Beginning 1 September, we will need to geoblock Mississippi IPs

(dw-news.dreamwidth.org)

295 points AndrewDucker | 1 comments | 27 Aug 25 20:03 UTC | HN request time: 0.286s | source

Show context

andybak ◴[27 Aug 25 21:05 UTC] No.45045278[source]▶

Between this and the UK Online Safety Bill, how are people meant to keep track?

Launch a small website and commit a felony in 7 states and 13 countries.

I wouldn't have known about the Mississippi bill unless I'd read this. How are we have to know?

replies(9): >>45045295 #>>45045350 #>>45045462 #>>45045802 #>>45047760 #>>45047928 #>>45048091 #>>45050064 #>>45054184 #

Buttons840 ◴[28 Aug 25 02:43 UTC] No.45047760[source]▶

>>45045278 #

Hopefully data centers will be built in more free states. If I live in California, and run a server in California that responds to requests coming from an ISP in California, at what point do I become subject to Mississippi law that I never had a chance to vote for?

If anything, communications between Mississippi and California would be interstate commerce and would thus fall under federal legal jurisdiction.

replies(2): >>45048016 #>>45048309 #

vel0city ◴[28 Aug 25 03:22 UTC] No.45048016[source]▶

>>45047760 #

While I'm not trying to argue for or against any particular law in this comment, California is far from a "free state" in terms of internet laws.

If I run a server in Utah primarily for myself, and you as a Californian happen to stumble upon it, should I have to abide by California privacy laws?

replies(1): >>45048513 #

pkaye ◴[28 Aug 25 04:53 UTC] No.45048513[source]▶

>>45048016 #

https://termly.io/resources/articles/ccpa-vs-cpra/#who-must-...

> should I have to abide by California privacy laws?

It seems these are the conditions:

As of January 1, 2023, your business must comply with both the CCPA and the CPRA if you do business in California and meet any one of the following conditions:

* Earned $25 million in gross annual revenue as of January 1 from the previous calendar year

* Annually buys, sells, or shares the personal information of 100,000 or more California consumers or households

* Derived 50% or more of your gross annual revenue from the selling or sharing of personal information

Also lots of states have their own data privacy laws.

https://iapp.org/media/pdf/resource_center/State_Comp_Privac...

replies(1): >>45048613 #

vel0city ◴[28 Aug 25 05:11 UTC] No.45048613[source]▶

>>45048513 #

I wasn't trying to suggest California was alone with such laws. Only pointing out they do indeed have internet laws that cross state boundaries, far from the "free state" suggested by the parent comment. Lots of states have such laws, and I generally do agree such things are good.

And yes, in this particular circumstance for this specific law as currently written a private blog doing it's own normal things probably wouldn't infringe or be subject to these rules.

But what about a Utah focused social media site that does have $25M in revenue? It's not trying to court California users. Why should they have to be liable to laws in a state they never intended to do business in? It's these Californians leaving California to interact with an org across state lines. Whatever happened to state sovereignty? Should an Oklahoman be required to buy only 3.2% beer in Texas as well or have some Texas beer and wine shop face the wrath of Oklahoma courts for serving an Okie some real beer?

Where did that web transaction actually happen? On the client or on the server? Where did the data actually get stored and processed?

IMO we're past the time of patchwork laws. The social experiment of figuring out what makes some sense is largely over at least for the basics. It's time for real federal privacy laws to make a real, enforceable nationwide policy.

replies(2): >>45048712 #>>45051175 #

IgorPartola ◴[28 Aug 25 05:25 UTC] No.45048712[source]▶

>>45048613 #

Not a lawyer but I think that if none of your users are from California then nobody would have standing to sue you.

replies(2): >>45048986 #>>45049240 #

Nevermark ◴[28 Aug 25 06:12 UTC] No.45048986[source]▶

>>45048712 #

Yes, but that would require a preemptive blocking strategy in actual practice.

> It's not trying to court California users.

The point that is being made, is that even a site generally designed and expected to be used by Utah citizens can become liable to Californian law because a Californian created an account.

replies(1): >>45056577 #

1. fc417fc802 ◴[28 Aug 25 20:17 UTC] No.45056577[source]▶

>>45048986 #

Just as with "over 18" banners, I expect that if all users self-certify as being non-californians the law won't apply to you. And that seems perfectly reasonable to me. Perhaps with the exception that I also think that a modal banner to the effect of "you acknowledge that you are now doing business in Utah" also ought to suffice.

If you actually sell things to Californians that's different. At that point, yeah, I think you _should_ be subject to California law. You're doing the equivalent of mail order business with a resident after all.

↑