Here is now four (at least) different things going on.
Yes, if you have users from EU you as an afmin/owner must follow GDPR.
if you don’t have have EU-users, but you are using european companies for mail or hosting you don`t need to follow GDPR, but those companie must follow GDPR even you are not from/at EU.
No, GDPR is not forcing destroying posts and comments. Anonymizati9n is enough. And no, you don’t need to edit backups, but you may store backups only as long it is absolut necessary. So, don’t harvest your one or five years old backups and trying to claim it is ok
GDPR regulates personal data. What and how you can or cannot ask, store and use, for what and how long. CDCK can store my IP (it is still not sensitive personal data that can identify me) and they can even ask my name and country. But street address is regulated piece of information and asking me send copy of passport or driving licence is in most of cases real big no-no.
And I’m a little bit sorry to say this at loud, but american services, and with service I mean admins, are really big and greedy issue from european point of view. Spamming in the name of marketing and sales using solution that tries follow every action a person does is very american way. And how darn strongly americans are pro-independent and my-home-is-my-castle I’ve kept that allways very interesting.
Yes. Now I’m totally off topic, again. And no, by design Discourse is not build to break people’s virtual personal space. Discourse is actually more or less like Mastodon for example and is planned to work decently responsible way. And anonymization is one part of that (and automatic deletion after wanted timeframe if there is no logins; that is actually worth of praise, because B2B customers of CDCK needs that).
GDPR is matter of personal data that can be used to identify individuals. It has nothing to do with topics and comments per se.
Some American companies certainly are big and greedy, but most of these were created by Europeans of course.
The Dutch East India trading company is the worst.
My site is mainly for people who don’t have street addresses, but those are required for building permits in both the U.S. and Canada.
Except for manufacturing houses that can be moved on trucks/ships, that is my plan to build those and then sell, once they are sold people can register them with a permanent address but that is optional.
In the U.S. there is the Federal Trade Commission, this is the closest thing to the GDPR I know of in America. Similar intent to “Protect American Consumers,” as the GDPR is to protect people in Europe, however don’t believe they would offer help to people who aren’t E.U. citizens.
Trying to find where they have policy posted in regards to forums not sure where that is at. I believe there are requirements against personal information being in forum posts, especially if site administrators won’t delete those upon request.
The FBI department that would enforce that is this one:
So, if your non-EU-member is saved lifelong vacation days to take a 2 weeks trip to Paris you don’t need to follow GDPR.
That means you can harvest and save what ever personal info, use opt-out spam-memberships and you don’t need consent for anything. And all of that in the meaning EU doesn’t care.
Actually… what are you afraid of GDPR? If you will handle data as you should and respecting users’ basic privacy, telling what are you storing and how long, keeping transparency and openess, you would follow GDPR. And then you don’t need to wonder who, where and why.
UK still has GDPR style regulation. So ad admins/companies we can’t opt-in or follow as we like. And AFAIK Switzerland follows GDPR-regulation, as does Norway for sure, even they aren’t in EU either.
The wording of Article 3(2) refers to “personal data of data subjects who are in the Union”. The application of the targeting criterion is therefore not limited by the citizenship, residence or other type of legal status of the data subject whose personal data are being processed.
While the location of the data subject in the territory of the Union is a determining factor for the application of the targeting criterion as per Article 3(2), (…) that the data subject be located in the Union must be assessed at the moment when the relevant trigger activity takes place
So the US citizen who is in vacation in Paris is subject to the GDPR during their stay - as far as it concerns services which were initiated during their stay. Their existing USA cell phone contract is not suddenly subject to the GDPR.
Emphasis mine, from the same document I linked before.
The EDPB considers however that, in relation to processing activities related to the offer of services, the provision is aimed at activities that intentionally, rather than inadvertently or incidentally, target individuals in the EU. Consequently, if the processing relates to a service that is only offered to individuals outside the EU but the service is not withdrawn when such individuals enter the EU, the related processing will not be subject to the GDPR. In this case the processing is not related to the intentional targeting of individuals in the EU but relates to the targeting of individuals outside the EU which will continue whether they remain outside the EU or whether they visit the Union
It’s not, and speculating won’t help a discussion.
That is regulating EU based companies in the meaning they have to use same rules to everyone. Different thing than CDCK have to follow GDPR when an user from India will take a trip to Italy, but not when tht same users will take a tour to Scotland.
Summary: Iceland is a European Economic Area (‘EEA’) member, but is not an EU Member State. The GDPR applies in the EEA by virtue of Decision No. 154/2018 of the EEA Joint Committee, and was implemented in Iceland by the Act. The transitional provisions of the Act state that all rules and regulations which have been issued under the old Law 77/2000 on the Protection of Privacy as Regards the Processing of Personal Data will continue to be valid as long as they do not infringe the Act and the GDPR. Persónuvernd is an active regulator that has issued several guidelines on the GDPR and data processing in Iceland.
Thanks for this comment, my intention wasn’t to ask for legal advice but rather what is the law as it is written.
May want to consult with lawyers about terms and conditions that is probably wise to do that. All I can do now is just declare terms to the relevant governments directly.
If I read what you wrote correctly sounds like legal advice isn’t specifically prohibited here at meta, however that is definitely a risk for both the person asking and anyone who answers with statements that could be considered legal advice.
As in, if I say to a judge or jury: Jakke from Finland told me this, but what he wrote turns out to not be entirely true, Jakke might be in trouble for that.
There are specific laws with courthouse clerk office staff that they are absolutely prohibited from giving out any legal advice at all to anyone.