[_o_]

Yes, but doesn't the checkbox you mentioned, does exactly that, force the users to ignore their rights for the sake of using your site? If this would be acceptable, it would put GDPR into position of cookie law nonsense and if I understood ICOs correctly, this doesn't create a consent as user had no free choice. There is a human rights interpretation here, for example, if we create a contract, that I will be your slave and you give me a car in return, it is quite simple for me to sign it, that contract would be void even if you prove, that I signed it.

The ICO put a market of live human organs as example.

In same manner, even if I would click that I agree, that your site is designed for US privacy laws and not for people under GDPR protection, it would be the same as you would warn me, that I will be your slave before signing and that I can just walk away and don't take the car. But if I take the car, the contract would still be void. I don't think that this would fly.

The problem is not in the GDPR requirements but rather in right to privacy as fundamental human right and GDPR is just an advice how to respect it - it is actually a free help.

What you want to avoid is something much bigger than the checkbox on your site or ip blocking, check here "The Bill of Rights":

https://en.wikipedia.org/wiki/Fundamental_rights

This is something you shouldn't even think to violate, not to EU or US users. Or anyone else.

[downandout]

Yes, but doesn't the checkbox you mentioned, does exactly that, force the users to ignore their rights for the sake of using your site?

It doesn’t force them to do anything, nor does it ask them to waive any of their rights (which is often illegal and/or unenforceable). Instead, it asks them to certify that they are not subject to laws more restrictive than those in the US. If they are, they are not allowed to register. As the site owner, you have a legal right to rely on your users not lying to you. Your slavery example is an entirely different scenario - you are asking people to waive rights they have (to not be a slave in this case). That’s not what this checkbox says.

The main point of the checkbox is to signify your intention to not offer services to people subject to the GDPR or other restrictive laws. We have been advised (by actual attorneys) that this should meet the standard built into the GDPR that we do not “envisage” the offering of goods or services to those subject to it.

[_o_]

Exactly this is the problem of GDPR, user can lie, and you have no passive defense against it, you can't even make an excuse, you didn't know. You shouldn't even offer him a choice. The only defense is that the user gives you consent to it (at least GDPR is giving that choice). Everything else is void. Same as with slavery. You can't violate fundamential human rights even if user begs you to do it, except in states like South Korea, China (actually, you don't need to beg there =/)

I think that at the end, world will be better place due to GDPR, but there is surely some rough ride ahead - not due to respect of privacy but due to violating it so often that it became normal to us.

[downandout]

Again, if they lie to you, you’re covered. It’s about your intent. Do you intend to offer goods and services in GDPR-affected countries? If you have a checkbox like this, then you clearly don’t, and GDPR does not apply to you.

[_o_]

Yes, I understood your point, but I think you are struggling with mine, you might not offer goods to EU, but your ads provider might. And by feeding it with GDPR protected data it might sue you, on local courts, just for the PR reasons or something else. I am not saying they will, I am just showing you the justification why they might.

I think that much greater threat is comming from a direction of US companies you use than from EU courts this (again, might) become another "patent trolling"-like action from some US companies.

[downandout]

Yes, but you’re feeding them data based on your understanding that the user is not subject to the GDPR. Under GDPR, site owners have the responsibility to determine this, and they rely on you to not load their code if a user is subject to it. So the EU cannot go after anyone whose code is on your site (ad networks, analytics providers, etc) if your site does not “envisage” offering services to EU residents.

[_o_]

Well, we can't be much smarter than this, we will see, but I am more concerned about this than GDPR on its own.