1. 3
    w0wt1p avatar w0wt1p 2 months ago | link | on: UI/UX tricks against GDPR (and users)

    One of the good things with GDPR is that it puts a light on the issue. Before, unless you run Ghostery or something similar you wouldn’t even know how many trackers you were subjected to by visiting a site.

    1. 2
      gpm avatar gpm 3 months ago | link | on: Why should any non-Euro companies care about the GDPR?

      Something I’ve been wondering about (and this is probably the wrong forum to ask about) is whether or not doing this would result in employees or executives having issues if they go to Europe?

      1. 0
        geocar avatar geocar 3 months ago | link

        What do you mean?

        I’m doing GDPR consulting at the moment.

        1. 1
          whbboyd avatar whbboyd 3 months ago | link

          I think the question is something along the lines of “could a company be prosecuted for violations of the GDPR if its employees visit or work in Europe”.

          I assume the answer is “no”, as long as they’re not actually doing business in Europe. (Which would be the primary reason to have employees there, but with the increased prevalence of remote work, it’s not necessarily the case.)

          1. 2
            cpnielsen avatar cpnielsen 3 months ago | link

            I am fairly certain you could even go to EU and work in an office on data for non-EU customers and still not be subject to GDPR. As long as you are not dealing with any EU entities, your physical location should not matter.

            1. 1
              w0wt1p avatar w0wt1p 2 months ago | link

              “It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”

              https://www.eugdpr.org/gdpr-faqs.html

              So if you are working in the EU, your company would probably need to comply with GDPR, as they likely has personal information on you in their systems. I guess it comes down to how lawyers would interpret “residence”. Enforcable? Idk.

          2. 1
            gpm avatar gpm edited 3 months ago | link

            Suppose I work for a company in Canada and that company flagrantly violate’s the GDPR. I later leave the company and move to Europe.

            Is it possible for Europe to come after me personally, instead of (or as well as) the company?

            What if I’m the CTO? CEO? Owner? Just an employee but directly responsible for the GDPR violations?

            What if I don’t leave the company and just go to Europe on a vacation?

            1. 4
              Cellivar avatar Cellivar 3 months ago | link

              Is it possible for Europe to come after me personally, instead of (or as well as) the company?

              This is the entire point of the legal fiction of a “corporate person”. If a corporation is doing bad things, you go after the corporation. It’s very rare that anyone within the company directly is charged with a crime unless they’re knowingly and intentionally violating something. GDPR is fairly lenient with remediation and other things.

              What if I don’t leave the company and just go to Europe on a vacation?

              They’d more or less have to issue a warrant for you, and you would know.

              1. 2
                geocar avatar geocar 3 months ago | link

                Maybe if it were egregious enough.

                The US has been known to go after employees of money launderers and copyright violators in other companies, so it’s not without an international precedent, but I’d need more information to give better advice.