|
|
|
|
|
|
by downandout
2983 days ago
|
|
|
The experts that I talked to in this space in deciding to close my sites to EU IPs have all said that the GDPR probably doesn't apply to incidental traffic - especially if someone is actively trying to hide the fact that they are in a GDPR area. But nobody can guarantee a single thing, because it's so broadly written and is up for unique interpretations in each of dozens of foreign countries. It meets the very definition of a bad law - too broad and will cause decreased economic opportunity for those that are subjected to it. FYI you can reply to other posts when the thread is this deep by clicking on the "X minutes ago" thing on the comment your want to reply to. |
|
|
Experts say a lot of things on GDPR, one of the really interesting things about reading it myself is that I've found a lot of them seem to be wrong. I've heard a few people talking about a "social media exception" that doesn't seem to exist, for example.
It's possible that there have been preliminary rulings on GDPR that I'm not aware of, because I'm not a lawyer. So I'm not by any means declaring that your experts are definitely wrong, but I am nigh on certain that their source of information for making such statements is not the GDPR text itself.
I disagree that GDPR is an overly broad law by the way. The GDPR text is actually fairly specific. It encompasses a large domain, but it clearly defines that domain (Article 9 is an example of a large but specific definition, although it is only one of multiple such articles) and tells you clearly what you need to do within that domain to be compliant.
People just /think/ it's overly broad because it impacts a lot of tech companies and none of them have actually read the text. The human brain interprets this as "inspecific", whereas it's actually carefully targeted at a handful of specific things that lots of tech companies are doing (or not doing).