The EU is doing all they can here. They require EU citizens need a way to have their data deleted, within 1 month or after a response with specific reasons within 3 months.
This ofc makes companies act like this for accounts located inside the EU. Then further, every EU citizen outside the EU has a right to this too, so if a company chooses to geolock the deletion feature, all those outside citizens act as a minefield and strain on the system until they stop geolocking the feature.
This then means everyone (EU citizens or not) can manually contact support, both straining their system and making them look into making this process as difficult as possible. This will inevitably lead to them blocking actual EU citizens outside the EU, who can then sue them until they stop locking the feature and make it available to everyone. The company can’t just ask for some legal document proving citizenship either, since that itself would be a gdpr violation. So the end state has to be a system that everyone can use - EU citizen or not.
The EU can’t demand anything about non-citizens, so as I see it this is the best they can do, by demanding certain rights only to their citizens. The downside is it may take years and a few court battles, but the final state should be the law applying for all users.
FYI. its for anyone who is within the territory of the EU, not necessarily citizens. So if a EU citizen is outside the EU, these rights no longer apply (based solely on the location of the user. there are other factors which might give everyone the same rights no matter the location)
Theoretically, yes. (Art.3.2: https://gdpr-info.eu/art-3-gdpr/)
And because many compaies usually only have the IP as location information, a VPN should do the trick in most cases too.
Of course good luck enforcing your rights when you dont actually live there and the company ignores you…
The EU is doing all they can here. They require EU citizens need a way to have their data deleted, within 1 month or after a response with specific reasons within 3 months.
This ofc makes companies act like this for accounts located inside the EU. Then further, every EU citizen outside the EU has a right to this too, so if a company chooses to geolock the deletion feature, all those outside citizens act as a minefield and strain on the system until they stop geolocking the feature.
This then means everyone (EU citizens or not) can manually contact support, both straining their system and making them look into making this process as difficult as possible. This will inevitably lead to them blocking actual EU citizens outside the EU, who can then sue them until they stop locking the feature and make it available to everyone. The company can’t just ask for some legal document proving citizenship either, since that itself would be a gdpr violation. So the end state has to be a system that everyone can use - EU citizen or not.
The EU can’t demand anything about non-citizens, so as I see it this is the best they can do, by demanding certain rights only to their citizens. The downside is it may take years and a few court battles, but the final state should be the law applying for all users.
FYI. its for anyone who is within the territory of the EU, not necessarily citizens. So if a EU citizen is outside the EU, these rights no longer apply (based solely on the location of the user. there are other factors which might give everyone the same rights no matter the location)
Does that mean I can go to Europe and be covered by GPDR?
Theoretically, yes. (Art.3.2: https://gdpr-info.eu/art-3-gdpr/)
And because many compaies usually only have the IP as location information, a VPN should do the trick in most cases too.
Of course good luck enforcing your rights when you dont actually live there and the company ignores you…