Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So that's going to be a really interesting thing to watch. Technically, the answer to your question is no - GDPR has nothing to do with being in the EU, it has to do with being a citizen of the EU. So if you're an American who travels to the EU, your shadow profile might get tagged with being in the EU, but you're still not eligible for GDPR protections.

On the other hand, if you're an EU citizen living in the United States for the last 20 years (meaning, before the advent of Facebook), you technically have the right to request that all your data be deleted from Facebook's servers.

Now, how will you know if they have data on you? Can you just assume that they do and make the request anyway? Will tech companies begin verifying your citizenship to tell if GDPR really applies to you? We'll soon see.



If you're an American, then you can gain (indirect) access to GDPR protections by transferring ownership of your Facebook account to a citizen of an EU member state. They can then withdraw consent to track personal data from Facebook for that account and/or send a subject access request.

Taking this action violates the Facebook ToS and will result in your account being closed.

Checkmate?


I wonder if someone could make a legitamite bussiness out of this?

pay someone 5$ to get your account trasferred to a EU citizen, and consequently removed by the GDPR guidelines.

Your still taking a huge risk by giving your profile to someone unknown though.


You might be able to structure the sale so that the European was the data subject for GDPR reasons, but did not have the passwords. That seems reasonable because under the GDPR, a company like Equifax would be obligated to purge your data if you withdrew consent even though you don't have access to the account they have on you.


GDPR applies to anyone processing personal data about a subject who is in the EU. His or her citizenship does not matter. So you can just go to Europe and make your claim from there. https://gdpr-info.eu/art-3-gdpr/


It may be - but that would just allow Facebook to say "if the login is from an EU IP, don't save this record" - but the rest of your profile, generated in the United States, can still remain. As long as no collection happens while you're within the EU, they may be fine. The whole thing will have to play itself out in court, it seems.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: