I wonder if YTS users could go after the operator in court for its illegal conduct, or for its use of their personal data in particular. I'm guessing the site being illegal isn't relevant unless they personally have their copyrights infringed, but I wouldn't be surprised if this use of individuals' data without consent is illegal, especially if the shakedown letters turn out to be fraudulent.
Unclean hands doctrine. You can't sue someone when the complaint at issue is you doing something wrong. You'd have to find someone that didn't infringe on anything, and even then you'd have to fight an uphill battle. In the absence of a contract saying the data can never be shared, it's unclear what the cause of action would even be.
It would be up to the courts if you've done anything wrong though - downloading a torrent file isn't illegal, per TFA. Who's to say you followed through with a torrent client to use it?
> The harm is your IP address and other information being provided to a company that's trying to extort you...
If you get sued, you've suffered damages and you have a cause of action. You'd need to show that YTS wrongly provided your information, but in the hypothetical where you in fact did nothing wrong, that seems theoretically doable.
You might have a malicious prosecution case against the party that sued you. I still don't see a cause of action or damages against a third party that provided information that they likely would have been forced to provide in discovery anyway.
Especially since the operator is a UK company, subject to GDPR. This kind of trade with personal data is one of the big things GDPR is supposed to protect against.
Most EU law will continue to apply until/unless it is specifically repealed. National laws that implement the EU law are usually required for each country to implement the law in accordance with its own legal codes and structures.
The UK is still inside most of the treaties until next year, as there is currently a "transition period" in effect, but even when that ends, a lot of EU law will still be part of UK law.
I would also expect that they can only remove it after the end of the transition period. Being able to remove market protections while still being in the single market would give them an unfair advantage.
The UK's Data Protection legislation was fairly strong before GDPR made improvements. GDPR is applied by each member state's own laws aligning with GDPR. Hence I believe, in this specific case, nothing has (or will) change as Brexit reaches its conclusion.
The GDPR still applies in the UK, even after brexit. The EU has kind of a weird system IMO.
The main EU body decides on a thing. Then each country in the EU reads the thing, and enacts legislation that does the thing. Notably, each country in the EU write their own legislation such that the main EU thing is satisfied. The EU itself doesn't make laws/legislation.
What is the legal drinking age in the United States? Trick question: the US has no legal drinking age. The interstate highway act stipulated that if the federal government is going to spend money to build freeways in a state, the state has to enact a drinking age of 21 years. There's a crapload of money tied up in this, so all 50 states have set the legal drinking age to 21 years.
So if a state seceded from the union, while many federal US laws would no longer apply, the legal drinking age of 21 years would still apply, because that is a state law.
The thing about the EU is that every law is like that. They're national laws that are mandated by the EU. The UK has a GDPR law, France has a GDPR law, Germany has a GDPR law, etc. Presumably the UK will go through its books at some point and make adjustments as they see fit, but that hasn't happened to the GDPR.
Per Wikipedia, "As the GDPR is a regulation, not a directive, it is directly binding and applicable, but does provide flexibility for certain aspects of the regulation to be adjusted by individual member states."
For most practical purposes, the transition treaty makes it as if the UK was still part of the EU until the end of the year.
I believe many member states did also implement it in local law, since they already had privacy laws and just adjusted them to be GDPR-compatible, but the GDPR would also apply directly.
