But is Klout incorporated or hosted in the UK or EU? If not, how exactly do they violate UK law? I mean, pornography is illegal in many countries, but that doesn't mean a US pornographic website is illegal, even if it's available to citizens of that country.
And what about those online poker companies that are not based in the USA? Why should they comply with USA law?
If Klout are collecting and storing data on UK individuals, they are subject to UK data protecction law. The ease of enforcing that if they don't have a UK operation is another matter, but they are still interacting with UK users in a way which triggers UK rights under UK laws, with which UK courts could require them to comply.
But (I'm pretty sure) it would be illegal for someone from a no-pornography country to view that site.
Using that analogy, then it would be Stross the one committing the offense, not Klout?
So my understanding is what klout does is 'fine' for US users, but gathering data on UK/EU users is subject to EU data protection laws.
That would be the same as it being illegal for a US site to distribute pornography to a person in a country where it was illegal.
The fact is, unless Klout is hosted or incorporated in the UK or EU, the latter have no jurisdiction over the company, and such their laws don't apply.
<em>The fact is, unless Klout is hosted or incorporated in the UK or EU, the latter have no jurisdiction over the company, and such their laws don't apply.</em>
Try telling that to the US government, which hounds internet gambling sites wherever they're based.
The issue of territorial jurisdiction and law on the internet is a really complex one, and much more so when you deal with a fundamental mis-match between legal systems (the EU constitutional-level right to privacy vs. the US lack of same).
I'd say he isn't. But the US government will do it all the same, and at least some of the EU governments would probably also apply the privacy laws on companies dealing with their citizens. (Probably not UK, but France is a good candidate, and Germany is also reasonably rabid about it's privacy laws as of late.)
Law gets really complicated when you cross international boundaries, and usually everyone involved will assert their right to impose laws on you, and whether they actually do this mostly depends on how easy it would be for them to do it.
If you base legal decisions about your business on abstract principles, you might just get detained the next time you route through an airport that belongs to someone you've mightily pissed off. Generally, it's smarter to strive for not offending anyone, or if you cannot manage that, strictly not visiting or in any way depending on countries whose laws you might have broken. For example, if your site is not strictly legal under US law, don't host in under .com.
> The fact is, unless Klout is hosted or incorporated in the UK or EU, the latter have no jurisdiction over the company, and such their laws don't apply.
Jurisdiction is up for the court and legislative to decide.
I do believe that UK courts will assert jurisdiction in cases such as this. UK courts certainly do assert worldwide jurisdiction in other situations - one of several reasons why UK courts are so popular for people who wish to sue for libel, for example.
> The fact is, unless Klout is hosted or incorporated in the UK or EU, the latter have no jurisdiction over the company, and such their laws don't apply.
Entirely untrue. Jurisdiction is a legal term. If a matter directly affects UK citizens in the UK it's very clear that a UK court will consider itself to have jurisdiction over that matter.
The actual reach of the court's power is a different matter. If the offender has absolutely no assets in the UK, and no intention of ever having them, and lives in a country with no extradition treaty with the UK, then perhaps the UK has no ability to punish them. I do not think that is true for the company in question.
You've hit the nail on the head. A company is only subject to UK law if it operates from the UK. Facebook's European office is in Dublin, which is why it is subject to Irish/EU privacy legislation.When Twitter establishes its European office, it will similarly become subject to the same laws.
As far as I know, Klout has no UK/EU presence so it's not subject to these laws.
As you can see, it sets out a long range of situations where UK jurisdiction extends outside the UK, in many cases even if the criminal behavior happened entirely outside of the UK.
I'm not a lawyer, and I don't know all the details and whether or not it'd be likely to be possible to get a court in the UK to accept jurisdiction in a case against Klout, but courts in the UK have a lot of flexibility and the fact that they are in the US by no means automatically means UK courts won't or can't claim jurisdiction.
I don't believe so. If I walk into a store in New York and tell them I'm from the UK, they won't suddenly become subject to UK/EU law if they choose to serve me. I'm the one subjecting myself to US law if I shop there, not vice versa.
Further, even if they were subject to EU law on this, how would any action for a breach be enforced?
Exactly, unless they have a EU office, then they don't have to do anything. (In the same way Mr. Stross is free to say that Taiwan is not part of China (violate PRC law) or deny the holocaust happened (violate German law)).
The reason Facebook is being hounded is because they have an EU incorporated company.
I'd just like to note at this point that I find rmc's analogy personally offensive. (One side of my family tree went missing in 1942: the ones who stayed in Poland after 1939.) A bit more sensitivity about metaphors might be welcome here ...
Setting that aside: http://www.out-law.com/page-479 provides some advice on the Brussels Regulation 2001 concerning e-commerce. The B2C provisions in particular seem weighted to protect consumers, even when the supplier business is outside the EU.
However ... "In the case of disputes involving countries which are outside the scope of European law, there are a number of issues which must be considered. There are a number of international conventions dealing with choice of law, and consumer rights. If these do not set out the relevant position it is then worth checking whether the UK has entered into an agreement with the foreign jurisdiction. Any such agreement would set out the basis on which jurisdiction is determined between the countries. Failing this it would be necessary to consider the legal position under UK law, and what the courts consider to be the appropriate forum for hearing legal issues."
So it's basically a horrendous hairball of treaty law and interlocking legal systems. (And to make matters worse, the USA has a fundamentally different approach to determining jurisdiction in e-commerce, established via case law rather than a regulation aimed at defining consumer protections.)
