Hacker News new | ask | show | jobs
by sakabaro 2991 days ago
GDPR is more overeaching than that. You don’t need physical presence in EU to be subject to it. In theory, just having a webserver storing access logs (default of Apache and Nginx) makes you infringing it as EU IPs are now considered personal data.
2 comments
teamhappy 2991 days ago
> just having a webserver storing access logs (default of Apache and Nginx) makes you infringing it as EU IPs are now considered personal data.

That's not true. Read the 23rd point right at the top: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...

Here's the part of it that covers your webserver: "Whereas the mere accessibility of the controller's, processor's or an intermediary's website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, [...]".

link
sakabaro 2991 days ago
From the french version, same (23):

> envisage d'offrir des services à des personnes concernées dans un ou plusieurs États membres de l'Union

They just have to prove you are considering EU in your app. It can be anything. Like Having EU timezones, or a country input with EU countries is enough to prove intent to server EU residents. If you collect IPs via your web sever, you are infringing.

link
teamhappy 2991 days ago
> is enough to prove intent to server EU residents

Given that it's still April, there's literally no way for you to know that. Also, the sentence you're quoting starts with "may make it apparent" not "does make it apparent".

Having said that, if you're building a service that let's people select EU timezones, countries, currencies and so on you're probably going to have a hard time proving that you're not providing goods or services to Europeans (because you probably are). If you're providing goods or services to Europeans GDPR applies.

link
pluma 2991 days ago
Yeah and unless you don't business in the EU as an EU entity, you can pay just as much attention to that as EU companies who don't do business in the US as a US company pay to the trainwreck that are American software patents.
link