Why the GDPR is a threat to a Free and Neutral Internet
Much has been said about the EU's General Data Protection Regulation (GDPR). One of the commonly noted aspects of the GDPR is that it attempts to exert extraterritorial jurisdiction on any entity processing the data of an EEA resident, even if the entity itself has no assets in the EEA or other relation to it.
EU’s GDPR is a direct threat to a free and open internet, and entities operating outside the EEA and without assets in the EEA should disregard this entirely. In other words, they should hold the GDPR in contempt.
To see why the GDPR's extraterritoriality clause threatens free and open internet, we need only see some reactions to its implementation by non-EU entities. First, in the wake of the GDPR, many non-EEA news websites chose to respond to the GDPR's attempts at extraterritoriality by simply blocking all EEA visitors via IP geolocation. In other words, because the EU passed a law saying that a website becomes subject to their jurisdiction if any EEA resident visits it, some non-EEA websites responded by closing themselves to EEA residents.
One of the most straightforward moral principles that can be applied to making the case against GDPR is the extrapolation principle: “if everyone did this, does the world get better or worse?”. So, in this case, ask yourself: “if every country tried to claim extraterritorial jurisdiction over any website open to its residents, does the web get better or worse?”
It's self-evident what would happen if this became the norm. If allowing people from country X to visit your website renders you subject to country X's laws.
Then it stands to reason under the GDPR rules that it's legally unsafe to enable people from country X to visit your website until your lawyer determines with what laws in country X you may need to comply.
It would ultimately lead to a situation in which websites cease to be accessible to anyone worldwide because of the above scenario.
It logically follows that by doing so, you also expose yourself to the jurisdiction and law of every country in the world. If I allow people from North Korea to visit my website, does that entitle North Korea to pass laws with which I must comply? Similarly, it is what the EU has attempted to do with GDPR.
Websites should be accessible to the whole world by default. However, websites will instead necessarily become accessible only to a list of pre-approved countries by default, countries for which due diligence has been done and lawyers have been involved in ascertaining compliance requirements.
We are on a path of totalitarianism when a website is accessible to people in country X and will depend not just on whatever requirements country X chooses to impose on any native visitor.
It is also imposed on the website operator the time and money to do the due-diligence legal research necessary to serve country X. Even if country X imposes no extraterritorial jurisdiction on websites, it may still be denied access if it is a less significant country and the website operator does not care to spend the time and money to ascertain that that is the case safely.
In short, any attempt by any country to render a website subject to its jurisdiction just by doing business with its residents constitutes an inevitable threat to a free and open internet where your ability to access a website does not depend on from where you come.
Where a country does attempt to do this, it should simply be ignored by those outsides of it, as it has no material recourse against those outside of its territory. At worst, it may attempt to block such a website, which will not be successful and involves the expenditure of their own time and money rather than yours.
Ultimately, the notion that a resident of a country visiting a website gives that country jurisdiction over it can only gain real power and be used by globalists and agencies to the extent that it becomes a common way of thinking and, ultimately, international law.
Along this line of thinking — “people from country X visiting my website gives that country jurisdiction” — has become much more common over the last decade, including, curiously, by people who stand to lose from it. For example, a US website operator attempts to comply with an Italian injunction against it by blocking Italian visitors.
Website operators may think that rebuffing excessive claims of jurisdiction by random foreign countries by only ceasing service in that country rather than globally is suitable for a free and decentralized internet. But, they implicitly validate and agree that a website becomes subject to the country's jurisdiction if its residents visit.
The idea of “blocking a country” is impossible, and attempts at it inevitably rely upon the fallacy of IP geolocation, which is not and cannot be accurate. Since it cannot be accurate, this inevitably leads to collateral damage (overblocking) and failure to accomplish the legal objective due to underblocking.
While it may be the case that the GDPR should be ignored by that outside of the EEA (or the UK), this doesn't mean that providers shouldn't extend users many of the rights they might enjoy under the GDPR. Still, you should do these things because they are the right thing to do, not because the GDPR demands it.
EU’s GDPR is a direct threat to a free and open internet, and entities operating outside the EEA and without assets in the EEA should disregard this entirely. In other words, they should hold the GDPR in contempt.
To see why the GDPR's extraterritoriality clause threatens free and open internet, we need only see some reactions to its implementation by non-EU entities. First, in the wake of the GDPR, many non-EEA news websites chose to respond to the GDPR's attempts at extraterritoriality by simply blocking all EEA visitors via IP geolocation. In other words, because the EU passed a law saying that a website becomes subject to their jurisdiction if any EEA resident visits it, some non-EEA websites responded by closing themselves to EEA residents.
One of the most straightforward moral principles that can be applied to making the case against GDPR is the extrapolation principle: “if everyone did this, does the world get better or worse?”. So, in this case, ask yourself: “if every country tried to claim extraterritorial jurisdiction over any website open to its residents, does the web get better or worse?”
It's self-evident what would happen if this became the norm. If allowing people from country X to visit your website renders you subject to country X's laws.
Then it stands to reason under the GDPR rules that it's legally unsafe to enable people from country X to visit your website until your lawyer determines with what laws in country X you may need to comply.
It would ultimately lead to a situation in which websites cease to be accessible to anyone worldwide because of the above scenario.
It logically follows that by doing so, you also expose yourself to the jurisdiction and law of every country in the world. If I allow people from North Korea to visit my website, does that entitle North Korea to pass laws with which I must comply? Similarly, it is what the EU has attempted to do with GDPR.
Websites should be accessible to the whole world by default. However, websites will instead necessarily become accessible only to a list of pre-approved countries by default, countries for which due diligence has been done and lawyers have been involved in ascertaining compliance requirements.
We are on a path of totalitarianism when a website is accessible to people in country X and will depend not just on whatever requirements country X chooses to impose on any native visitor.
It is also imposed on the website operator the time and money to do the due-diligence legal research necessary to serve country X. Even if country X imposes no extraterritorial jurisdiction on websites, it may still be denied access if it is a less significant country and the website operator does not care to spend the time and money to ascertain that that is the case safely.
In short, any attempt by any country to render a website subject to its jurisdiction just by doing business with its residents constitutes an inevitable threat to a free and open internet where your ability to access a website does not depend on from where you come.
Where a country does attempt to do this, it should simply be ignored by those outsides of it, as it has no material recourse against those outside of its territory. At worst, it may attempt to block such a website, which will not be successful and involves the expenditure of their own time and money rather than yours.
Ultimately, the notion that a resident of a country visiting a website gives that country jurisdiction over it can only gain real power and be used by globalists and agencies to the extent that it becomes a common way of thinking and, ultimately, international law.
Along this line of thinking — “people from country X visiting my website gives that country jurisdiction” — has become much more common over the last decade, including, curiously, by people who stand to lose from it. For example, a US website operator attempts to comply with an Italian injunction against it by blocking Italian visitors.
Website operators may think that rebuffing excessive claims of jurisdiction by random foreign countries by only ceasing service in that country rather than globally is suitable for a free and decentralized internet. But, they implicitly validate and agree that a website becomes subject to the country's jurisdiction if its residents visit.
The idea of “blocking a country” is impossible, and attempts at it inevitably rely upon the fallacy of IP geolocation, which is not and cannot be accurate. Since it cannot be accurate, this inevitably leads to collateral damage (overblocking) and failure to accomplish the legal objective due to underblocking.
While it may be the case that the GDPR should be ignored by that outside of the EEA (or the UK), this doesn't mean that providers shouldn't extend users many of the rights they might enjoy under the GDPR. Still, you should do these things because they are the right thing to do, not because the GDPR demands it.
If you are an organization or an individual with an online presence for your organization, now it's time to use a distributed network of DNS services that protect your online presence. Follow the “Learn More” button below to learn about our Private DNS services.
© 2019 - 2022 iBlockchain Bank And Trust Technologies Co., All Rights Reserved