alt Hacker News> GDPR
Only applies to EU citizens' personal data, so while technically extraterritorial it doesn't feel like overreach in the same way.
> Universal jurisdiction laws
Rightly controversial when applied beyond things that are internationally agreed to be crimes against humanity, like torture or genocide.
> China's National Security Law
A perfect example of the kind of thing that the US used to define itself in opposition to.
Nations are sovereign and those with the might to push their requirements on others can do so. But I liked it better when we had a sense of the value of an open international order, where things like internet protocols were shared standards that everyone would collaborate on other than a handful of pariah states.
Replies
>Only applies to EU citizens' personal data
That's not true.
The GDPR applies to the personal data of anyone physically in the EU, to the extent that the data are processed[0] while they are in the EU.
It also applies to the personal data of anybody anywhere in the world if the data controllers are based in the EU.
The reason why it's different to US sanctions/export controls is that the GDPR doesn't say you can't work with certain people in certain circumstances because of who they are in order to punish those people for whatever reason. It's fundamentally to protect the data subjects.
[0] which includes collection of said data
The difference between any of these is just a matter of opinion on what sovereignty means, what or who or where it applies to, what is a “human rights violation”, and who has the bigger britches to back it up. /shrug