It’s very dry and boring legalese, but look up the EU-US Data Privacy Framework.
TL;DR: Biden signed a law last year letting EU courts enforce GDPR fines in US courts. It never happens because companies are not stupid and defend themselves in the EU courts.
It’s a recent edition of a string of increasingly privacy-favouring legislation attempts by the US to placate the EU about the rights of its citizens being respected abroad. The gist of it is that it is a US federal law signed into force by Biden last year, which makes it so that EU citizens have legal standing in US courts to enforce EU GDPR court decisions. There is not a lot of precedent yet, but that’s part of the point.
It precludes companies from using the loophole of not having any EU presence to evade fines and rules. Companies can and almost always exempt themselves from this by having an EU entity and subjecting themselves to GDPR directly, since if they get you through this, the EU court will already have tried and found against you, and the US federal court has little room to get you off the hook, because if they do, they risk Big Tech bottom lines by endangering EU-US data transfers.
It’s very dry and boring legalese, but look up the EU-US Data Privacy Framework.
TL;DR: Biden signed a law last year letting EU courts enforce GDPR fines in US courts. It never happens because companies are not stupid and defend themselves in the EU courts.
It’s a recent edition of a string of increasingly privacy-favouring legislation attempts by the US to placate the EU about the rights of its citizens being respected abroad. The gist of it is that it is a US federal law signed into force by Biden last year, which makes it so that EU citizens have legal standing in US courts to enforce EU GDPR court decisions. There is not a lot of precedent yet, but that’s part of the point.
It precludes companies from using the loophole of not having any EU presence to evade fines and rules. Companies can and almost always exempt themselves from this by having an EU entity and subjecting themselves to GDPR directly, since if they get you through this, the EU court will already have tried and found against you, and the US federal court has little room to get you off the hook, because if they do, they risk Big Tech bottom lines by endangering EU-US data transfers.