New Privacy Policy

Who gave the European Union authority to set General Data Protection Regulation policy with the an American website?

My membership dues would like to know.

It's because this site offers services to, and captures personal data from, members in the EU. If an outfit captures personal data of EU citizens, then it is bound by the GDPR. Many organizations are setting a blanket policy because it's easier to implement one global policy than piecemeal around the world. Your membership dues has a choice whether to agree to the policy.
Looks like ACMOC just squeaked within the deadline of 5/25 - good job Bruce 👍

I have gotten notices about this from a dozen different places in the last few weeks. It tightens the restrictions on the amount of information that can be gathered from me and passed on. Lessening the amount of my information that can be given out is not a bad thing in my book.

Neil, I have a problem with a foreign entity setting internet policy for Americans, not so much with ACMOC. So since I'm American and I don't want to abide by a foreign policy, then I don't get to use the website that I help pay for?

Don: acknowledged. But you can do something about it if it's important to you.

A key point here is that any organization that wants to collect private data on EU individuals has to abide by EU rules. ACMOC is a U.S.-based club but collects personal data on EU citizens. Similarly (and I'm hoping you'd see that this is the same situation), any organization that wants to collect private data on U.S. individuals has to abide by U.S. privacy rules, regardless of that organization's base country. Turns out that EU rules are pretty much a superset of U.S. rules. To avoid the application of the GPDR rules to ACMOC, the club would need to not allow any EU citizens to sign up and be members (and the club would have to enforce it in order to demonstrate compliance - this would be an expensive undertaking, and likely not seen as a worthwhile use of precious funds by club members). The practical effect of the club's policy is virtually nil on members - the club already has member personal information so essentially all they're doing by complying with the GPDR is agreeing to keep that information safe (there's a bunch of regulations behind the word "safe" but that's the basic intent). That's really no different from complying with U.S. data privacy regulations.

If you feel that it's not where the club should go, you could put forth a motion to the club to disallow EU members - I'd guess it would be an unpopular motion (I wouldn't support it - I like that we have a wide variety of members) and unlikely to succeed but nevertheless you could give it a shot.

Neil, you obviously have a firm grip on the GDPR. During our meeting to discuss our compliance strategy, one of our admins came up with the same concern that D9gdon asked. Just how can the European Union impose restrictions on a USA website? You answered the question exactly correct. Our little club website has a global reach and impact. As such, and considering we do have members who reside in the EU (Chapter 2 included) we are bound to abide. Failure to do so can result in massive fines north of a few million. You also are correct that we could have opted out of allowing any IP addresses from Europe to reach our site, but besides annoying many users and members, that would also fly in the face of our Cat license which includes servicing of our EU brethren.

Hi Bruce,
yes it's a valid question and your admin and Don are both right to question it - we should always be informed about what the club does and why. I think part of the GDPR issue is that it wasn't well-publicized here (being as it's a European ruling) so it's likely caught a number of folks this side of the Atlantic short. But you and the team have met the compliance date so we're in really good shape - thanks for all you do!

I understand that I must comply simply because I'm in the majority.

Since it is all settled then, I shall pay my dues in Euros next year.

€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€

I will then expect further special treatment for being in the minority, including a membership discount. I don't expect that you will check my IP address when I claim that status.