As the developer of an E2EE chat system, how could this affect me? Would I be forced to do something? I fall under a non-EU jurisdiction, and my servers are also outside of the EU. Would this apply to me or my users in the least? Thanks
I'm not a lawyer, but I suppose it will apply in the same way GDPR applies to anyone who wants to access the EU market (regardless of where you/your servers are). That is, if you're fine with your system not being accessible from the EU because of non-compliance you should be fine?
Don't take my word for it though, I'm just assuming. Maybe somebody with more knowledge chan chime in.
According to https://www.enforcementtracker.com only EU companies get fined for GDPR violations. I assume a private citizen can sue a foreign company for violating their GDPR rights (??), but am I right in thinking that the EU can only prosecute its own entities? Therefore, unless an EU individual sues me for "violating" his right to be spied on, I should be fine? Or would the blame fall on the EU individual for having used a comms channel that doesn't allow the EU to spy on him? I probably am totally wrong, just trying to understand how this works
Systems don't become inaccessible from the EU because of GDPR, there's no great firewall of europe that would make that happen. But depending on circumstances, you could still get fined for violations even if you aren't situated in EU.
