[downandout]

Yeah, but that's easy enough to deal with. You simply don't load any third party stuff (or allow them to see your content) until they click "OK". Some simple javascript is all it takes to delay loading of everything not on the current server.

So basically prior to serving any content, you do an IP check. If they are from a GDPR country, you serve the delay loading script. If they aren't, you just load as normal. Pretty straightforward. I don't think you'd want to do it universally for all users, as you'd be at a competitive disadvantage to other sites. But you can easily enough just do it for EU countries. The other option is to just block them entirely if you have no need for EU traffic. Many sites - US local businesses etc. have no use for EU traffic or the liability that comes with it.

On a side note, with all the walled garden stuff that will be going on due to GDPR, I'll be interested to see how badly the SERPs get fractured, since every site will have a different scheme to require consent and not all of them will have people behind them that are savvy enough to make it not ask Googlebot for affirmative consent. This will put smaller businesses in the EU that don't have the resources to hire someone to deal with these issues at a serious disadvantage if they can no longer be indexed.

[maximente]

what you've suggested seems OK technically, but i feel like you're making an assumption that originating source of traffic determines citizenship of the user.

it could very well be that an EU citizen in Asia or the US is collected upon given your algorithm. if that's the case, are you not in violation of GDPR?

but, at the risk of rabbit-holing, your suggestion would be a pretty fundamental change to how the web works. in effect, you'd be moving toward a splintered web, where content is basically region locked.

to be fair, i don't have anything else to offer here; it just doesn't seem so easy to me.

[downandout]

but, at the risk of rabbit-holing, your suggestion would be a pretty fundamental change to how the web works. in effect, you'd be moving toward a splintered web, where content is basically region locked.

I think you're spot on, but that was the danger of implementing heavy-handed legislation like GDPR all along. I believe that EU citizens are going to find themselves locked out of a whole world of content. But that's the world they've chosen to create for themselves. Further, if the overwhelming support that GDPR has on HN is representative of that of the entire EU population, they welcome this newly splintered world and its consequences - both good and bad (though I believe that this support is the product of the mistaken belief that the world will simply play ball and be dictated to by the EU, rather than the rest of the world simply taking their ball and going home).

[freehunter]

Hmm. I'm not sure about that. If Apple and Google won't pull out of China even though China makes them do all sorts of business stuff they disagree with, I highly doubt they (web companies) would pull out of the entire EU.

It would be absolutely incredible if Facebook et al "took their ball and went home" throwing away 500 million customers.

[jonas21]

Google did effectively pull out of China in 2010 [1].

But in the case of the GDPR, it probably helps Google and Facebook more than it hurts them -- they can afford to jump through all of its hoops while smaller competitors might have trouble. It's essentially a barrier to entry.

[1] https://en.wikipedia.org/wiki/Google_China

[downandout]

Of course not, because Apple, Google, Facebook et al have the resources to spend millions on attorneys to implement the GDPR. My comment comes from the perspective of an operator of several small sites that get a total of a few million visitors per month combined. I'm not spending millions on attorneys, and EU traffic is only incidental to my sites anyway, so I am indeed taking my ball and going home.

This will make a difference for some users on some of the forums I run, as they will be banned with an apology and an invitation to come back if they ever move out of the EU. But it's not worth taking on the liability of potentially millions of dollars in fines for accidental non-compliance with a heavy handed, massively complex law that is up for different interpretations in the courts of no less than 28 unique countries. Unless you're in the EU or are a multi-billion dollar company with a large legal department, accepting EU traffic post-GDPR is an act of insanity.

[KozmoNau7]

Are you hosted in Europe, and/or do you do business from the EU?

No? Don't bother instituting a stupid ban like that, then. And stop scaremongering.

GDPR applies to businesses.

Besides, compliance isn't too bad for something like a forum. Just purge the relevant user records and posts, if requested to or when a user deletes their account.

Source: I am doing GDPR compliance on web applications for a major telco.

[downandout]

GDPR applies to businesses.

I have a business. And yes, I have spoken to GSPR compliance people, so GDPR has already cost me enough money. Compliance is a murky proposition at best, since this law can be interpreted in different ways in 28 different countries - all of whom will be looking for ways to maximize the fines they collect under it from foreign companies.

Since you are in the GDPR compliance space, surely you know that it does apply not just to businesses that are hosted in the EU or do business there. Rather, anyone that knowingly accepts traffic/data from the EU is vulnerable to it.

[michaelmrose]

You seem to have complected extensive indiscriminate data collection with simple advertising and the more fundamental point of connecting and serving people.

You can use a combination of advertising and payment to fund services that connect people and facilitate commerce without extensive privacy destroying data collection. This model worked fine previously and it will work fine in the future. If anything hardware and tools are damn near amazing compared to the bygone past.

I struggle to think of any service in the world that is impossible or even challenging to replace. If anyone decides to take their ball and go home they will be replaced by a competitor who will use that extra revenue to improve their positions in other market to the original fools detriment.

There is in fact no reason to believe other markets including the US wont ultimately discover the merits of protecting their citizens privacy considering that in the US perhaps 171k work in the advertising industry out of 300 millions.

How the 0.02% can do an effective job without trampling the rights of the 99.98% is an exercise I leave to them and if they can't figure it out, then I hope the food stamp program still exists so they wont have to stand outside 7-11 with placards reading "will lie for food".

[KozmoNau7]

>"the mistaken belief that the world will simply play ball and be dictated to by the EU, rather than the rest of the world simply taking their ball and going home"

And leave millions and millions in profit on the table for everyone else?

That the same argument used against changing the tax codes so companies would actually have to pay taxes in the countries in which they do business, by closing the loopholes.

They're not going to throw away profitable markets just like that. And if they do, good riddance.