That situation is quite different. The US is using its significant power and weight to coerce those non-US banks into compliance with FACTA. Those banks don't have to comply, but they want to do business with the US and US companies, then they don't have much of a choice.
It's not like they just made a law and now insisted it applies globally, which is what the EU did.
Isn’t it actually exactly the same? The website doesn’t have to comply (and many don’t), but if they want to do business in the EU, they have to. How is that different?
The US is using the fact that people want to do business with them to coerce compliance, and as written the law only applies to US persons.
The EU claims the GDPR applies globally, regardless of if people want to do business with the EU, or even if people ever set foot in the EU. It's amusing nonsense.
it's effectively the same, small banks just shove you out of the building and refuse to open a bank account for you if FATCA applies to you, their compliance is through just not accepting US tax payers.
This is a real issue that leaves US citizens only able to open accounts at bigger banks (with shittier services but enough budget to hire a FATCA compliance department)
I haven't changed the meaning, I simply stated things accurately.
Here, though, you've misstated things inaccurately. You seem to think the points are interchangeable, and the only issue here is semantics. You couldn't be more wrong.
Perhaps you should re-read what you wrote. You specifically stated that US law does not apply to US citizens abroad.
In addition, one of my examples specifically allows the prosecution of non-us citizens for their actions abroad toward US citizens. This directly contradicts the point you claim you were making but didn't accurately state.
You're right, I noticed the inconsistency due to my error, but I had no way to edit and refine it.
I didn't know that it is illegal to pay bribes overseas, and as someone who has traveled extensively and knows it is necessary sometimes, I'm curious how enforced that law actually is. Either way though, that example and the illegal sex one are both US law applying to US persons, not US law applying to non-US persons.
> In addition, one of my examples specifically allows the prosecution of non-us citizens for their actions abroad toward US citizens.
I apologize for not giving this specific point more attention. That law is interesting, and to quote the wiki page, "The law is quite specific in that it is intended to be extraterritorial in nature".
This seems to be the first law of its kind, as unlike the other examples you gave, it explicitly applies worldwide o any foreign officials.
In response to this law I would make two points. One, it hasn't been signed into law yet, and two, this is significantly more narrow in scope than the EU law which applies to anyone running a site that an EU citizen visits.
Enforcement of the anti-bribery laws isn't really targeted at individuals traveling for fun. It is more meant to stop businesses from bribing officials.
> this is significantly more narrow in scope than the EU law which applies to anyone running a site that an EU citizen visits.
If you are looking for broad scopes, copyright and espionage are both areas where the US asserts it's right to prosecute non-citizens for acts committed outside the country. For specific high-profile examples, look at Kim DotCom and Julian Assange.
In the age of the internet, pretty much every country would like to be able to prosecute non-citizens for acts they commit while outside the country. Hackers, scammers and fraudsters frequently commit crimes against citizens of other countries and the countries where the victims reside have a clear interest in prosecuting those criminals. The limitations of doing so depends on their ability to get that criminal expedited.
With this understanding, the EU laws aren't really any different.
> Enforcement of the anti-bribery laws isn't really targeted at individuals traveling for fun. It is more meant to stop businesses from bribing officials.
That's fair enough. But then it isn't really comparable, is it? If I host a site for fun in the US that targets as much data as I can about EU citizens and targets EU citizens but doesn't break any US laws, I would still be targeted, right?
Not to mention, bribery is likely illegal in all or at least most countries.
> If you are looking for broad scopes, copyright and espionage are both areas where the US asserts it's right to prosecute non-citizens for acts committed outside the country.
These still are not good examples. Every country has laws to prosecute spies, and copyright has numerous international treaties.
These areas still don't compare, at all, to the EU saying EU law applies to anyone in any country if a EU citizen visits it and the site collects their data and targets them in a way Europe doesn't like.
> With this understanding, the EU laws aren't really any different.
You say in the age of the internet a lot of countries would like to persecute people outside their borders for offenses that take place, to some extent, in their borders.
The thing is, the EU is the first to actually claim the power to do so. The other examples you or anyone else gives just don't map for one reason or another.
> These still are not good examples. Every country has laws to prosecute spies, and copyright has numerous international treaties.
You are just moving the goal post yet again. I fail to see any difference between laws that govern forieng citizens movement of copyright data and laws that govern foriegn citizens movement of private data.
If anything, I think privacy laws are MORE ethically defensible than copyright laws since they tend to protect the powerless against the powerful rather than vice versa
> The thing is, the EU is the first to actually claim the power to do so
Again you are saying things that have been already shown to not be true.
No, I'm not. I've been consistent from the start. Seriously, go look at my earlier replies.
All your examples are either laws that have treaties backing them, or don't apply to most people, or only apply in very specific circumstances.
None of them, absolutely NONE, are as far-reaching as the EU law. The EU claims it applies to ANY entity in ANY country so long as ANY EU citizen visits, and that entity collected data and targeted EU citizens in a way the EU didn't like.
That's what makes it different. That isn't moving the goal posts, that's pointing out very clearly that this apple very clearly isn't like your orange.
> Again you are saying things that have been already shown to not be true.
Only if you remove all relevant details that show everything I've said is absolutely correct.
Enough with the tribalism. There is no shame in admitting the EU made a far-reaching law, a first of its kind, that it has no hope of enforcing.
I did, you mentioned 'treaties' for the first time in your last comment.
The ability of the USA to prosecute Kim DotCom didn't depend on any treaty. The extradition process did, but that is a question of custody.
In addition, there ARE numerous trade treaties that cover privacy, the right of countries to implement privacy regulation on international trade and specific protections that allow data exportation from the EU.
> The EU claims it applies to ANY entity in ANY country so long as ANY EU citizen visits, and that entity collected data and targeted EU citizens in a way the EU didn't like.
This is false. The entity has to be based in the EU or be offering goods and services to people in the EU to have the GDPR apply.
> There is no shame in admitting the EU made a far-reaching law, a first of its kind, that it has no hope of enforcing.
While it is a far reaching law, it is not the first of it's kind and there are thousands of fines and penalties issued under it each year.
> Only if you remove all relevant details that show everything I've said is absolutely correct.
I've already provided several examples that disprove your statment. The "relevant details" are the qualifications that you keep making up but conviently still leave off when making your false claims.
You've said so many false things throughout your comments, starting with the "US law as written is entirely reasonable and doesn't try to claim the law applies to US citizens anywhere in the world." which you even doubled down on with a double "absolutely" when I first called you on it.
At this point, I suggest you put far more effort into verifying the accuracy of what you say or nobody will take anything you say seriously. I certainly don't anymore.
I said "go look at my earlier replies" not specificly to say I had mentioned treaties earlier, but to say I hadn't been moving the goalposts. My point is the exact same.
> The extradition process did, but that is a question of custody.
This is the key point though. Plenty of western countries and especially AU/NZ are super buddy buddy with the US and happy to cooperate. Especially when they agree with the laws.
Most countries won't extradite someone for a (from their point of view) silly GDPR violation.
> In addition, there ARE numerous trade treaties that cover privacy, the right of countries to implement privacy regulation on international trade and specific protections that allow data exportation from the EU.
There is not a single treaty that covers allowing the EU the extraterritorial jjurusdiction they claim for the GDPR.
> This is false. The entity has to be based in the EU or be offering goods and services to people in the EU to have the GDPR apply.
You're right, my apologies - I should have added "offering goods and services to people in the EU" to be more specific, I had thought you would infer that from our discussion as I'd made that point previously, multiple times.
SO, here you go, a refined point: The EU claims it applies to ANY entity in ANY country offering goods and services to ANY EU citizen, and that entity collected data and targeted EU citizens in a way the EU didn't like.
That's what is ridicukous, that is what is entirely unlike any US law you've tried to compare it to. They have no ability to prosecute foreign violations and that's why, since teh GDPR came into effect, they never have.
> it is not the first of it's kind
It is. Specifically for declaring it's extraterritorial jurusdiction in the legislation, and because that can be aimed at anyone operating the 'wrong' type of website, not just officials or people commiting a specific crime.
> I've already provided several examples that disprove your statment.
No. You provided examples of laws that are not analogous, and I explained why that is.
> The "relevant details" are the qualifications that you keep making up but conviently still leave off when making your false claims.
I have not made a single false claim. Not one. You either have a misunderstanding of the GDPR, or you are going out of your way to defend and downplay the issues.
> you even doubled down on with a double "absolutely" when I first called you on it.
Yeah. I really suspect you are deliberatlly taking thing literally instead of just inferring what is obvious from the context so you can make these kinds of points, but instead of assuming bad faith I'll assume it's a misunderstanding.
> At this point, I suggest you put far more effort into verifying the accuracy of what you say or nobody will take anything you say seriously. I certainly don't anymore.
At this point, I suggest you do a little more research before jumping into these kinds of discussions. Sure, you caught me out with lacking a few qualifier, but my overall claim is absolutely correct.
No other western country has a law as far-reaching and widely applying as the GDPR, and no other western country has such a toothless law that has been so publicized that could never hope to be enforced.
I'm not lying and you know I wasn't. You can't support your point so you were looking to get points in any way you can. It's OK, I called out tribalism earlier on in the thread. I'm pretty used to it at this point. All good, no hard feelings.
The EU claims their law applies globally regardless of if people set foot in or do business in the EU. According to the EU, an EU citizen just needs to visit a site and the law applies, regardless of where the site is hosted.
According to the EU, the GDPR applies to some small shop owner in China with a website that harvests all data it can that isn't advertising in the EU, courting EU citizens in any way, has no business with the EU, etc.
Once privacy is considered as a fundamental human right, everything makes sense. When an EU citizen visit a site and the site collects their data in an unbounded way, their privacy is violated and any goverment should be responsible of protecting its citizen.
In my point of view, this is a difference of how much we define privacy as human right and what data are considered private.
> Once privacy is considered as a fundamental human right, everything makes sense.
Does it? I agree it should be, and I want to work towards a better world also, but pretending you have jurisdiction when you clearly do not, doesn't seem helpful in any way.
https://en.wikipedia.org/wiki/Foreign_Account_Tax_Compliance...