[niko001]

How a company "specifically targets its services at individuals in the EU" is not clearly defined within GDPR. Even if you just set your AdWords targeting to 'global', it might be enough to trigger this. GDPR Shield is a clear signal that you're not targeting EU users.

[rhabarba]

> How a company "specifically targets its services at individuals in the EU" is not clearly defined within GDPR.

Does that mean that (e.g.) German bloggers are not bound to the GDPR when they just add "made for the Swiss" to their header?

[tscs37]

Well, if you're in the EU you have to obviously implement the regulation either way.

[DanBC]

What personal data are German bloggers gathering?

[rhabarba]

IP addresses, e-mail addresses from those who comment...

[DanBC]

IP addresses alone are not personal data. They're only personal data if they can be used to identify a natural person.

If someone is gathering and storing email addresses and ip addresses it seems reasonable to ask them to take industry standard measures to protect that data, and to let users know that the data is being collected.

[rhabarba]

> IP addresses alone are not personal data.

According to the GDPR, they are. https://eugdprcompliant.com/personal-data/

"The conclusion is that the GDPR does consider it as such."

[Angostura]

However specifically putting measures in place to block EU users should be sufficient to show that you are not specifically targeting them.