GDPR tactic: “forum shopping”, by choosing a data controller’s HQ.. does this work? (fedia.io)

submitted 2 weeks ago by [email protected] to c/[email protected]

0 comments fedilink hide all child comments

Many member states a daft when it comes to GDPR enforcement. But there are an exceptional few member states that have a Data Protection Authority that actually does their job. E.g., in principle, I might want to file all Article 77 complaints in Norway. Of course, without living there and having no transaction there, it’s outside of the jurisdiction.

OTOH, what happens when a company like Microsoft or Google abuses your data and violates the GDPR? I think MS has headquarters in multiple countries: France, Finland, Spain, Norway, Germany, etc. If I have zero confidence in the DPA for the country I am in, can it be effective to direct the GDPR to a another country if MS has a headquarters there?

Is there a heirchy of headquarters whereby an ultimate top level headquarters where a corporation is most relevant?

no comments (yet)

sorted by: hot top new old

there doesn't seem to be anything here

this post was submitted on 20 May 2025

3 points (100.0% liked)

General Data Protection Regulation (“GDPR”)

140 readers

11 users here now

Everything related to the #GDPR is discussed here. This is the first and only community specifically for GDPR topics which is decentralized and outside of walled-gardens. #EDPB recommendations and guidance can and should also be discussed here.

For the moment, chatter on the similar California Consumer Privacy Act (CCPA) could be discussed at least until the volume of messages compels us to split it into a separate community.

founded 2 years ago

MODERATORS

[email protected]