Google's freedom of the press is EXACTLY why I'm worried about French or EU court judgements being binding in the US.
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
The fact that a French court draws a distinction between a newspaper's freedom of the press and Google's freedom of the press is EXACTLY why I'm worried about French or EU court judgements being binding in the US.
That's one of the things I hate about Europe - freedom of press is exclusive to the press. There's like fifty thousand different laws that make a distinction between a journalist and a private citizen, giving the former much greater rights to what they can say in public. And of course, youtubers aren't considered journalists.
-
@Mason_Wheeler said in Another GDPR? Electric googleoo?:
@Gąska said in Another GDPR? Electric googleoo?:
The utter idiocy of the law to be forgotten aside (we're both right-wing, we both believe personal opinion is no reason to ignore a law). If the filtering is done based on detected - or even worse, self-reported - location, then there's nothing stopping French people in France from using a proxy (or just selecting a different language) to search the "forgotten" person's name. Removing results from France only is no help for that guy.
This is true. There are two conclusions you can draw from this fact. The first is "therefore RTBF is pointless and needs to die;" the other is "therefore, universal jurisdiction."
There's a third one that you're ignoring: "if your method of blocking French people can be trivially circumvented by French script kiddies, you're not blocking anything". Which Google didn't and they were fully aware of. Kinda like G2A letting you select which country's VAT rate you want to pay, or select "out of EU" to pay 0%.
It's rather telling that the EU chose to draw the latter conclusion rather than the former.
It's rather telling that you consistently ignore the existence of a third option whenever one exists.
Needing to hire an EU-based GDPR Compliance Officer is kind of a shakedown.
Imagine if you didn't. How can anyone sue you for any violations of the EU law?
Screw them. I'm a US entity, all transactions are occurring in the US, and the EU has no jurisdiction. If they don't like that, they're quite free to not use my services.
If all transactions occur in the US then no data officer is needed. What are you ranting about here, again?
Agreed. But considering that everyone and their dog is being extremely (and I mean EXTREMELYYYYYYYYYYYYYYYY) intrusive with their tracking scripts everywhere, every edge case is rather a hypothetical concern than a real problem because even with the most conservative definition of PII imaginable, everyone would still be deep into "collects PII for no valid business reason and carelessly shares it with the entire world" territory.
Did you realize than an average GDPR dialog lists over 200 partners that they're going to share data with? Over. Two. Hundred. And they're all ad agencies. And I've seen some news sites with as much as 700!
Then make a law that deals with that
We just did. And you can't stop whining about it.
AFAICR it was done intentionally and, somewhat ironically, exactly because of freedom of press. The reasoning being that newspapers can publish whatever they want, but Google isn't a newspaper so they cannot. And while the main purpose of a newspaper is to read newest articles, the main purpose of Google is to search the collective history of the entire humanity in the last 25 years for any appearance of a given search phrase - like, being able to dig up dirt on people is part of Google's core service, which isn't true of a newspaper.
...and why is that a problem?
Did I ever say it's a problem? I only explained the lawmakers' reasoning. You may have
missednot bothered to read the part of my post where I explained I disagree with the law to be forgotten too, but I disagree with the law to be forgotten too.
-
modules:composer.user_said_in
-
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
God-given right
Found the point where you’re going off the rails.
-
@Gurth said in Another GDPR? Electric googleoo?:
@GuyWhoKilledBear said in Another GDPR? Electric googleoo?:
God-given right
Found the point where you’re going off the rails.
Found the point where you shouldn't have a say in deciding what laws should be created. Rights have to preexist government for them to mean anything at all.
FOB (shipping) - Wikipedia
