zlacker

The following paragraph might shed some light on what that means (emphasis mine):

> We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law

In that context it's completely fair to say "leaving doesn't absolve you of past transgressions".

Edit. If Imgur made any revenue from UK users then it becomes impossible to claim plausible deniability on any definition of "providing a service". If the UK can do something about this is a different matter. They could make CEOs/board personally or even criminally liable for the company's failure to pay a fine but probably won't.

>>buran7+(OP)
Definition of 'Revenue in the UK' is a bit debatable though isn't it?

I sell a advertising package from my US HQ based self serve advertising portal to a British company who use the service to advertise to customers in the UK. Ok - kinda UK revenue. How about 'To advertise to customers in the US' well it's getting highly debatable.

What about I sell advertising packages to a US company from my US HQ but someone in the UK views and advert on my site and therefore generates me 0.001¢ - debatable.

>>buran7+(OP)
how can you be charged after you leave if you leave before the law goes into effect? doesn't the UK have ex post facto protections?

>>EasyMa+AM1
Thankfully the law, GDPR, went into effect about 7 years ago, so that shouldn’t be a problem here. This article is about the enforcement of that law.

>>matt-p+Oi1
> What about I sell advertising packages to a US company from my US HQ but someone in the UK views and advert on my site and therefore generates me 0.001¢ - debatable.

Not entirely sure what is debatable about this situation. You quite unambiguously derived revenue from a UK citizen here, although not much. If you didn’t want that revenue, then don’t display ads in the UK. If that makes serving traffic to the UK uneconomical, then don’t serve traffic to the UK, problem solved.

In practical terms, nobody’s give a crap about you making a couple of dollars here and there incidentally from UK citizens. It quite another matter when your business is clearly dependent on deriving revenue from UK citizens, and you take zero steps to try and comply with UK law.

It’s pretty simple, if you want the revenue, the you have to follow the law of the countries your deriving that revenue from. Don’t want to follow the law, then simply don’t try and derive revenue from putting adverts in front of citizens from that country, or by collecting and selling their data.

>>avianl+FU1
This always appeared to me to be quite similar to serving UK tourists say in Thailand. Should that make massage parlors subject to UK law?

>>jojoba+l02
The equivalent would be geo-blocking the UK, and then someone from the UK travelling to the US to view your site to work around the restriction.

You have a level of plausible deniability there.

>>avianl+FU1
OK, so if I'm a blogger making a few hundred dollars a month from adsense on my blog, I'm actually subject to every single jurisdiction on the planet unless I actively (and completely!!!) block access from there?

>>matt-p+cH2
This is exactly why I said this is a slippery slope. Some people in other threads argued you are providing a service, but to me this makes no sense. You are not actively doing anything or targeting people from countries that might somehow interpret your content or activities illegal.

>>jojoba+l02
I think "UK citizen" should have been replaced by "person acting from within the UK". This is how it is defined in the context of GDPR - the nationality doesn't matter, what matters is where you are when you are provided services.

>>matt-p+Oi1
> Definition of 'Revenue in the UK' is a bit debatable though isn't it?

But I didn't say "in the UK", I said "from UK users". If Imgur monetized anything coming from a user in the UK then they can no longer pretend they weren't offering a service. They knowingly used that data to make money, it wasn't that someone accessed the site and that was the end of it.

It's the difference between going in and out of a restaurant, compared to sitting down, checking out the menu, and eating then refusing to pay because the prices are ridiculous. The latter removes any pretense of deniability. If they disagreed with a ridiculous law they should have put in a modicum of effort to block the service in the UK from the start. Instead they made money for as long as they could and now pretend to stand up for the little guy and fight abuse.

>>matt-p+cH2
This is why a lot of content is hosted on large platforms that handle this risk for you. But if you don't collect any personal data on those users your exposure is minimal but technically some jurisdiction could claim you allowed access to "illegal content" under their law.

Most of these jurisdictions can't actually do anything about it, but they can claim they will. The UK might actually be in this situation.

>>enedil+S33
This seems to apply to persons acting from geoblocked UK/EU through VPN as well, which makes no sense at all.