Why can't I add a governing law to my terms of service to avoid GDPR?What is the legal mechanism by which the GDPR might apply to a business with no presence in the EU?GDPR - Confirm company terms and conditions by button clickGDPR - reCAPTCHA with user's consent?Will GDPR (EU law) make bad practices in security illegal?GDPR: Receiving marketing as precondition for receiving a free service, legitimate interest?According to GDPR, do I need a contract for processing on behalf with my e-mail provider?In GDPR, who exactly are the processors and what do they have to do?Can the terms of service contain a clause that instructs a user to forfeit their rights under the GDPR?GDPR - What exactly should I do to prevent revenue loss?GDPR and hotlinked images: are they allowed?Can't GDPR compliance be trivially bypassed?
Aligning equation numbers vertically
How to not starve gigantic beasts
Pulling the rope with one hand is as heavy as with two hands?
Mistake in years of experience in resume?
Was there a Viking Exchange as well as a Columbian one?
How do I deal with a coworker that keeps asking to make small superficial changes to a report, and it is seriously triggering my anxiety?
A Note on N!
Why does Mind Blank stop the Feeblemind spell?
How to have a sharp product image?
Critique of timeline aesthetic
Multiple options vs single option UI
Extension of 2-adic valuation to the real numbers
How to pronounce 'c++' in Spanish
Don’t seats that recline flat defeat the purpose of having seatbelts?
Does tea made with boiling water cool faster than tea made with boiled (but still hot) water?
What is the most expensive material in the world that could be used to create Pun-Pun's lute?
How do I reattach a shelf to the wall when it ripped out of the wall?
Map of water taps to fill bottles
Checks user level and limit the data before saving it to mongoDB
What makes accurate emulation of old systems a difficult task?
How would 10 generations of living underground change the human body?
What are the steps to solving this definite integral?
Minor Revision with suggestion of an alternative proof by reviewer
Why didn't the Space Shuttle bounce back into space as many times as possible so as to lose a lot of kinetic energy up there?
Why can't I add a governing law to my terms of service to avoid GDPR?
What is the legal mechanism by which the GDPR might apply to a business with no presence in the EU?GDPR - Confirm company terms and conditions by button clickGDPR - reCAPTCHA with user's consent?Will GDPR (EU law) make bad practices in security illegal?GDPR: Receiving marketing as precondition for receiving a free service, legitimate interest?According to GDPR, do I need a contract for processing on behalf with my e-mail provider?In GDPR, who exactly are the processors and what do they have to do?Can the terms of service contain a clause that instructs a user to forfeit their rights under the GDPR?GDPR - What exactly should I do to prevent revenue loss?GDPR and hotlinked images: are they allowed?Can't GDPR compliance be trivially bypassed?
I've heard from fairly reliable sources that you can't avoid GDPR by using your website's terms of service as way to circumvent that law. From what I have seen online, if your website serves European users, it must obey that law. However, if a website is based in the US and the terms of service say that the law governing the terms is US law, how can GDPR have any affect? I'm not a lawyer, but I've signed many contracts in my life and nearly all of them have some form of "governing law" clause.
gdpr jurisdiction
New contributor
add a comment |
I've heard from fairly reliable sources that you can't avoid GDPR by using your website's terms of service as way to circumvent that law. From what I have seen online, if your website serves European users, it must obey that law. However, if a website is based in the US and the terms of service say that the law governing the terms is US law, how can GDPR have any affect? I'm not a lawyer, but I've signed many contracts in my life and nearly all of them have some form of "governing law" clause.
gdpr jurisdiction
New contributor
4
Possible duplicate of What is the legal mechanism by which the GDPR might apply to a business with no presence in the EU?
– BlueDogRanch
Apr 22 at 15:09
6
In my view, while related, this is not a duplicate. This asks specifically about a TOS provision and a Governing law clause, neither of which is mentioned in the other Q or its answers.
– David Siegel
Apr 22 at 15:32
add a comment |
I've heard from fairly reliable sources that you can't avoid GDPR by using your website's terms of service as way to circumvent that law. From what I have seen online, if your website serves European users, it must obey that law. However, if a website is based in the US and the terms of service say that the law governing the terms is US law, how can GDPR have any affect? I'm not a lawyer, but I've signed many contracts in my life and nearly all of them have some form of "governing law" clause.
gdpr jurisdiction
New contributor
I've heard from fairly reliable sources that you can't avoid GDPR by using your website's terms of service as way to circumvent that law. From what I have seen online, if your website serves European users, it must obey that law. However, if a website is based in the US and the terms of service say that the law governing the terms is US law, how can GDPR have any affect? I'm not a lawyer, but I've signed many contracts in my life and nearly all of them have some form of "governing law" clause.
gdpr jurisdiction
gdpr jurisdiction
New contributor
New contributor
New contributor
asked Apr 22 at 15:05
JimJim
663
663
New contributor
New contributor
4
Possible duplicate of What is the legal mechanism by which the GDPR might apply to a business with no presence in the EU?
– BlueDogRanch
Apr 22 at 15:09
6
In my view, while related, this is not a duplicate. This asks specifically about a TOS provision and a Governing law clause, neither of which is mentioned in the other Q or its answers.
– David Siegel
Apr 22 at 15:32
add a comment |
4
Possible duplicate of What is the legal mechanism by which the GDPR might apply to a business with no presence in the EU?
– BlueDogRanch
Apr 22 at 15:09
6
In my view, while related, this is not a duplicate. This asks specifically about a TOS provision and a Governing law clause, neither of which is mentioned in the other Q or its answers.
– David Siegel
Apr 22 at 15:32
4
4
Possible duplicate of What is the legal mechanism by which the GDPR might apply to a business with no presence in the EU?
– BlueDogRanch
Apr 22 at 15:09
Possible duplicate of What is the legal mechanism by which the GDPR might apply to a business with no presence in the EU?
– BlueDogRanch
Apr 22 at 15:09
6
6
In my view, while related, this is not a duplicate. This asks specifically about a TOS provision and a Governing law clause, neither of which is mentioned in the other Q or its answers.
– David Siegel
Apr 22 at 15:32
In my view, while related, this is not a duplicate. This asks specifically about a TOS provision and a Governing law clause, neither of which is mentioned in the other Q or its answers.
– David Siegel
Apr 22 at 15:32
add a comment |
3 Answers
3
active
oldest
votes
However, if a website is based in the US and the terms of service say that the law governing the terms is US law, how can GDPR have any affect?
It is unlikely that the EU will be able to enforce financial penalties against a company with no presence in the EU. But they could for example block your website in the EU, depriving you of your EU user base. The actual measures that they could or would take against such a company are still unclear, since the GDPR is quite new, and there has been no action under the GDPR against foreign companies.
I'm not a lawyer, but I've signed many contracts in my life and nearly all of them have some form of "governing law" clause.
The governing law clause in a contract identifies the law that will be used to interpret the contract and to resolve any disputes arising from the contract. The law identified in the clause does not become the sole law governing every aspect of the relationship between the parties, however.
For example, a business in New Jersey could have a contract with a client in New York with a clause specifying New Jersey law as the governing law of the contract. But that does not mean that New York's consumer protection law doesn't apply to the transaction.
3
If the EU blocked me, my answer is "good riddance!"
– Joshua
Apr 22 at 16:05
5
@Joshua In that case perhaps you should consider refusing to display your site to users in the EU.
– phoog
Apr 22 at 16:11
12
@Joshua That's not an attitude a for-profit business can usually take. The EU is probably a source of enormous revenue.
– Barmar
Apr 22 at 16:29
9
The better response would be to figure out why GDPR exists and make your site more customer friendly by conforming to it.
– gnasher729
Apr 22 at 16:55
3
The EU can definitely enforce fines against US based companies- US courts can and do enforce EU judgements and vice-versa
– Dale M
Apr 23 at 0:31
|
show 8 more comments
What you are asking for is, in effect, an "opt out" clause. It might be framed in terms of choice of governing law, but effectively it seeks to opt you out of EU consumer protection laws.
Not surprisingly, most consumer laws just don't allow you to do that.
Otherwise a car seller would simply write onto their contract "If this car has a fault that kills anyone, you agree to hold the seller and maker harmless and not to claim damages for any reason", and similar for anything else - your unsafe or unreliable toaster, your bank transfer that's sent to the wrong place, your "unbreakable" phone that broke the first time you carried it, your unexpected exit charges on a loan or phone contract, and so on.
So consumer protection law generally doesn't permit opting out. (Much the same way as a lot of employment law, you can't just opt out of by putting it in the contract.)
If you flip it around and hypothetically suppose there was a US law and an EU website wanted an opt out, you can see why it wouldn't be fair or work well also. It that were to be legally permitted, one of 2 things may tend to happen - either
- many other websites seeking to deprive US citizens of the benefit they would get from that law, would just move overseas and also avoid giving the benefit to US users (and under market pressure others may feel they have to do likewise to compete), or
- we end up with a situation where equal US citizens are protected unequally depending on how canny their retailer is, in their hosting.
You can imagine that wouldn't be ideal either way.
But really, its worth understanding why that law is there. After all, its for reasons that affect citizens worldwide.
There has been enough in the press recently, as well as commonsense understandings, to appreciate the possible negative impact on private citizens if their data is mishandled - and that far too often it has been mishandled. Citizens trust you with their data when they visit your site. The GDPR makes clear what current standard of protection and rights they should be able to take for granted without needing to check each website's T&Cs.
Update
Also be aware that in at least some jurisdictions (the UK is one, at least, not sure about other EU countries or US states), there is a law about unfair contract terms to consider as well. The UK version of that law, which is the only one I know well enough to describe, says that if a supplier of tangible goods or of a service, has a standardised contract, and the consumer has to "take it or leave it", then the consumer can ask a court to strike out any term in it on the grounds it is an unfair contract term, essentially one where they had to accept it even though it's unfair and unreasonable, and if the court agrees, the term is replaced (if possible) with a similar but fair term, or (if not) it is struck out. This law isn't actually used very often, but is a very powerful one for addressing unequal bargaining power - think in terms of "whatever Microsoft might put in the Windows T&C" or a rogue payday lender's unfair repayments/interest, or similar. I know the argument that "they don't have to use it if they don't like it", but the reality is some will, and that's enough for an unfair business to profit from; so the law is what it is. A term that forced a person using your terms, to give up their rights as a cost of using the site within its "small print" could well find the clause struck out anyway, although in practice such cases are pretty uncommon.
add a comment |
Imagine you export some goods to Ireland, and you put on the shrink wrap that the governing law of the goods is that of the US (or rather a specific legal country within the US). Your goods are illegal in Ireland because they don't meet Irish and EU safety standards.
Do you get to opt out of Irish law by your shrinkwrap? If not, how is this different from trying to opt your website out of GDPR?
New contributor
1
But what if it's not targeted at EU users, but just any user on the web? It seems a little unfair to expect the site owners to block access to each country/region that might have different laws. For example, what if Zimbabwe implements special internet laws for its citizens?
– Jim
Apr 22 at 20:43
This is a fairly good example. The counterpoint might be "I ship anywhere on money orders. I don't know if the goods are lawful in your area or not." Let others argue whether this is lawful or not. I would normally argue on the not side.
– Joshua
Apr 22 at 20:55
@Joshua Right but then you still did the shipping. Maybe Ireland has to figure out how to catch you, but you can't choice of law your way out of them maybe wanting to catch you (unless their law lets you do just that, of course).
– Marcin
Apr 22 at 21:48
2
@Jim - if you sell a product in 10 countries (or even give a product away for free), you would hardly be surprised if you have to comply with the law of each country when you sell products there. Providing services is no different, and an online service or website is still a service. If you configure your website to allow purchases or consumer usage from 10 countries, you can hardly be surprised when those 10 countries expect their law to be applied to consumers in their territory. (Stark examples: should a country freely allow websites for child brides or copyright-piracy ...
– Stilez
Apr 23 at 7:59
1
... or fraudulently deceptive claims within its territory, as long as the website gets hosted somewhere those are legal or accepted? Of course not.) It's the website owner's choice where to market to/publish in, and to research the places they want to market to/publish in. They always have the option not to market to, or allow visitors from, places where they don't feel comfortable they can comply with the law, or where the effort required isn't worth it to them.
– Stilez
Apr 23 at 8:03
|
show 1 more comment
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "617"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Jim is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f39331%2fwhy-cant-i-add-a-governing-law-to-my-terms-of-service-to-avoid-gdpr%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
However, if a website is based in the US and the terms of service say that the law governing the terms is US law, how can GDPR have any affect?
It is unlikely that the EU will be able to enforce financial penalties against a company with no presence in the EU. But they could for example block your website in the EU, depriving you of your EU user base. The actual measures that they could or would take against such a company are still unclear, since the GDPR is quite new, and there has been no action under the GDPR against foreign companies.
I'm not a lawyer, but I've signed many contracts in my life and nearly all of them have some form of "governing law" clause.
The governing law clause in a contract identifies the law that will be used to interpret the contract and to resolve any disputes arising from the contract. The law identified in the clause does not become the sole law governing every aspect of the relationship between the parties, however.
For example, a business in New Jersey could have a contract with a client in New York with a clause specifying New Jersey law as the governing law of the contract. But that does not mean that New York's consumer protection law doesn't apply to the transaction.
3
If the EU blocked me, my answer is "good riddance!"
– Joshua
Apr 22 at 16:05
5
@Joshua In that case perhaps you should consider refusing to display your site to users in the EU.
– phoog
Apr 22 at 16:11
12
@Joshua That's not an attitude a for-profit business can usually take. The EU is probably a source of enormous revenue.
– Barmar
Apr 22 at 16:29
9
The better response would be to figure out why GDPR exists and make your site more customer friendly by conforming to it.
– gnasher729
Apr 22 at 16:55
3
The EU can definitely enforce fines against US based companies- US courts can and do enforce EU judgements and vice-versa
– Dale M
Apr 23 at 0:31
|
show 8 more comments
However, if a website is based in the US and the terms of service say that the law governing the terms is US law, how can GDPR have any affect?
It is unlikely that the EU will be able to enforce financial penalties against a company with no presence in the EU. But they could for example block your website in the EU, depriving you of your EU user base. The actual measures that they could or would take against such a company are still unclear, since the GDPR is quite new, and there has been no action under the GDPR against foreign companies.
I'm not a lawyer, but I've signed many contracts in my life and nearly all of them have some form of "governing law" clause.
The governing law clause in a contract identifies the law that will be used to interpret the contract and to resolve any disputes arising from the contract. The law identified in the clause does not become the sole law governing every aspect of the relationship between the parties, however.
For example, a business in New Jersey could have a contract with a client in New York with a clause specifying New Jersey law as the governing law of the contract. But that does not mean that New York's consumer protection law doesn't apply to the transaction.
3
If the EU blocked me, my answer is "good riddance!"
– Joshua
Apr 22 at 16:05
5
@Joshua In that case perhaps you should consider refusing to display your site to users in the EU.
– phoog
Apr 22 at 16:11
12
@Joshua That's not an attitude a for-profit business can usually take. The EU is probably a source of enormous revenue.
– Barmar
Apr 22 at 16:29
9
The better response would be to figure out why GDPR exists and make your site more customer friendly by conforming to it.
– gnasher729
Apr 22 at 16:55
3
The EU can definitely enforce fines against US based companies- US courts can and do enforce EU judgements and vice-versa
– Dale M
Apr 23 at 0:31
|
show 8 more comments
However, if a website is based in the US and the terms of service say that the law governing the terms is US law, how can GDPR have any affect?
It is unlikely that the EU will be able to enforce financial penalties against a company with no presence in the EU. But they could for example block your website in the EU, depriving you of your EU user base. The actual measures that they could or would take against such a company are still unclear, since the GDPR is quite new, and there has been no action under the GDPR against foreign companies.
I'm not a lawyer, but I've signed many contracts in my life and nearly all of them have some form of "governing law" clause.
The governing law clause in a contract identifies the law that will be used to interpret the contract and to resolve any disputes arising from the contract. The law identified in the clause does not become the sole law governing every aspect of the relationship between the parties, however.
For example, a business in New Jersey could have a contract with a client in New York with a clause specifying New Jersey law as the governing law of the contract. But that does not mean that New York's consumer protection law doesn't apply to the transaction.
However, if a website is based in the US and the terms of service say that the law governing the terms is US law, how can GDPR have any affect?
It is unlikely that the EU will be able to enforce financial penalties against a company with no presence in the EU. But they could for example block your website in the EU, depriving you of your EU user base. The actual measures that they could or would take against such a company are still unclear, since the GDPR is quite new, and there has been no action under the GDPR against foreign companies.
I'm not a lawyer, but I've signed many contracts in my life and nearly all of them have some form of "governing law" clause.
The governing law clause in a contract identifies the law that will be used to interpret the contract and to resolve any disputes arising from the contract. The law identified in the clause does not become the sole law governing every aspect of the relationship between the parties, however.
For example, a business in New Jersey could have a contract with a client in New York with a clause specifying New Jersey law as the governing law of the contract. But that does not mean that New York's consumer protection law doesn't apply to the transaction.
answered Apr 22 at 15:27
phoogphoog
8,42611539
8,42611539
3
If the EU blocked me, my answer is "good riddance!"
– Joshua
Apr 22 at 16:05
5
@Joshua In that case perhaps you should consider refusing to display your site to users in the EU.
– phoog
Apr 22 at 16:11
12
@Joshua That's not an attitude a for-profit business can usually take. The EU is probably a source of enormous revenue.
– Barmar
Apr 22 at 16:29
9
The better response would be to figure out why GDPR exists and make your site more customer friendly by conforming to it.
– gnasher729
Apr 22 at 16:55
3
The EU can definitely enforce fines against US based companies- US courts can and do enforce EU judgements and vice-versa
– Dale M
Apr 23 at 0:31
|
show 8 more comments
3
If the EU blocked me, my answer is "good riddance!"
– Joshua
Apr 22 at 16:05
5
@Joshua In that case perhaps you should consider refusing to display your site to users in the EU.
– phoog
Apr 22 at 16:11
12
@Joshua That's not an attitude a for-profit business can usually take. The EU is probably a source of enormous revenue.
– Barmar
Apr 22 at 16:29
9
The better response would be to figure out why GDPR exists and make your site more customer friendly by conforming to it.
– gnasher729
Apr 22 at 16:55
3
The EU can definitely enforce fines against US based companies- US courts can and do enforce EU judgements and vice-versa
– Dale M
Apr 23 at 0:31
3
3
If the EU blocked me, my answer is "good riddance!"
– Joshua
Apr 22 at 16:05
If the EU blocked me, my answer is "good riddance!"
– Joshua
Apr 22 at 16:05
5
5
@Joshua In that case perhaps you should consider refusing to display your site to users in the EU.
– phoog
Apr 22 at 16:11
@Joshua In that case perhaps you should consider refusing to display your site to users in the EU.
– phoog
Apr 22 at 16:11
12
12
@Joshua That's not an attitude a for-profit business can usually take. The EU is probably a source of enormous revenue.
– Barmar
Apr 22 at 16:29
@Joshua That's not an attitude a for-profit business can usually take. The EU is probably a source of enormous revenue.
– Barmar
Apr 22 at 16:29
9
9
The better response would be to figure out why GDPR exists and make your site more customer friendly by conforming to it.
– gnasher729
Apr 22 at 16:55
The better response would be to figure out why GDPR exists and make your site more customer friendly by conforming to it.
– gnasher729
Apr 22 at 16:55
3
3
The EU can definitely enforce fines against US based companies- US courts can and do enforce EU judgements and vice-versa
– Dale M
Apr 23 at 0:31
The EU can definitely enforce fines against US based companies- US courts can and do enforce EU judgements and vice-versa
– Dale M
Apr 23 at 0:31
|
show 8 more comments
What you are asking for is, in effect, an "opt out" clause. It might be framed in terms of choice of governing law, but effectively it seeks to opt you out of EU consumer protection laws.
Not surprisingly, most consumer laws just don't allow you to do that.
Otherwise a car seller would simply write onto their contract "If this car has a fault that kills anyone, you agree to hold the seller and maker harmless and not to claim damages for any reason", and similar for anything else - your unsafe or unreliable toaster, your bank transfer that's sent to the wrong place, your "unbreakable" phone that broke the first time you carried it, your unexpected exit charges on a loan or phone contract, and so on.
So consumer protection law generally doesn't permit opting out. (Much the same way as a lot of employment law, you can't just opt out of by putting it in the contract.)
If you flip it around and hypothetically suppose there was a US law and an EU website wanted an opt out, you can see why it wouldn't be fair or work well also. It that were to be legally permitted, one of 2 things may tend to happen - either
- many other websites seeking to deprive US citizens of the benefit they would get from that law, would just move overseas and also avoid giving the benefit to US users (and under market pressure others may feel they have to do likewise to compete), or
- we end up with a situation where equal US citizens are protected unequally depending on how canny their retailer is, in their hosting.
You can imagine that wouldn't be ideal either way.
But really, its worth understanding why that law is there. After all, its for reasons that affect citizens worldwide.
There has been enough in the press recently, as well as commonsense understandings, to appreciate the possible negative impact on private citizens if their data is mishandled - and that far too often it has been mishandled. Citizens trust you with their data when they visit your site. The GDPR makes clear what current standard of protection and rights they should be able to take for granted without needing to check each website's T&Cs.
Update
Also be aware that in at least some jurisdictions (the UK is one, at least, not sure about other EU countries or US states), there is a law about unfair contract terms to consider as well. The UK version of that law, which is the only one I know well enough to describe, says that if a supplier of tangible goods or of a service, has a standardised contract, and the consumer has to "take it or leave it", then the consumer can ask a court to strike out any term in it on the grounds it is an unfair contract term, essentially one where they had to accept it even though it's unfair and unreasonable, and if the court agrees, the term is replaced (if possible) with a similar but fair term, or (if not) it is struck out. This law isn't actually used very often, but is a very powerful one for addressing unequal bargaining power - think in terms of "whatever Microsoft might put in the Windows T&C" or a rogue payday lender's unfair repayments/interest, or similar. I know the argument that "they don't have to use it if they don't like it", but the reality is some will, and that's enough for an unfair business to profit from; so the law is what it is. A term that forced a person using your terms, to give up their rights as a cost of using the site within its "small print" could well find the clause struck out anyway, although in practice such cases are pretty uncommon.
add a comment |
What you are asking for is, in effect, an "opt out" clause. It might be framed in terms of choice of governing law, but effectively it seeks to opt you out of EU consumer protection laws.
Not surprisingly, most consumer laws just don't allow you to do that.
Otherwise a car seller would simply write onto their contract "If this car has a fault that kills anyone, you agree to hold the seller and maker harmless and not to claim damages for any reason", and similar for anything else - your unsafe or unreliable toaster, your bank transfer that's sent to the wrong place, your "unbreakable" phone that broke the first time you carried it, your unexpected exit charges on a loan or phone contract, and so on.
So consumer protection law generally doesn't permit opting out. (Much the same way as a lot of employment law, you can't just opt out of by putting it in the contract.)
If you flip it around and hypothetically suppose there was a US law and an EU website wanted an opt out, you can see why it wouldn't be fair or work well also. It that were to be legally permitted, one of 2 things may tend to happen - either
- many other websites seeking to deprive US citizens of the benefit they would get from that law, would just move overseas and also avoid giving the benefit to US users (and under market pressure others may feel they have to do likewise to compete), or
- we end up with a situation where equal US citizens are protected unequally depending on how canny their retailer is, in their hosting.
You can imagine that wouldn't be ideal either way.
But really, its worth understanding why that law is there. After all, its for reasons that affect citizens worldwide.
There has been enough in the press recently, as well as commonsense understandings, to appreciate the possible negative impact on private citizens if their data is mishandled - and that far too often it has been mishandled. Citizens trust you with their data when they visit your site. The GDPR makes clear what current standard of protection and rights they should be able to take for granted without needing to check each website's T&Cs.
Update
Also be aware that in at least some jurisdictions (the UK is one, at least, not sure about other EU countries or US states), there is a law about unfair contract terms to consider as well. The UK version of that law, which is the only one I know well enough to describe, says that if a supplier of tangible goods or of a service, has a standardised contract, and the consumer has to "take it or leave it", then the consumer can ask a court to strike out any term in it on the grounds it is an unfair contract term, essentially one where they had to accept it even though it's unfair and unreasonable, and if the court agrees, the term is replaced (if possible) with a similar but fair term, or (if not) it is struck out. This law isn't actually used very often, but is a very powerful one for addressing unequal bargaining power - think in terms of "whatever Microsoft might put in the Windows T&C" or a rogue payday lender's unfair repayments/interest, or similar. I know the argument that "they don't have to use it if they don't like it", but the reality is some will, and that's enough for an unfair business to profit from; so the law is what it is. A term that forced a person using your terms, to give up their rights as a cost of using the site within its "small print" could well find the clause struck out anyway, although in practice such cases are pretty uncommon.
add a comment |
What you are asking for is, in effect, an "opt out" clause. It might be framed in terms of choice of governing law, but effectively it seeks to opt you out of EU consumer protection laws.
Not surprisingly, most consumer laws just don't allow you to do that.
Otherwise a car seller would simply write onto their contract "If this car has a fault that kills anyone, you agree to hold the seller and maker harmless and not to claim damages for any reason", and similar for anything else - your unsafe or unreliable toaster, your bank transfer that's sent to the wrong place, your "unbreakable" phone that broke the first time you carried it, your unexpected exit charges on a loan or phone contract, and so on.
So consumer protection law generally doesn't permit opting out. (Much the same way as a lot of employment law, you can't just opt out of by putting it in the contract.)
If you flip it around and hypothetically suppose there was a US law and an EU website wanted an opt out, you can see why it wouldn't be fair or work well also. It that were to be legally permitted, one of 2 things may tend to happen - either
- many other websites seeking to deprive US citizens of the benefit they would get from that law, would just move overseas and also avoid giving the benefit to US users (and under market pressure others may feel they have to do likewise to compete), or
- we end up with a situation where equal US citizens are protected unequally depending on how canny their retailer is, in their hosting.
You can imagine that wouldn't be ideal either way.
But really, its worth understanding why that law is there. After all, its for reasons that affect citizens worldwide.
There has been enough in the press recently, as well as commonsense understandings, to appreciate the possible negative impact on private citizens if their data is mishandled - and that far too often it has been mishandled. Citizens trust you with their data when they visit your site. The GDPR makes clear what current standard of protection and rights they should be able to take for granted without needing to check each website's T&Cs.
Update
Also be aware that in at least some jurisdictions (the UK is one, at least, not sure about other EU countries or US states), there is a law about unfair contract terms to consider as well. The UK version of that law, which is the only one I know well enough to describe, says that if a supplier of tangible goods or of a service, has a standardised contract, and the consumer has to "take it or leave it", then the consumer can ask a court to strike out any term in it on the grounds it is an unfair contract term, essentially one where they had to accept it even though it's unfair and unreasonable, and if the court agrees, the term is replaced (if possible) with a similar but fair term, or (if not) it is struck out. This law isn't actually used very often, but is a very powerful one for addressing unequal bargaining power - think in terms of "whatever Microsoft might put in the Windows T&C" or a rogue payday lender's unfair repayments/interest, or similar. I know the argument that "they don't have to use it if they don't like it", but the reality is some will, and that's enough for an unfair business to profit from; so the law is what it is. A term that forced a person using your terms, to give up their rights as a cost of using the site within its "small print" could well find the clause struck out anyway, although in practice such cases are pretty uncommon.
What you are asking for is, in effect, an "opt out" clause. It might be framed in terms of choice of governing law, but effectively it seeks to opt you out of EU consumer protection laws.
Not surprisingly, most consumer laws just don't allow you to do that.
Otherwise a car seller would simply write onto their contract "If this car has a fault that kills anyone, you agree to hold the seller and maker harmless and not to claim damages for any reason", and similar for anything else - your unsafe or unreliable toaster, your bank transfer that's sent to the wrong place, your "unbreakable" phone that broke the first time you carried it, your unexpected exit charges on a loan or phone contract, and so on.
So consumer protection law generally doesn't permit opting out. (Much the same way as a lot of employment law, you can't just opt out of by putting it in the contract.)
If you flip it around and hypothetically suppose there was a US law and an EU website wanted an opt out, you can see why it wouldn't be fair or work well also. It that were to be legally permitted, one of 2 things may tend to happen - either
- many other websites seeking to deprive US citizens of the benefit they would get from that law, would just move overseas and also avoid giving the benefit to US users (and under market pressure others may feel they have to do likewise to compete), or
- we end up with a situation where equal US citizens are protected unequally depending on how canny their retailer is, in their hosting.
You can imagine that wouldn't be ideal either way.
But really, its worth understanding why that law is there. After all, its for reasons that affect citizens worldwide.
There has been enough in the press recently, as well as commonsense understandings, to appreciate the possible negative impact on private citizens if their data is mishandled - and that far too often it has been mishandled. Citizens trust you with their data when they visit your site. The GDPR makes clear what current standard of protection and rights they should be able to take for granted without needing to check each website's T&Cs.
Update
Also be aware that in at least some jurisdictions (the UK is one, at least, not sure about other EU countries or US states), there is a law about unfair contract terms to consider as well. The UK version of that law, which is the only one I know well enough to describe, says that if a supplier of tangible goods or of a service, has a standardised contract, and the consumer has to "take it or leave it", then the consumer can ask a court to strike out any term in it on the grounds it is an unfair contract term, essentially one where they had to accept it even though it's unfair and unreasonable, and if the court agrees, the term is replaced (if possible) with a similar but fair term, or (if not) it is struck out. This law isn't actually used very often, but is a very powerful one for addressing unequal bargaining power - think in terms of "whatever Microsoft might put in the Windows T&C" or a rogue payday lender's unfair repayments/interest, or similar. I know the argument that "they don't have to use it if they don't like it", but the reality is some will, and that's enough for an unfair business to profit from; so the law is what it is. A term that forced a person using your terms, to give up their rights as a cost of using the site within its "small print" could well find the clause struck out anyway, although in practice such cases are pretty uncommon.
edited Apr 23 at 5:07
answered Apr 22 at 17:25
StilezStilez
1,138312
1,138312
add a comment |
add a comment |
Imagine you export some goods to Ireland, and you put on the shrink wrap that the governing law of the goods is that of the US (or rather a specific legal country within the US). Your goods are illegal in Ireland because they don't meet Irish and EU safety standards.
Do you get to opt out of Irish law by your shrinkwrap? If not, how is this different from trying to opt your website out of GDPR?
New contributor
1
But what if it's not targeted at EU users, but just any user on the web? It seems a little unfair to expect the site owners to block access to each country/region that might have different laws. For example, what if Zimbabwe implements special internet laws for its citizens?
– Jim
Apr 22 at 20:43
This is a fairly good example. The counterpoint might be "I ship anywhere on money orders. I don't know if the goods are lawful in your area or not." Let others argue whether this is lawful or not. I would normally argue on the not side.
– Joshua
Apr 22 at 20:55
@Joshua Right but then you still did the shipping. Maybe Ireland has to figure out how to catch you, but you can't choice of law your way out of them maybe wanting to catch you (unless their law lets you do just that, of course).
– Marcin
Apr 22 at 21:48
2
@Jim - if you sell a product in 10 countries (or even give a product away for free), you would hardly be surprised if you have to comply with the law of each country when you sell products there. Providing services is no different, and an online service or website is still a service. If you configure your website to allow purchases or consumer usage from 10 countries, you can hardly be surprised when those 10 countries expect their law to be applied to consumers in their territory. (Stark examples: should a country freely allow websites for child brides or copyright-piracy ...
– Stilez
Apr 23 at 7:59
1
... or fraudulently deceptive claims within its territory, as long as the website gets hosted somewhere those are legal or accepted? Of course not.) It's the website owner's choice where to market to/publish in, and to research the places they want to market to/publish in. They always have the option not to market to, or allow visitors from, places where they don't feel comfortable they can comply with the law, or where the effort required isn't worth it to them.
– Stilez
Apr 23 at 8:03
|
show 1 more comment
Imagine you export some goods to Ireland, and you put on the shrink wrap that the governing law of the goods is that of the US (or rather a specific legal country within the US). Your goods are illegal in Ireland because they don't meet Irish and EU safety standards.
Do you get to opt out of Irish law by your shrinkwrap? If not, how is this different from trying to opt your website out of GDPR?
New contributor
1
But what if it's not targeted at EU users, but just any user on the web? It seems a little unfair to expect the site owners to block access to each country/region that might have different laws. For example, what if Zimbabwe implements special internet laws for its citizens?
– Jim
Apr 22 at 20:43
This is a fairly good example. The counterpoint might be "I ship anywhere on money orders. I don't know if the goods are lawful in your area or not." Let others argue whether this is lawful or not. I would normally argue on the not side.
– Joshua
Apr 22 at 20:55
@Joshua Right but then you still did the shipping. Maybe Ireland has to figure out how to catch you, but you can't choice of law your way out of them maybe wanting to catch you (unless their law lets you do just that, of course).
– Marcin
Apr 22 at 21:48
2
@Jim - if you sell a product in 10 countries (or even give a product away for free), you would hardly be surprised if you have to comply with the law of each country when you sell products there. Providing services is no different, and an online service or website is still a service. If you configure your website to allow purchases or consumer usage from 10 countries, you can hardly be surprised when those 10 countries expect their law to be applied to consumers in their territory. (Stark examples: should a country freely allow websites for child brides or copyright-piracy ...
– Stilez
Apr 23 at 7:59
1
... or fraudulently deceptive claims within its territory, as long as the website gets hosted somewhere those are legal or accepted? Of course not.) It's the website owner's choice where to market to/publish in, and to research the places they want to market to/publish in. They always have the option not to market to, or allow visitors from, places where they don't feel comfortable they can comply with the law, or where the effort required isn't worth it to them.
– Stilez
Apr 23 at 8:03
|
show 1 more comment
Imagine you export some goods to Ireland, and you put on the shrink wrap that the governing law of the goods is that of the US (or rather a specific legal country within the US). Your goods are illegal in Ireland because they don't meet Irish and EU safety standards.
Do you get to opt out of Irish law by your shrinkwrap? If not, how is this different from trying to opt your website out of GDPR?
New contributor
Imagine you export some goods to Ireland, and you put on the shrink wrap that the governing law of the goods is that of the US (or rather a specific legal country within the US). Your goods are illegal in Ireland because they don't meet Irish and EU safety standards.
Do you get to opt out of Irish law by your shrinkwrap? If not, how is this different from trying to opt your website out of GDPR?
New contributor
New contributor
answered Apr 22 at 17:34
MarcinMarcin
1292
1292
New contributor
New contributor
1
But what if it's not targeted at EU users, but just any user on the web? It seems a little unfair to expect the site owners to block access to each country/region that might have different laws. For example, what if Zimbabwe implements special internet laws for its citizens?
– Jim
Apr 22 at 20:43
This is a fairly good example. The counterpoint might be "I ship anywhere on money orders. I don't know if the goods are lawful in your area or not." Let others argue whether this is lawful or not. I would normally argue on the not side.
– Joshua
Apr 22 at 20:55
@Joshua Right but then you still did the shipping. Maybe Ireland has to figure out how to catch you, but you can't choice of law your way out of them maybe wanting to catch you (unless their law lets you do just that, of course).
– Marcin
Apr 22 at 21:48
2
@Jim - if you sell a product in 10 countries (or even give a product away for free), you would hardly be surprised if you have to comply with the law of each country when you sell products there. Providing services is no different, and an online service or website is still a service. If you configure your website to allow purchases or consumer usage from 10 countries, you can hardly be surprised when those 10 countries expect their law to be applied to consumers in their territory. (Stark examples: should a country freely allow websites for child brides or copyright-piracy ...
– Stilez
Apr 23 at 7:59
1
... or fraudulently deceptive claims within its territory, as long as the website gets hosted somewhere those are legal or accepted? Of course not.) It's the website owner's choice where to market to/publish in, and to research the places they want to market to/publish in. They always have the option not to market to, or allow visitors from, places where they don't feel comfortable they can comply with the law, or where the effort required isn't worth it to them.
– Stilez
Apr 23 at 8:03
|
show 1 more comment
1
But what if it's not targeted at EU users, but just any user on the web? It seems a little unfair to expect the site owners to block access to each country/region that might have different laws. For example, what if Zimbabwe implements special internet laws for its citizens?
– Jim
Apr 22 at 20:43
This is a fairly good example. The counterpoint might be "I ship anywhere on money orders. I don't know if the goods are lawful in your area or not." Let others argue whether this is lawful or not. I would normally argue on the not side.
– Joshua
Apr 22 at 20:55
@Joshua Right but then you still did the shipping. Maybe Ireland has to figure out how to catch you, but you can't choice of law your way out of them maybe wanting to catch you (unless their law lets you do just that, of course).
– Marcin
Apr 22 at 21:48
2
@Jim - if you sell a product in 10 countries (or even give a product away for free), you would hardly be surprised if you have to comply with the law of each country when you sell products there. Providing services is no different, and an online service or website is still a service. If you configure your website to allow purchases or consumer usage from 10 countries, you can hardly be surprised when those 10 countries expect their law to be applied to consumers in their territory. (Stark examples: should a country freely allow websites for child brides or copyright-piracy ...
– Stilez
Apr 23 at 7:59
1
... or fraudulently deceptive claims within its territory, as long as the website gets hosted somewhere those are legal or accepted? Of course not.) It's the website owner's choice where to market to/publish in, and to research the places they want to market to/publish in. They always have the option not to market to, or allow visitors from, places where they don't feel comfortable they can comply with the law, or where the effort required isn't worth it to them.
– Stilez
Apr 23 at 8:03
1
1
But what if it's not targeted at EU users, but just any user on the web? It seems a little unfair to expect the site owners to block access to each country/region that might have different laws. For example, what if Zimbabwe implements special internet laws for its citizens?
– Jim
Apr 22 at 20:43
But what if it's not targeted at EU users, but just any user on the web? It seems a little unfair to expect the site owners to block access to each country/region that might have different laws. For example, what if Zimbabwe implements special internet laws for its citizens?
– Jim
Apr 22 at 20:43
This is a fairly good example. The counterpoint might be "I ship anywhere on money orders. I don't know if the goods are lawful in your area or not." Let others argue whether this is lawful or not. I would normally argue on the not side.
– Joshua
Apr 22 at 20:55
This is a fairly good example. The counterpoint might be "I ship anywhere on money orders. I don't know if the goods are lawful in your area or not." Let others argue whether this is lawful or not. I would normally argue on the not side.
– Joshua
Apr 22 at 20:55
@Joshua Right but then you still did the shipping. Maybe Ireland has to figure out how to catch you, but you can't choice of law your way out of them maybe wanting to catch you (unless their law lets you do just that, of course).
– Marcin
Apr 22 at 21:48
@Joshua Right but then you still did the shipping. Maybe Ireland has to figure out how to catch you, but you can't choice of law your way out of them maybe wanting to catch you (unless their law lets you do just that, of course).
– Marcin
Apr 22 at 21:48
2
2
@Jim - if you sell a product in 10 countries (or even give a product away for free), you would hardly be surprised if you have to comply with the law of each country when you sell products there. Providing services is no different, and an online service or website is still a service. If you configure your website to allow purchases or consumer usage from 10 countries, you can hardly be surprised when those 10 countries expect their law to be applied to consumers in their territory. (Stark examples: should a country freely allow websites for child brides or copyright-piracy ...
– Stilez
Apr 23 at 7:59
@Jim - if you sell a product in 10 countries (or even give a product away for free), you would hardly be surprised if you have to comply with the law of each country when you sell products there. Providing services is no different, and an online service or website is still a service. If you configure your website to allow purchases or consumer usage from 10 countries, you can hardly be surprised when those 10 countries expect their law to be applied to consumers in their territory. (Stark examples: should a country freely allow websites for child brides or copyright-piracy ...
– Stilez
Apr 23 at 7:59
1
1
... or fraudulently deceptive claims within its territory, as long as the website gets hosted somewhere those are legal or accepted? Of course not.) It's the website owner's choice where to market to/publish in, and to research the places they want to market to/publish in. They always have the option not to market to, or allow visitors from, places where they don't feel comfortable they can comply with the law, or where the effort required isn't worth it to them.
– Stilez
Apr 23 at 8:03
... or fraudulently deceptive claims within its territory, as long as the website gets hosted somewhere those are legal or accepted? Of course not.) It's the website owner's choice where to market to/publish in, and to research the places they want to market to/publish in. They always have the option not to market to, or allow visitors from, places where they don't feel comfortable they can comply with the law, or where the effort required isn't worth it to them.
– Stilez
Apr 23 at 8:03
|
show 1 more comment
Jim is a new contributor. Be nice, and check out our Code of Conduct.
Jim is a new contributor. Be nice, and check out our Code of Conduct.
Jim is a new contributor. Be nice, and check out our Code of Conduct.
Jim is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Law Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f39331%2fwhy-cant-i-add-a-governing-law-to-my-terms-of-service-to-avoid-gdpr%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
Possible duplicate of What is the legal mechanism by which the GDPR might apply to a business with no presence in the EU?
– BlueDogRanch
Apr 22 at 15:09
6
In my view, while related, this is not a duplicate. This asks specifically about a TOS provision and a Governing law clause, neither of which is mentioned in the other Q or its answers.
– David Siegel
Apr 22 at 15:32