The GDPR stopped being a privacy law and became a tool for geopolitical protectionism the moment it was argued the U.S. does not have privacy laws so storing or processing data of EU citizens on American servers violates the GDPR. This means HTTP requests violates the GDPR.

The Europeans arguing with Benedict would do well to read this quote from Max Shrems, who understands that current law (if enforced) effectively bans US companies from operating in the EU.

Argh. Have you read the “better protections” part? *That* is the point.

I did read it. It extorts the US to change its laws under the threat of fines. It’s the definition of extraterritoriality and it’s never going to happen. If the fines get serious, US companies will pull out and Europeans can enjoy social networks built by SAP.

My assumption is that it will be resolved like all trade issues are, by painful and tedious negotiations. Both sides will have to give up something because neither side wants that to happen.

As I understand it, CCPA is pretty similar to GDPR, so requiring something like that for EU citizens whose data is processed in the US does not strike me as absurd at all

The CCPA is not like the GDPR because it doesn’t require hosting data for all Californians in California because you can’t trust that the CIA or FBI won’t request user data under the Patriot Act. That is a significant difference.