Re: Whois vs GDPR, latest news

[Daniel Brisson <dbrisson () uvm edu>]

On 5/23/18, 12:10 PM, "NANOG on behalf of Anne P. Mitchell Esq." <nanog-bounces () nanog org on behalf of amitchell () 
isipp com> wrote:

    
    
    > On May 23, 2018, at 9:59 AM, Owen DeLong <owen () delong com> wrote:
    > 
    > 
    > 
    >> On May 23, 2018, at 08:53, John Levine <johnl () iecc com> wrote:
    >> 
    >> In article <CAE-M_OBdDv1+DFto=h1O-ghLbs2TQ_x_P9kuw4LS24mSBaw9Ww () mail gmail com> you write:
    >>> I asked one of the EU regulators at RSA how they intended to enforce GDPR
    >>> violations on businesses that don't operate in their jurisdiction and
    >>> without hesitation he told me they'd use civil courts to sue the offending
    >>> companies.
    >> 
    >> He probably thought you meant if he's in France and the business is in
    >> Ireland, since they're both in the EU.  Outside the EU, on the other
    >> hand, ...
    >> 
    >> If they try to sue in, say, US courts, the US court will ask them to
    >> explain why a US court should try a suit under foreign law.  There is
    >> a very short list of reasons to do that, and this isn't on it.
    > 
    > Actually, due to treaty, it is. At least according to some lawyers that have been advising ICANN stakeholder 
group(s). 
    > 
    
>    Also, don't forget the private right of action.  Anyone can file anything in the U.S. courts... you  may get it 
> dismissed (although then again you may not) but either way, it's going to be time and money out of your pocket 
> fighting it.  MUCH better to just get compliant than to end up a test case.

Isn't "better" a factor of how much it costs to become compliant with GPDR?  I'm no expert, but some of the things I've 
heard sounded not trivial to implement (read potentially BIG investment).

-dan