It's not about "hosting a website", it's about providing services.
If you provide services, like selling a newspaper, in the UK, you need to respect their laws, or you will suffer the legal implications of not doing so.
And regarding the accountability, it refers to the fact that imgur USED TO provide services in the UK:
> We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law, and our investigation remains ongoing.
Companies providing services outside the UK can infringe all the UK laws they want, the UK doesn't care.
But as soon as you decide to provide services in the UK, you have to follow the law. And, as they explain in the article, if you break the law, stopping to provide services in the UK will not absolve you for your past wrongdoings.
UK legal imperialism is self centered and unrealistic and undermines speech the world over.
I’m not happy with extraterritorial assertions over internet services either, but you can’t wish them away with sophistry about “we’re not providing services to them!” if you’re happy to take their money and serve them a page in exchange. That’s the definition of a business providing a service to a customer.
But I think that distinction was pretty moot when web 2.0 came along.
Imgur's entire purpose is clearly to host user generated content though, so you can't argue it's not "providing services".
It’s completely absurd to say that some hobbyist would have nexus in the UK because they run a Google Adwords campaign to get some occasional pocket change from their project. Pre-Internet, it would be like going after a US magazine because someone brought home a copy from the US. Websites are not global entities by default, somehow responsible for obeying laws across nearly 200 national jurisdictions and many more state/provincial/local jurisdictions, across different languages and legal customs. Completely absurd! Who do you think you are to demand such a thing?
On the other hand, I think it would be perfectly fine to say that UK domiciled ad networks cannot put their ads on sites that violate some arbitrary standard. (An anti-freedom law to be sure, but at least it’s consistent with common international conventions.) This puts the onus on the ad network, rather than the site owner, who may not know or care who is visiting or from which country.
Well they will have to put up with it, as they have done over the past few decades. Or, alternatively, they can engage in aggressive China-style site blocking. Only the US has significant extraterritorial legal reach.
IMHO, this policy is a transparent effort to forcefully alter the content policy of US companies. It’s more about political influence than it is about “content safety” at home. (Unilateral site blocking, perhaps with an appeals process, would be a much more effective approach for this.) The UK will regret the consequences if they push too forcefully on this.
Not at all. Imgur does the passive side too. And by number of operations, it is by far the biggest one.
How about the fact Imgur just ceased service to millions of users from which they took no money?
- UK 2025
Meaning that the servers were located in the UK, or that the users were, or both?
Whose laws need to be followed?
So you are entirely right any country can do that at any time. Most countries don't have a way to enforce it on you or your users.
Does it also count for people in the UK using a vpn? What about people in the UK paying using American money? It’s not clear, but it doesn’t really matter. These laws target the service providers, not the customers. If you website says “this product isn’t available to UK residents” and you IP block and don’t take GBP as a payment method, nobody will get too angry if a spattering of tech savvy people get around the block using a VPN.
I don’t see it that way. US companies have an atrocious record wrt user privacy and security. The Europeans don’t want their citizens data being bought and sold by online providers. And that’s a reasonable demand! Either clean up your act or leave Europe & the UK. If US companies don’t want to obey UK laws, they can’t do business in the UK. It’s just like farmers can’t sell produce in the UK if they don’t meet British health standards.
Consider the inverse: imagine if another country ran a porn site which blatantly hosted underage content (CSAM). Under your view of the world, would the us govt be ethically entitled to tell the site to clean up its act or it’ll get blocked from the US? That sounds fine to me. I’d be shocked if they were even given a warning about that. But how do you square that circle? Wouldn’t that be a “transparent effort to forcefully alter the content policy of another country”?
This is also apples and oranges. Running credit cards involves knowing exactly where people are located. You do in a real sense “decide” to do business with people in a given country.
Not every website does that. Some just serve posts to all comers. Some allow people to upload an image. Deducing where those people are from is non trivial. When I blog something I’m not “deciding” in any meaningful sense to “serve” people in country X.
Yes, that would be fine, as it would be here.
What I have a problem with is nations saying that a site built and hosted in a totally different country with a different set of laws and norms is “illegal” globally. Yes, I don’t like it when the US goes after people like The Pirate Bay abroad either, but that’s a result of the US being able to bully other countries for whatever reason it wants to. (That also needs to change.)
If Europe or the UK wants to protect its citizens, it should either block websites that it sees as a threat (as most of the EU does with RT) or it should come up with a scheme where ad networks with nexus in the EU must stop doing business with them. Attempting to reach across borders into the US to change US domestic norms is going to get them a well-deserved slap in the face.
The ones where you reasonably believe your customers are based, and where your employees are based.
Lets be honest, 1% of your customer base using a VPN is not going to cause you issues, unless those people are uploading something that would cause the state to act (ie CSAM, fraud, drugs, terrorism, you know the big four.) Given that this is the ICO, and nor OFCOM, we know its to do with GDPR violations, not moderation.
its not like the ICO just sent an email saying "lol you're being fined, bye". They will have had a series of communications, warnings asking for reasonable changes, time lines for change.
The ICO has discovered that Imgur are breaking GDPR in a fairly big way and in a way that can be easily detected by an understaffed and over worked semi-independent organisation.
moreover breaking GDPR in a way that is obvious enough in a court of law[1], bearing in mind that the UK, just about has a working independent and largely neutral judiciary that isn't easily intimated into doing the governments whipping.
[1] the ICO doesn't tend to be showy.
To be clear, you think the UKs data regulator, going after Imgur for not properly handling data collected from minors, which is a pretty big GDPR violation (a 7 year old law) is secretly about influencing US content policies?
I mean, maybe, but that one very convoluted approach. I’m not sure why the UK would be trying to use fines for the mishandling of data collected from minors, notably, nothing related to content on Imgur, to get Imgur to change its content policies.
So what? Without the passively-read content there'd be no user-generated content.
> There's reactions and commenting as a core part of the service now.
It is totally optional.
The law doesn’t require that they take any money, and you’re merely guessing they are. Weak