[andrewcarter]

I have a little birth control pill reminder iOS app I made like 7 years ago that I still maintain in the app store. I don't make really any money off of it but I keep up with it because it has a good amount of users. I don't THINK any of the GDPR stuff falls under anything the app does, but I sure as hell aren't taking any chances. I just removed it from any country that fell under "Europe" in the app store. I guess my point is I agree with what you're saying, and here's an example of a little hobby app that GDPR killed for EU countries. It's not worth my time, money, or risk to bother with it.

[seszett]

> I just removed it from any country that fell under "Europe" in the app store.

I'm afraid that in your overreacting rush, you might have removed your app from European countries that are not within the European Union.

Though if you are collecting more data on your users than you need (why would you need personal data at all for this app?), you might have been doing them a favour anyway.

[andrewcarter]

I think you're right that I've likely selected countries that I didn't need to, but I'd rather be safe than sorry.

[eisa01]

GDPR will also apply in the EFTA countries (Norway, Iceland and Liechtenstein), so you did right by doing Europe rather than EU at least

[blub]

Don't worry, there are plenty other of similar apps.

The Berlin-based clue comes to mind, they were offering period tracking, estimation and other features. One day you get a full-screen pop-up saying that they changed their privacy policy and they share your intimate data with so and so and there is no way to access the app and your data any more without accepting.

Most apps nowadays aren't tools, they're sophisticated scams designed to steal people's information.

[glogla]

Yeah, and since this one was removed by the author, it was probably the case too.

[flukus]

Are you storing any user data? Sounds like it could all be stored client side and the GDPR is irrelevant to you.

[andrewcarter]

I'm not storing any data other than a day of the year and wether a pill was taken. It has Google Analytics and a crash reporting tool in it, and I'm not sure how those play into the whole thing.

[flukus]

I'm not familiar with iOS but is the crash reporting not part of the OS/store? If so that is there problem.

> It has Google Analytics

There's a real issue, you've been bundling spyware with your application for years.

[actuator]

Edit: I re-read it and it looks like it only applies if you are a business with physical presence in EU or if the user is accessing from EU

GDPR applies to you if a EU citizen signs up from somewhere outside EU as well, but since you don't have any physical or online presence in EU I don't think they will do anything.

[dangrossman]

GDPR applies only to people physically located in EU. Citizenship doesn't matter. Read Article 3, Territorial Scope.

[downandout]

Just to clarify your point: it applies to users physically located in the EU. Fines assessed under it apply businesses that serve them anywhere in the world, which is what makes it so damned scary. The EU government has essentially declared itself the Emperor of the Internet.

[matthewmacleod]

Transactions with EU users should be expected to comply with EU law. What’s unusual about that?

[closeparen]

Money doesn't have to change hands to create a GDPR obligation. And if you mean "HTTP transactions," it's a fundamental shift in the nature of the internet to block countries by default and enable them only after studying and complying with local regulations. Maybe it's an inevitable or even healthy shift, but it's certainly not a "usual" dynamic today.

[seszett]

It's certainly not a recent development to require compliance with law even for products or services that are free.

Transactions do not have to involve money and in fact, the very topic of this entry on HN is about a website that was free, with transactions that did not involve money.

[downandout]

I was just clarifying that the Internet’s new Dear Leader will be trying to reach outside its borders to enforce this law. It doesn’t just apply to companies in the EU.

[matthewmacleod]

If you provide services to users in the EU, then you’re “in the EU” and should be expected to meet any regulations. Not complex.

[stef25]

How would they have the jurisdiction to fine a one man company established say in Panama?

What about companies like Alibaba?

[pkaye]

What if the EU citizen is living a abroad?

[dangrossman]

The EU citizen living abroad doesn't get the benefit of this EU regulation, just like an American living in London can't assert US laws against the British pub he's drinking in.