The UK has been doing this sort of stuff for at least a decade. For example they have the PIPCU which under the guise of copyright threatens 10 years in prison for sites not even in their jurisdiction.
The US has always claimed jurisdiction on foreign-hosted but US-accessible content.
Do people forget the owner of Megaupload being extradited? In many ways this is just catching up to the current US state.
And there's a lot of confusion here between basic consumer data protection laws and (IMHO massively overreaching) "Online Safety" laws. This isn't Imgur making a stand for free speech, this is Imgur wanting to track and sell user data - to which minors cannot consent. Putting on my tinfoil hat you could argue that many of these companies are trying to encourage this misunderstanding intentionally.
Megaupload is a weird one. He hosted in it the USA, giving USA jurisidction. Also it's still going through the courts in New Zeland and USA and hasn't been proven hes guilty. And if I recall he did alledge he followed the DMCA, which if he ever is extradited might save him if it is in fact true.
No because torrenting is anti-capitalism and that's not tolerated (Communist behaviour). However I doubt they'll be blocking WhatsApp and iMessage any time soon, or making people upload their ID to watch "adult content".
WhatsApp, Telegram and everyone else should pull out of EU in protest of Chat Control. Then EU will be forced to make its own chat app, UX will be terrible, and citizens will finally feel enough pain to contact their representatives ;)
I did contacted them. All of them who didn't yet have a referenced public position on fight chat control for France. By phone. Only two responded with a clear alignment. Good that I did it by phone, because apparently for some of them getting several thousand emails per day can only mean they are victim of a spam attack.
Not only they don't represent anything but there own little interests, but they won't even have the decency to express clearly what they are standing for. Even lip service is not assured anymore.
Sometimes I wonder who builds this stuff. I appreciate at the end of the day that everyone has bills, but I feel like I'd rather apply for public housing before I work on that. They're not even getting rich, just a wagie. I have never met someone in the tech industry that was ideologically anti-privacy. It's always the lawyers and politicians. But someone builds it.
We (in most EU countries) don't have representatives. Parties have representatives. To be listed on a ballot you need to be with good standings with your party and get chosen by them. Then various method ensure that you can't be elected if you are not a member of a party (anyone from a party below 5% is not getting in for example).
This means officials only care about what their party leaders tell them to do, not what voters think because voters matter very little to them. That's why American "contact your representatives" does very little here.
> feel enough pain to contact their representatives
It doesn't work like that because the European "Parliament" is a joke. For starters, they can't initiate anything, they can only approve or reject (of course that it's almost always approve) stuff that is being passed to them from higher up, most of the times from the European Commission, if I'm not mistaken. Ah, they can pass/generate "resolutions", which are basically empty words put on a piece of paper.
Second, the people there don't "represent" anyone, at most they represent the political parties that have put them on the lists that got them into the European Parliament, but that's it.
People who write this stuff still don't understand that big tech IS THE ENEMY. They are quite happy to implement this, even up into the OS Level. It's called Regulatory capture. Now your legal Moat to a true European Alternative has become even bigger.
Even if, for the sake of argument, we grant the premise “big tech IS THE ENEMY”, it does not necessarily follow that the vast mass surveillance national security apparatus is our friend.
Personally I hate both surveillance systems. I hate the American big tech surveillance system - under which companies like imgur sell the personal data of its users to anyone who comes knocking. And I hate the European chat control proposal, where the government wants to take that data by force.
I would never argue that and i hope that doesn't follow from my comment. To be absolutely clear: Any service that doesn't actively work for your privacy against any outside actor to the fullest extend of the law and technical possibility is to be considered an enemy of freedom.
Chat apps were already so oversupplied as to be free even before AI could vibe code them. Or, indeed, before the US relented on export bans for remotely adequate HTTPS implementations.
> The ICO also confirmed that companies could not avoid accountability by withdrawing their services in the UK.
This is quite a slippery slope. If I host a website in one country, I do not necessarily care where people access my website from. It is not like I actively provide a service to them - they just use internet (decentralised network) to access it. What if I publish a newspaper here, someone takes it where the contents are illegal, am I accountable?
The following paragraph might shed some light on what that means (emphasis mine):
> We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law
In that context it's completely fair to say "leaving doesn't absolve you of past transgressions".
Edit. If Imgur made any revenue from UK users then it becomes impossible to claim plausible deniability on any definition of "providing a service". If the UK can do something about this is a different matter. They could make CEOs/board personally or even criminally liable for the company's failure to pay a fine but probably won't.
Definition of 'Revenue in the UK' is a bit debatable though isn't it?
I sell a advertising package from my US HQ based self serve advertising portal to a British company who use the service to advertise to customers in the UK. Ok - kinda UK revenue. How about 'To advertise to customers in the US' well it's getting highly debatable.
What about I sell advertising packages to a US company from my US HQ but someone in the UK views and advert on my site and therefore generates me 0.001¢ - debatable.
It's not about "hosting a website", it's about providing services.
If you provide services, like selling a newspaper, in the UK, you need to respect their laws, or you will suffer the legal implications of not doing so.
And regarding the accountability, it refers to the fact that imgur USED TO provide services in the UK:
> We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law, and our investigation remains ongoing.
Companies providing services outside the UK can infringe all the UK laws they want, the UK doesn't care.
But as soon as you decide to provide services in the UK, you have to follow the law.
And, as they explain in the article, if you break the law, stopping to provide services in the UK will not absolve you for your past wrongdoings.
Does every single website that exists and is available in UK automatically provides services in UK? Isn't it just simpler to completely block every request from UK by default to "not provide services"?
Transactional services (I don't know if that's the right word), where you have a known user, is different from passively providing web pages that people can read and you don't track them or ask them to register for an account.
But I think that distinction was pretty moot when web 2.0 came along.
Imgur's entire purpose is clearly to host user generated content though, so you can't argue it's not "providing services".
Without user-generated content there is nothing to host. And in any case they long ago turned from an image hosting site into a social media site. There's reactions and commenting as a core part of the service now.
It's so ambiguous. Let's say I'm a citizen of country A, currently residing in country B. I'm using a VPN headquartered in country C to make my traffic appear to originate from country D. I access a web site with servers physically located in country E, that uses a load balancer / cache hosted in country F. The company that runs the web site is headquartered in country G but has employees in countries H, I, and J.
The ones where you reasonably believe your customers are based, and where your employees are based.
Lets be honest, 1% of your customer base using a VPN is not going to cause you issues, unless those people are uploading something that would cause the state to act (ie CSAM, fraud, drugs, terrorism, you know the big four.) Given that this is the ICO, and nor OFCOM, we know its to do with GDPR violations, not moderation.
its not like the ICO just sent an email saying "lol you're being fined, bye". They will have had a series of communications, warnings asking for reasonable changes, time lines for change.
The ICO has discovered that Imgur are breaking GDPR in a fairly big way and in a way that can be easily detected by an understaffed and over worked semi-independent organisation.
moreover breaking GDPR in a way that is obvious enough in a court of law[1], bearing in mind that the UK, just about has a working independent and largely neutral judiciary that isn't easily intimated into doing the governments whipping.
Seems like B and G. Then if you do business with A (what the GPDR calls "UK Establishment") and A has laws governing its citizens abroad like the UK GPDR then also A.
But the traffic is coming from country D rather than country B. There's no way for the company to know that the person and their interactions is subject to the laws of B rather than D.
Most sales aren’t that complicated. Usually UK law targets anything sold to people who are physically in the UK, paying in GBP. Which from the sounds of things, was something imgur did.
Does it also count for people in the UK using a vpn? What about people in the UK paying using American money? It’s not clear, but it doesn’t really matter. These laws target the service providers, not the customers. If you website says “this product isn’t available to UK residents” and you IP block and don’t take GBP as a payment method, nobody will get too angry if a spattering of tech savvy people get around the block using a VPN.
And you’re suggesting that if the US does it it is ipso facto a good idea? Strange reasoning.
This is also apples and oranges. Running credit cards involves knowing exactly where people are located. You do in a real sense “decide” to do business with people in a given country.
Not every website does that. Some just serve posts to all comers. Some allow people to upload an image. Deducing where those people are from is non trivial. When I blog something I’m not “deciding” in any meaningful sense to “serve” people in country X.
I’m guessing that Imgur happily accepted the ad revenue from UK users while it served them images. If you genuinely were “not providing services” to UK users, you wouldn’t do that.
I’m not happy with extraterritorial assertions over internet services either, but you can’t wish them away with sophistry about “we’re not providing services to them!” if you’re happy to take their money and serve them a page in exchange. That’s the definition of a business providing a service to a customer.
Do they run their own ad network, or do the ad networks take the money from advertisers and cut Imgur a check? Maybe instead of trying to enforce your standards on every little site on the internet, you should just focus on the people who actually have a direct point of contact with money coming from UK businesses. (Yes, the ad networks.)
It’s completely absurd to say that some hobbyist would have nexus in the UK because they run a Google Adwords campaign to get some occasional pocket change from their project. Pre-Internet, it would be like going after a US magazine because someone brought home a copy from the US. Websites are not global entities by default, somehow responsible for obeying laws across nearly 200 national jurisdictions and many more state/provincial/local jurisdictions, across different languages and legal customs. Completely absurd! Who do you think you are to demand such a thing?
On the other hand, I think it would be perfectly fine to say that UK domiciled ad networks cannot put their ads on sites that violate some arbitrary standard. (An anti-freedom law to be sure, but at least it’s consistent with common international conventions.) This puts the onus on the ad network, rather than the site owner, who may not know or care who is visiting or from which country.
The standard you are proposing here ultimately boils down to "you can do business in a country without being subject to its laws, as long as your commercial transactions with the customers in that country are laundered through a sufficiently convoluted network of international companies like payment processors and ad exchanges". I don't think it should be terribly surprising that states don't subscribe to this view of sovereignty and jurisdiction.
The standard you’re proposing would allow Afghanistan to shut down Hacker News on the basis that it provided services to at least one Afghan and the content here violates sharia law.
As Afghanistan has recently disconnected their Internet they seem to have done exactly that within their sphere of influence (which is limited to their borders).
So you are entirely right any country can do that at any time. Most countries don't have a way to enforce it on you or your users.
Afghanistan can do that. You’re protected by Afghanistan’s lack of any realistic ability to enforce laws far outside its borders, not by some general principle of international law saying that countries can’t make laws about websites.
> I don't think it should be terribly surprising that states don't subscribe to this view of sovereignty and jurisdiction.
Well they will have to put up with it, as they have done over the past few decades. Or, alternatively, they can engage in aggressive China-style site blocking. Only the US has significant extraterritorial legal reach.
IMHO, this policy is a transparent effort to forcefully alter the content policy of US companies. It’s more about political influence than it is about “content safety” at home. (Unilateral site blocking, perhaps with an appeals process, would be a much more effective approach for this.) The UK will regret the consequences if they push too forcefully on this.
> IMHO, this policy is a transparent effort to forcefully alter the content policy of US companies.
I don’t see it that way. US companies have an atrocious record wrt user privacy and security. The Europeans don’t want their citizens data being bought and sold by online providers. And that’s a reasonable demand! Either clean up your act or leave Europe & the UK. If US companies don’t want to obey UK laws, they can’t do business in the UK. It’s just like farmers can’t sell produce in the UK if they don’t meet British health standards.
Consider the inverse: imagine if another country ran a porn site which blatantly hosted underage content (CSAM). Under your view of the world, would the us govt be ethically entitled to tell the site to clean up its act or it’ll get blocked from the US? That sounds fine to me. I’d be shocked if they were even given a warning about that. But how do you square that circle? Wouldn’t that be a “transparent effort to forcefully alter the content policy of another country”?
> tell the site to clean up its act or it’ll get blocked from the US
Yes, that would be fine, as it would be here.
What I have a problem with is nations saying that a site built and hosted in a totally different country with a different set of laws and norms is “illegal” globally. Yes, I don’t like it when the US goes after people like The Pirate Bay abroad either, but that’s a result of the US being able to bully other countries for whatever reason it wants to. (That also needs to change.)
If Europe or the UK wants to protect its citizens, it should either block websites that it sees as a threat (as most of the EU does with RT) or it should come up with a scheme where ad networks with nexus in the EU must stop doing business with them. Attempting to reach across borders into the US to change US domestic norms is going to get them a well-deserved slap in the face.
I think it's a conflict that was baked into the Internet at its conception. A non-geographic service overlaid on top of a world with a huge amount of geography and borders.
Yeah. We had a chance to invent our own governance on the internet. But we abdicated, and made the internet a free for all. As a result, national governments have stepped in to provide the governance we didn’t program in. And they do it - of course - in an inconsistent, ad hoc way.
There was a period a couple hundred years ago when it was all the rage internationally to write constitutions. Lots of countries got constitutions within a few decades, and almost no constitutions have been written since then. I wonder sometimes how the internet would be different if it were implemented in an era or culture in which people believed in that sort of thing.
"The ICO also confirmed that companies could not avoid accountability by withdrawing their services in the UK.
Mr Capel said: "We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law, and our investigation remains ongoing."
When read in context, it's obvious the statement quoted in the HN conmment refers to only to accountability for "prior infringement", i.e., acts committed before withdrawing services in the UK
You already need to care depending on what you are serving, and this has been the case for at least 20 years to my knowledge.
The most obvious example of this is websites from the UK or Europe which operate any kind of gambling. [1] This may well be legal (based on licensing) in their jurisdiction, but they still need to restrict access to prevent US people from accessing the service or they will be breaching the US's gambling laws.
Likewise many US firm geofence access for EU residents out of fear of GDPR.
People hosting news sites have often had to geofence to prevent UK residents from accessing their site if they are hosting any kind of reporting of UK court cases that are under embargo or matters that are subject to one of the UK's famous "Super injunctions" [2]
> People hosting news sites have often had to geofence to prevent UK residents from accessing their site if they are hosting any kind of reporting of UK court cases that are under embargo or matters that are subject to one of the UK's famous "Super injunctions" [2]
…and if the site has no UK assets, how enforceable is the injunction?
I mean, in the case of the US, you board a plane in country X going to country Z, it flies over country Y which is friends with the US. The US has country Y land the plane and has the plane boarded by armed men that drag you off kicking and screaming where you are put in a cage and then shipped to the US.
Iirc this happened to a Russian man who operated an online gambling site when he went on vacation to the Caribbean. The plane he was on had an unscheduled landing in Florida for a mechanical issue and surprise, surprise, the FBI were waiting there to arrest him!
Or worse, shipped to Guantanamo Bay/Bagram Prison, where the US can do whatever they want even to US citizens because they're no longer in US jurisdiction.
The US has a huge reach in the western (and global) world and can impact you in a lot of creative and legal ways (e.g. prevent Google / Apple / Microsoft from offering services to you).
What they mean, and to take an example that it purposely extreme: If you kill someone in a country you cannot avoid accountability in law by fleeing that country.
If they breached laws and regulations then withdrawing their service from the country afterwards does not change anything regarding those breaches (investigation still ongoing, though).
It's not comparable because the "crime" has been committed in the hosting country (where it's arguably not even a crime) and it's a bad example because there are many incidents of murderers fleeing to non-extradition countries.
I did say it was extreme on purpose to make the point clear, or so I thought. Looks like it isn't clear to you...
Whatever you think of my example, it is exactly the same legal reasoning at play here. If you broke the law then withdrawing does not change that and accountability.
> It's not comparable because the "crime" has been committed in the hosting country
Obviously not, that's the whole point: They may (investigation ongoing) have breached UK law. So, to really labour the point, if you breach the law in one country then cutting links with that country afterwards does not change anything.
Now, to be a bit more substantive than this tedious bike-shedding, I think the UK are just trying to send a message here even if enforcement may be difficult. The EU could do the same with the GDPR since it is the same type of law (global reach and applicability).
I genuinely think your example is bad and the legal reasoning is bad. A better comparison would be AM Radio broadcasting something obscene into the UK from let's say belgium.
> Mr Capel said: “We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law, and our investigation remains ongoing.
"Investment" here seems to be operations and personnel, resulting in taxes going to the UK government.
They aren't making $630 billion per year in money off of those companies, but the operating income means they're getting taxes on that $630 billion (income tax from company and employees, VAT for purchases, etc.) and the personnel working in the UK are probably spending most of that money in the UK (velocity of money theory comes into play here).
The resulting economic benefit for the UK government is enough that they'd notice the drop if all that started to transition away.
Yeah this is where i am getting mixed up because the article isn't saying what the cause was. I thought it was related to the digital id thing that every site need to make sure they check for minors..
It's clear to me, it's a huge risk for any company to allow access to UK visitors at this stage. All companies should be blocking all UK visitors. It's just too much risk for them to take.
The fault is obviously an incompetent and authoritarian UK government, but that's what the UK overlords have agreed.
It's not specific to the UK: many developed countries are cracking down on Internet businesses. There's going to be an awful lot of regulation, and it will be incompatible between different countries. The one-model-fits-the-whole-world style of business is over: you're going to be confined to national borders again.
The opinion polls are clear: the normies want this.
If you mean the opinion polls, I don't have any to hand, but there have been a few articles submitted to /r/ukpolitics since the Online Safety Act took effect detailing opinion polls showing that the UK Government's regulation of internet content has been well-received by the wider public (although the userbase of that subreddit has vociferously disagreed).
shouldn't it be the other way round? if the UK doesn't like something a non-UK company is doing it should be them that go through the trouble of blocking it.
If I have a website I'm pretty sure I'm bound to break some random country's law without knowing
Answering my own question, I guess it's exceptionalism of the powerful countries where they can just bully you into following their law
> shouldn't it be the other way round? if the UK doesn't like something a non-UK company is doing it should be them that go through the trouble of blocking it.
They're clearly working up to this; it's what happened with Pirate Bay, etc.
It would be much better to not block them rather serve them a single screen that explains why the rest of the site is unavailable to them citing the specific laws that make the action necessary
It is exactly the same with the EU's GDPR, by the way...
That's the funny or hypocritical thing: Both laws have the same reach but people here tend to praise the GDPR for it while being furious about the Online Safety Act.
Good - cause the maximum amount of pain, start pulling services across the board - the more it happens the more painful it becomes for the government to defend it.
Likewise, as a Brit, I hope more mainstream sites do this until people realise how stupid or authoritarian (but I repeat myself) the UK's Online Safety Act is. VPN companies must be enjoying these shenanigans.
It would be more effective if this was about the online saftey act. Ironically Imgur is probably already compliant with it (they already have moderation policies that go above what the OSA requires)
This is about a GDPR violation. I'm not sure that cheering for our right to have our privacy respected by companies revoked is really what we want.
> "It will be of no loss if it were to fail entirely."
That's decades of the public internet that would be permanently erased; billions of dead links pointing nowhere. HN alone would lose ~32,000 images from its archives,
Is it not hubris to call it "no loss" if, say, 3 hours ago, "Design of a LISP-based microprocessor / Page 22 has a map of the processor layout:" was forever lost to humanity, as collateral damage to some techbros' dispute?
As already pointed out that link is already gone, except for the IA. That's part of why it's "no loss" -- it's not actually lost.
Personally even if the IA didn't have a copy, I'd still say "marginal loss" and "inconvenient". imgur is just another in the line of image hosting sites that have come and gone. Much of what it hosts isn't actually high value, and isn't actually the sole copy.
Not sure what you're pining for with respect to "decentralization" -- we already have it, nothing stops someone from uploading an imgur image elsewhere, either the original uploader or someone downloading and reuploading somewhere. There are other image hosting sites. And yes, the internet is filled with dead URLs, privatized or deleted forums and discords and twitter accounts that host or previously hosted unique discussion or media, etc. etc. and any number of other minor tragedies. imgur totally dying would be among the least of them.
> Is it not hubris to call it "no loss" if, say, 3 hours ago, "Design of a LISP-based microprocessor / Page 22 has a map of the processor layout:" was forever lost to humanity, as collateral damage to some techbros' dispute?
The Internet Archive will outlast Imgur. I'm willing to bet on it if you'd like, feel free to propose terms for resolution and preferred forum.
(Accessing Imgur archives in Wayback is as trivial as a browser extension for your average user; Imgur has raised $60M and only does ~$30M/year, they will eventually be sold or close as the user experience degrades as operators and investors attempt to squeeze more from the enterprise)
FWIW, on old.reddit.com it still shows the cached image view, so no actual need to visit Imgur.com - a site that has had some quite interesting drama for the last few months.
At this rate, the UK won't have access to anything on the Internet soon without a VPN, until those are attacked too. Serves them right for being complete morons.
I suppose this is a serious question - does this mean that in theory HN should ban UK users? Or is HN likely compliant with this law? It is hard to pierce through the Orwellian language in the article (does "safeguarding children’s personal information" mean retaining or deleting the data?).
It looks like this law (which is unrelated to the Online Safety Act) is concerned with children being subjected to ad-tech tracking and similar indiscriminate data harvesting, so a site like this which doesn't feel the need to share your habits with 2,541 partners is probably out of scope.
I like how it's always "oh just safeguard people's data", oh "just" don't do anything bad with people's data.
Then you look up what the actual regulation says and it's hundreds of pages of pure legaleese (over 100 pages for GDPR, over 300 for Online Safety Act), that you'd need to hire a team of lawyers to parse and interpret to make sure you're not breaking any of the regulations therein.
The first 33 pages are reasons why the law needs to exist. 23 pages are instructions for EU member countries and the EU itself.
The remaining legal text itself is spaced out more than any high school teacher would ever allow, and IMO it's also quite light on the legalese. Not enough that I'd feel confident to skip the legal department in my multinational, but it's far from the unreadable mess people make it out to be.
The OSA on the other hand... I'm glad I don't personally serve the UK.
but, why are the regulations 100 pages of legalese? because rich companies, and unscrupulous shits pay money to to lawyers to avoid having to pay fines for breaking the law. You also have to carve out exceptions for things like charities, small organisations, have specific rules for things like health care, and define exceptions based on what are reasonable exceptions when detecting criminality
Say you take "the right to be forgotten", ie, I as someone who banks with Natwest want to close my account, withdraw my money, and get them to forget everything about me (ie stop sending me fucking emails you shits)
Thats simple right? the law says I have the right to have my details deleted.
But what if I committed fraud in that time? what if I am opening and closing, asking for deletion to get round money laundering laws?
And thats why the regulations for data protections are long.
Also GDPR regulations aren't that unreadable. You're most likely a programmer, legal texts are highly structured instructions (ie just like any high level programming language)
However, do not take this as endorsement of the unrelated law that is the online saftey act, which is badly drafted, gives too much power to an under resourced semi independent body, and is too loosely defined to be practically managed in any meaningful way by OFCOM.
I will however stick up for GDPR, because it stops the fucking nasty trade in in personal data that is so rife in the USA.
The US tax code is over 2.5k pages, with an additional 10k pages of regulations. And I manage to file my taxes fine every year without having read all that because most of it doesn't apply to me. Following the GDPR is easy if you aren't trying to maximize tracking with minimal concessions to the law.
In theory, HackerNews should be concerned. There is no prevention of children using the site, and potentially "harmful content" could be access either on or through the site. Being an aggregator doesn't seem to be a get-out.
This is GDPR. So long as they conform to the 13 principles then HN will be fine. Its nothing to do with the online safety act.
For the OSA (which I think is very badly drafted, and poorly enforced by OFCOM) so long as there is decent moderation (which there is), a way to report posts (there is) and the site doesn't persistently host actual abuse, then you're mostly fine.
It doesn't help that OFCOM are unwilling to change the scope of guidance to match the size and type of community.
HN has moderation, won't track you without telling you, and will delete your content if you ask. That's literally all it takes, it's really not that Orwellian
imgur itself is an empty husk of its former self. Last time I visited their site, they had fired all their moderators and replaced them with AI. They were bought at some point by .. media labs? I don't recall their name, but I recall that they are moneygrubbing bastards, to phrase it in neutral terms. I don't intend to visit their site again. Instead, I have made an AI agent that can do it for me.
Yeah I think no other sites have done this because fundamentally they like money. Imgur have probably only done this because they're making less money from the UK than it would cost to deal with this law.
Following this logic, I suppose that, in the future, cars that cannot automatically detect the presence of a child in a wheelchair and prevent the engine from starting will be banned.
>Following this logic, I suppose that, in the future, cars that cannot automatically detect the presence of a child in a wheelchair and prevent the engine from starting will be banned.
You said this like it is a bad thing, which is baffling? Obviously cars should do this. One of the best things about adding self-driving features is we can add features like this (and speed governors) to make cars a lot safer for everyone.
Why are you being sarcastic about this. Obviously that will be a legal requirement at some point, just like constantly supervising the driver for tiredness is.
I'm not being sarcastic. I'm predicting a trajectory of never-ending increase of regulatory requirements for any human activity which I don't like. Only big players have deep pocket for lobbyists and lawyers to avoid them or resources to implement them.
Placing the fines is pretty easy; they just go through their legal system, finish up the case and get their judgement. Russia has a giant outstanding fine against Google for example since Google is not censoring things the Kremlin doesn't like, even though Google has no corporate presence in Russia and the fine is iirc now larger than the entire world economy. (So it's an unrealistic amount designed to deter Google more than anything else in practice.)
The difficulty is getting enforcement; in practice, what happens is that the fine is put down as outstanding and if any executive or employee of the company enters the country, they're arrested and held hostage until the company pays up (or are held directly responsible for whatever the company is accused of). Most countries usually have corporate presency laws to avoid this sort of scenario though.
Alternatively, the judgement can be enforced through diplomatic channels, but that's a giant clusterfuck and unlikely to succeed unless it's something that's very blatantly a crime in both countries, since it's effectively retrying the case. (And even then it can depend on if the country just doesn't feel like cooperating for that specific case, for no other reason than spite; France for example is fond of doing this.)
Being a country means you can make your own laws so the authority question has a pretty clear answer. Unless you disaviow national borders and state power and such stuff generally of course. See https://en.wikipedia.org/wiki/Sovereignty
Right, but the UK is saying they'll fine Imgur even after Imgur blocked access. At that point, what tooth does the fine have? "You must pay this fine if you want to, err, nothing I guess"?
> they'll fine Imgur even after Imgur blocked access
after they have infringed the data protection laws.
For example, if I get a parking fine, and then move my car. I can't claim that now that I've moved my car, I'm not liable for the previous fine. This is no different.
They used to have UK legal presence, and planning to move out. The UK is saying something like "crimes done during your presence won't be ignored".
If Imgur never had UK presence, then yeah there would be no teeth. But if you're doing business in a country you can't break the law then leave and expect them to just ignore what you did during that time.
How do you expect the "pull out" to happen? They must have had a UK bank account or similar, whose transfers won't get approved as they're trying to escape from criminal prosecution. Or they'll work with the US to ensure responsible individuals are held responsible.
It isn't exactly the first time someone/something commits crime in a country then try to escape, there is lots of ways to work with others on this.
>they'll work with the US to ensure responsible individuals are held responsible.
I heard here recently during a similar discussion (about 4chan and this same British watchdog agency) that the US does not allow extradition of its citizens for breaking non-US laws if the behavior is legal in the US.
There are various international economic laws, treaties and agreements between cooperating countries, whether or not any of them cover this scenario for to US, and whether the US would honour any agreement in the current political climate remains to be seen. But there are mechanisms in place that allow w the UK to reach US companies through each others legal systems to a degree and vice versa, regardless of asset location.
> whether the US would honour any agreement in the current political climate remains to be seen
That this is even a question is bananas to me. Isn't that handled by the judicial system rather than involving politics/the administration? Shouldn't be possible for the US to have a treaty, and there are questions about if the treaty will actually be enforced or not, how could anyone trust the US as a whole for anything if those aren't enforced?
If Imgur decides they want to make money in the UK after all, and they have an unpaid fine outstanding, that money can be seized to pay off the fine first.
The whole point of corporations is that the company is liable, not its employees. also the shareholders are only liable for the money they put in, and not anything else.
Convictions in the UK are non-transferable. you can't convict a company, then transfer guilt onto its employees, they need to be tried at the same time.
> Are you saying that the Pavel Durov situation wouldn't have been possible in the UK
first Durov is a French citizen, so its not like he's immune to french laws
Second france has a totally different legal system to the UK(legal code vs common law)
thirdly, he's the primary owner of telegram, not an employee
Fourthly he was arrested on fraud, money laundering and child porn charges. Those are all criminal charges, not civil(GDPR is mostly Civil, same with the online saftey act, howefver with the OSA "senior managers" could be criminally liable, but again that's for CSAM, of which possession and distribution is a criminal already)
> Seems naive.
I really wish people would actually bother to understand law, because its pretty important. For programmers is much easier, because we are used to reading oddly worded specifically ordered paragraphs to divine logical intent. The law is really similar to programming.
They're only threatening to fine them for previous violations of the law, not anything after they block access. Blocking access doesn't make the existing fine from when they were doing business in the UK go away, it just prevents future fines.
Whether they can collect the money while Imgur aren't doing business in the UK is a different argument, but it's not particularly controversial that a country can fine a business operating in its jurisdiction for violating that country's laws. Even if those laws are authoritarian bullshit.
Sure, I'm only saying that I don't think there's much they can do by way of enforcement if the company decides to stop doing business there, especially over fines this small (it's not like the UK will push to extradite over this).
Honestly, that's the most noteworthy part of this. The EU hasn't pursued any site that just blocks EU access (see any number of US sites than aren't GDPR compliant and I can't access from Europe). The UK is threatening to do something nobody else has really done before. It's crazy, imo, because I can see a whole lot of sites immediately blocking the UK to avoid any potential litigation.
Thanks. That needs to be in an HN guide somewhere, along with: online services cost money to run so don't be surprised that they need either fees or advertising.
Being accessible over the internet from a country can't be the same as having a physical presence there. Otherwise, anyone putting any content on the internet needs to comply with the laws of every single country.
Was it? It did a tremendous amount of harm as well. Future historians may judge us very harshly for how cavalier and flippant we were in unleashing this technology onto the public.
How do you "pull out" of the UK if you are not a UK company, you are a US company, hosted in the US, and proxied by Fastly. There's nothing to do? You do not need to abide by UK laws, even if your website is accessible from there.
It means to stop doing business there. For example selling ads targeting UK users to UK advertisers. London banking. Integrating with UK-based data-milking peers.
As the owner of a U.S. based website, I am not sending data anywhere. Some people in the U.K. might request data and download it from my site. I'm not forcing it on them.
You can absolutely take that stance and be fine as long as you never get into the sphere of influence of UK law enforcement for potentially a very long time.
If they get hold of you your interpretation of who sent what doesn't matter but theirs does. They can absolutely hold you until your fine is paid or you spend and equivalent amount of time in prison.
Many people like to vacation in the UK or Europe (one diverted flight away) and they might decide that it's better to just block users and be done with it. Some people may even happily pay a small fine incurred before the block.
HTTP responses (website contents) are data that the web servers you are paying for are sending. People can’t download anything from your site without your servers sending the data. Nothing forces you to send that data when you receive an HTTP request. Indeed, geoblocking is a common way to prevent sending data to jurisdictions whose laws the sending of the data might be in violation of.
HTTP GET is pull, not push. The user is pulling data, not the server is pushing data. Government doesn't care though. It intentionally have chosen not to understand that detail.
It’s the server’s choice to send or not to send the data. The fact that the server is receiving a request for the data in no way implies that it has to obey it. If someone places an order for a product whose distribution violates a law, the distributor is still responsible for sending it. Someone selling drugs is still responsible even if the buyer requested the drug. Someone distributing unlicensed material is still responsible even when that material was specifically requested.
The US also has outsized influence in this arena due to the USD being the world reserve currency. Which isn't to say that might makes right, but it's easier to get your way when you can dictate the terms by which banks and nations can interface with the global economy. The British pound doesn't have quite the same level of soft power, so it must be wielded more strategically to avoid completely losing that which it still possesses.
I don't imagine going after Imgur would be a worthwhile exercise of that soft power.
They are! Russia has been fining Google increasingly insane amounts for blocking state media [1]. It's the company's prerogative of whether they want to have a legal entity falling under the country's jurisdiction and whether employees want to travel there and risk being held criminally liable.
It's likely simpler to just block access to the country's IP ranges (or ignore!) and move on.
> It's the company's prerogative of whether they want to have a legal entity falling under the country's jurisdiction
Except in this case, Imgur does not have a legal entity falling under the UK's jurisdiction. They are purely a US based company. It's not like Google, Apple, etc. that have offices in the UK.
This particular fine is the UK trying to extend its jurisdiction to entities that it has no sovereign authority over.
Just because some UK user might visit my website doesn't mean I now have to follow all UK laws if I don't actually do business there, and don't intend to.
Blocking the traffic is how we end up with the balkanization of the internet.
Its owned by worse than that. Its owned by MediaLab now. That's the same company that owns WorldStarHipHop, the website that encourages children to do dangerous acts to get viral stardom.
You can look up who owns MediaLab, and the things they have done. I don't think the UK is going to kidnap them if they go there. They have money.
Even in cases where a company causes death, or destruction and the company is found liable, employees are not allowed to be used as standins, employees need to be convicted as well. a conviction isn't fungible, that kinda the point of common law.
I mean yes, if you have a large well funded company that brings profit to said country that is how common law works.
In the US for example if you happen to bring gambling funds to some other country from us citizens you will be arrested in very creative ways while not even getting close to the US.
At the end of the day all law is what the government wants to do and can get away with. When it comes to not actual citizens of the country they tend to get away with a whole lot more. Or another more simple way to put it, "You can beat the wrap, but you can't beat the ride".
I suppose in their defense, culturally, the UK hasn't respected many borders apart from their own so this really isn't anything new.
Zing aside, I'd be thrilled to see whatever prosecutor or litigator or whatever they call them over there bring a case against a US based company for hosting content in the US, geoblocking the UK, a UK resident using a VPN to bypass that block, and making the case that that is somehow the US company's fault.
b) if you expect me to defend in the slightest the US and it's own shady history regarding settler colonialism, rest assured, there is no risk of that.
Im sorry, if you run a site some where not in the UK. It doesn't give the country jurisdiction over the entire internet.
If a country wants to enforce some kind of rules, they will have to apply them to the countries residents, because its the resident that go out on the net and conduct the behavior, not the other way around.
This has been common sense for a long time now. Everybody is going crazy/mad. Must be some seriously narcissistic people running the UK.
Just a few months ago games built by US-based developers, sold on US-based platform with payments processors also US-based were censored by actions of Australian christian activist group.
Simply by sending some threating letters to payment processor management. It was done by few hundred fanatics who want to censor what content everyone is allowed to access.
Since this is possible, there not enough resistance and UK government have much more resources we'll all have to live with this.
Hopefully many more companies do this and British internet users migrate to use of VPNs. This will apply maximum pressure on the government to reverse these parochial laws.
>This will apply maximum pressure on the government to reverse these parochial laws
Whatever the annual revenue of imgur was is now up for grabs for any British entrepreneur willing to build an image hosting site and unless British people have an innate preference for exporting their data to the US they'll likely stick with that. In other words, it's a good opportunity for the domestic tech sector, that's what happens in most cases when foreign companies tend to be blocked.
The value of imgur isn’t really in being able to upload images there, it’s access to all the images uploaded from the rest of the world. Especially historical uploads, say, a turorial or a travel log using imgur as reliable image host.
Locally created and operated british website aimed at brits makes sense when it’s local news or local services or whatever. Local image hosting site that serves only (primarily?) brits seems of very questionable utility unless you somehow become a big hub for outsiders… at least until $other_country demands UK stop tracking their children or whatever excuse they’ll use.
Yeah let us find random ways, that we never used to care about, to ban all foreign websites so a "brit" can take over haha. This is quite authoritarian and corporatist and worthy of some criticism from more libertarian minded onlookers.
