zlacker

[parent] [thread] 5 comments
1. lurk2+(OP)[view] [source] 2025-09-30 19:19:21
> that imgur USED TO provide services in the UK

Meaning that the servers were located in the UK, or that the users were, or both?

replies(1): >>ryandr+g7
2. ryandr+g7[view] [source] 2025-09-30 19:54:48
>>lurk2+(OP)
It's so ambiguous. Let's say I'm a citizen of country A, currently residing in country B. I'm using a VPN headquartered in country C to make my traffic appear to originate from country D. I access a web site with servers physically located in country E, that uses a load balancer / cache hosted in country F. The company that runs the web site is headquartered in country G but has employees in countries H, I, and J.

Whose laws need to be followed?

replies(2): >>Spivak+99 >>Kaiser+Sk
◧◩
3. Spivak+99[view] [source] [discussion] 2025-09-30 20:05:42
>>ryandr+g7
Seems like B and G. Then if you do business with A (what the GPDR calls "UK Establishment") and A has laws governing its citizens abroad like the UK GPDR then also A.
replies(1): >>shagie+Z9
◧◩◪
4. shagie+Z9[view] [source] [discussion] 2025-09-30 20:09:38
>>Spivak+99
But the traffic is coming from country D rather than country B. There's no way for the company to know that the person and their interactions is subject to the laws of B rather than D.
replies(1): >>joseph+8d
◧◩◪◨
5. joseph+8d[view] [source] [discussion] 2025-09-30 20:27:30
>>shagie+Z9
Most sales aren’t that complicated. Usually UK law targets anything sold to people who are physically in the UK, paying in GBP. Which from the sounds of things, was something imgur did.

Does it also count for people in the UK using a vpn? What about people in the UK paying using American money? It’s not clear, but it doesn’t really matter. These laws target the service providers, not the customers. If you website says “this product isn’t available to UK residents” and you IP block and don’t take GBP as a payment method, nobody will get too angry if a spattering of tech savvy people get around the block using a VPN.

◧◩
6. Kaiser+Sk[view] [source] [discussion] 2025-09-30 21:08:47
>>ryandr+g7
> Whose laws need to be followed?

The ones where you reasonably believe your customers are based, and where your employees are based.

Lets be honest, 1% of your customer base using a VPN is not going to cause you issues, unless those people are uploading something that would cause the state to act (ie CSAM, fraud, drugs, terrorism, you know the big four.) Given that this is the ICO, and nor OFCOM, we know its to do with GDPR violations, not moderation.

its not like the ICO just sent an email saying "lol you're being fined, bye". They will have had a series of communications, warnings asking for reasonable changes, time lines for change.

The ICO has discovered that Imgur are breaking GDPR in a fairly big way and in a way that can be easily detected by an understaffed and over worked semi-independent organisation.

moreover breaking GDPR in a way that is obvious enough in a court of law[1], bearing in mind that the UK, just about has a working independent and largely neutral judiciary that isn't easily intimated into doing the governments whipping.

[1] the ICO doesn't tend to be showy.

[go to top]