This is why I am asking such a strange question:
Europe has a law called GDPR which imposes responsibility of processing on the person who decides the means of processing of personal data. Now, if someone posts a link, and the website on the link violates GDPR, the person who posted the link will be liable because they determined the means and processing of data.
Of course it's legal.
Hyperlinking to an unaffiliated website in no way "determine[s] the means and processing of data." The person who makes these determinations is the person running the website. If I link to Microsoft's website, that doesn't give me any control over how Microsoft processes data on the website.
<a href="..."> and <img src="..."> are quite similar, but the conclusions are different
<a href="..."> and <img src="..."> are quite similar" - I must somewhat disagree here. Usually, rendering an <a> does not cause or require the resource indicated by href to be requested, while rendering an <img> typically does require/cause the resource indicated by src to be requested. I'd say that makes the two quite different even on the technical side.
Commented
Nov 24, 2020 at 21:50
GDPR is very specific about who the data controllers and data processes are, in a given process. By simply linking to a site, you do not qualify as either a data controller or data processor.
https://www.gdpreu.org/the-regulation/key-concepts/data-controllers-and-processors/
A data controller is a key decision makers. They have the overall say and control over the reason and purposes behind data collection and over the means and method of data processing.
A data processor will act on behalf of the controller. They only operate via instructions from the controller. Individual users can make claims for compensation and damages against both processors and controllers.
Please note that, while setting a link is not illegal in itself, you can still get in trouble depending on the material you link to. Also, the EU is not one single entity and it doesn't even make laws - it issues directives that the individual countries must turn into law, in their territory and embedded into their own legal framework. So, details can very well vary between countries, and what's legal in Romania doesn't have to be legal in Germany, or vice versa.
If you're linking to, or possibly worse, embedding images from a different web site, "It was just a link, not me" won't help you much if the images you embed are illegal - think kiddy porn.
Germany cracks down heavily on anything that might be interpreted as promoting Nazi ideology - linking to a Nazi web site will get you in trouble. Showing an image of a swastika, likewise. (There's a lot of details to this; which are not really relevant to the question). But for this reason, many German printed books feature a disclaimer like "Any links in this book were checked at the time of publication, the author is not responsible for any later modifications".
Other EU countries might care much less about Nazi material, but may have their own kinds of sensitive topics to avoid.
So, while linking will not constitute a GDPR violation, there's still pitfalls to avoid. Make sure you don't link to illegal material, for whichever definition of "illegal". Also, most EU countries don't have "fair use" clauses like the U.S. do, citing text or using images from web sites you do not own, even when used to link to those web sites, might be copyright violations.
Consult a lawyer for details, and, as I said, what's legal in one or two EU countries is not neccesarily legal everywhere in the EU.
