[joshuakarjala]

According to GDPR you do not need consent to gather personal data which is reasonable with regards to the service your are providing.

Why you do need consent for is to gather unneeded personal data or to send personl data to 3rd party providers for processing that is not essential to your service.

You are not allowed to deny people access to your site based on lack of this kind of consent.

[Tharkun]

What are you basing that last paragraph on? It's my website, I'll damn well deny access to anyone I please.

[mattmanser]

Perhaps you should read the parable of King Canute?

Here's roughly what you must comply by, if you're not blocking the whole of the EU.

https://ico.org.uk/for-organisations/guide-to-the-general-da...

[ithkuil]

I'm not sure I understand what this means:

> Avoid making consent to processing a precondition of a service.

Does it mean I have to ensure my users can use the service even if I'm not allowed to "process" their data? I assume this must mean "processing" data for reasons not directly connected to the actual service. (E.g. using the data to gather business intelligence or sell it to third parties)

[jacquesm]

It's your website but they are not your users. You can deny access to anyone you please but for those that you do allow access you're going to have to abide by the law.

[TeMPOraL]

> What are you basing that last paragraph on? It's my website, I'll damn well deny access to anyone I please.

If you collect and process PIIs of EU citizens, the EU will do whatever it goddamn likes with you, which currently means some pretty high fines.

[ryanwaggoner]

Only if they can enforce and collect them. I’m extremely skeptical that they can do so for companies with no ties to the EU. I suspect other countries will take a dim view of the EU attacking their sovereignty like that, and will probably just ignore it.