[Zak]

> That includes generating ad revenues from EU based eyeballs.

That would be fairly hard to enforce against a company that doesn't have a physical or legal presence in the EU.

In general, I'm disturbed by governments trying to enforce laws beyond their border just because their citizens are somehow involved by sending information over the internet. In some fields, it's a legal minefield just to comply with the rules of one country, much less several. This won't be a major difficulty for big players with high-paid lawyers and compliance departments, but it could easily kill startups, some before they're even launched.

[distances]

> In general, I'm disturbed by governments trying to enforce laws beyond their border just because their citizens are somehow involved by sending information over the internet.

Isn't it simple enough to geoblock areas if European customers are somehow too hard to serve?

> In some fields, it's a legal minefield just to comply with the rules of one country, much less several. This won't be a major difficulty for big players with high-paid lawyers and compliance departments, but it could easily kill startups, some before they're even launched.

As the topic is GDPR: a privacy first approach is not rocket science. I'm sure any startup with even the remotest chance of success can follow the basic principles without undue complications.

[Zak]

Geoblocking is breaking the internet.

While I agree that startups should be respectful of privacy, that doesn't change the principle at work here. Allowing countries to enforce laws against companies that don't have a physical or legal presence within their borders is a dangerous mechanism. Introducing a dangerous mechanism to enforce a good policy will result in that mechanism being used for a bad policy later on.