So on my ad-supported site that does not ask users where they are from, I will have to put a geo-ip filter to keep EU people off in order to avoid fines? Otherwise, do we accept that statements like "we'll have to respect the laws of the countries we do business in" is a bit generic and over-reaching in a global medium? I have not read the proposed law and I trust this situation is covered, but I am still annoyed at every region having so many of it's own internet rules (not EU specific, goes with them all). Granted explicit business w/ explicit customers giving explicit monies in nation-backed currencies does make it easy to follow this law, but not everyone's business is like this.
This is a hypothetical, so let's say yes. So, do I need to filter out my users to avoid fines? That may seem noble and great in this particular case, but it's a slippery slope. The more regionally-specific regulations that are introduced causing more work for companies, the more the ROI per customer in that region may reduce. Once it gets below 0 with the threat of fines for a company, the users might be cut off.
It seems all good for this specific policy because most of us agree with it globally. But data protectionism and/or extreme regional deviations/regulations in law will reduce the globalism everyone shares. Other options (such as educating the populace or encouraging competition) can be more effective than restrictions.
This is something to think about as the EU grows smaller, not larger. Even today, small companies with fewer EU users may stop and think about providing access at the cost of, e.g., building a portal for them to manage cookie settings.
> This is something to think about as the EU grows smaller, not larger.
I guess we'll see what happens with Brexit, but I would argue that the EU is growing in global importance and leadership. With the USA's recent NSA scandals, isolationist rhetoric, and backing out of international environmental agreements, I think we're going to see the EU increasingly set the tone for international trade.
I'm sure there will be plenty of tech firms that choose to serve only US customers (in the same way that there are Chinese-only and Russian-only companies today), but competing "globally" will mean following the EU's lead.
I understand your concern; if restrictions become overly complex and regional compliance may start to limit innovation (e.g. EU VAT based on destination country).
That's a different type of restriction than respecting user privacy because you can't apply the same approach everywhere. A company could easily extend the same rights to all their users. If your offering needs to violate user privacy to exist, maybe it shouldn't.
>Other options (such as educating the populace or encouraging competition) can be more effective than restrictions.
This appears disingenuous.
1. Competition: In your example above respecting user rights nets <0 ROI. There can be no competition here that respects user rights, so how would this help the situation? Conversely, restrictions will encourage competition by protecting less profitable and wealthy ventures from predatory global competition solely focused on maximizing profit.
2. Educating: You're seeking to shift responsibility from experts to laypeople, then blame the laypeople for their lack of education. It's like suggesting we should eliminate building codes then educate people on proper construction. Basically you are advocating for schools and high-rises that collapse.
If they aren't part of the EU or strongly associated with EU institutions why would the GDPR apply to them?
What the EU is trying to do is make it so countries outside the EU only have to think of the EU as a single country. This is why theres a single market and single currency.
This is an example of why some local services are winning out against global competitors. Respect for and knowledge of their specific niche.