[actuator]

Edit: I re-read it and it looks like it only applies if you are a business with physical presence in EU or if the user is accessing from EU

GDPR applies to you if a EU citizen signs up from somewhere outside EU as well, but since you don't have any physical or online presence in EU I don't think they will do anything.

[dangrossman]

GDPR applies only to people physically located in EU. Citizenship doesn't matter. Read Article 3, Territorial Scope.

[downandout]

Just to clarify your point: it applies to users physically located in the EU. Fines assessed under it apply businesses that serve them anywhere in the world, which is what makes it so damned scary. The EU government has essentially declared itself the Emperor of the Internet.

[matthewmacleod]

Transactions with EU users should be expected to comply with EU law. What’s unusual about that?

[closeparen]

Money doesn't have to change hands to create a GDPR obligation. And if you mean "HTTP transactions," it's a fundamental shift in the nature of the internet to block countries by default and enable them only after studying and complying with local regulations. Maybe it's an inevitable or even healthy shift, but it's certainly not a "usual" dynamic today.

[seszett]

It's certainly not a recent development to require compliance with law even for products or services that are free.

Transactions do not have to involve money and in fact, the very topic of this entry on HN is about a website that was free, with transactions that did not involve money.

[closeparen]

>It's certainly not a recent development

Really? If it's a currently established practice, what are some prior examples of countries punishing foreigners on foreign soil over websites with no payments component?

Maybe each jurisdiction should be the business of regulating locally-accessible websites, not just locally-hosted ones, but that's a fundamental shift in the nature of the internet. "Not available in your country" is currently an anachronism. In that world, a prudent web publisher would start out local and enable specific countries for cross-border traffic only as its legal team expands. Internet communities like this one would splinter as people get tired of clicking links they can't follow.

The countries currently regulating available web content do so with network blocks, not extraterritorial enforcement actions against publishers.

[downandout]

I was just clarifying that the Internet’s new Dear Leader will be trying to reach outside its borders to enforce this law. It doesn’t just apply to companies in the EU.

[matthewmacleod]

If you provide services to users in the EU, then you’re “in the EU” and should be expected to meet any regulations. Not complex.

[closeparen]

>If you provide services to users in the EU

All websites provide services to users in all countries unless they take positive steps not to. Framing this as a conditional, or a counterpoint to parent's claim about enforcement outside EU borders, is bizarre.

[downandout]

Which is why many of us will be blocking EU users.

[stef25]

How would they have the jurisdiction to fine a one man company established say in Panama?

What about companies like Alibaba?

[pkaye]

What if the EU citizen is living a abroad?

[dangrossman]

The EU citizen living abroad doesn't get the benefit of this EU regulation, just like an American living in London can't assert US laws against the British pub he's drinking in.