[downandout]

Yes, but doesn't the checkbox you mentioned, does exactly that, force the users to ignore their rights for the sake of using your site?

It doesn’t force them to do anything, nor does it ask them to waive any of their rights (which is often illegal and/or unenforceable). Instead, it asks them to certify that they are not subject to laws more restrictive than those in the US. If they are, they are not allowed to register. As the site owner, you have a legal right to rely on your users not lying to you. Your slavery example is an entirely different scenario - you are asking people to waive rights they have (to not be a slave in this case). That’s not what this checkbox says.

The main point of the checkbox is to signify your intention to not offer services to people subject to the GDPR or other restrictive laws. We have been advised (by actual attorneys) that this should meet the standard built into the GDPR that we do not “envisage” the offering of goods or services to those subject to it.

[_o_]

Exactly this is the problem of GDPR, user can lie, and you have no passive defense against it, you can't even make an excuse, you didn't know. You shouldn't even offer him a choice. The only defense is that the user gives you consent to it (at least GDPR is giving that choice). Everything else is void. Same as with slavery. You can't violate fundamential human rights even if user begs you to do it, except in states like South Korea, China (actually, you don't need to beg there =/)

I think that at the end, world will be better place due to GDPR, but there is surely some rough ride ahead - not due to respect of privacy but due to violating it so often that it became normal to us.

[downandout]

Again, if they lie to you, you’re covered. It’s about your intent. Do you intend to offer goods and services in GDPR-affected countries? If you have a checkbox like this, then you clearly don’t, and GDPR does not apply to you.

[_o_]

Yes, I understood your point, but I think you are struggling with mine, you might not offer goods to EU, but your ads provider might. And by feeding it with GDPR protected data it might sue you, on local courts, just for the PR reasons or something else. I am not saying they will, I am just showing you the justification why they might.

I think that much greater threat is comming from a direction of US companies you use than from EU courts this (again, might) become another "patent trolling"-like action from some US companies.

[downandout]

Yes, but you’re feeding them data based on your understanding that the user is not subject to the GDPR. Under GDPR, site owners have the responsibility to determine this, and they rely on you to not load their code if a user is subject to it. So the EU cannot go after anyone whose code is on your site (ad networks, analytics providers, etc) if your site does not “envisage” offering services to EU residents.

[_o_]

Well, we can't be much smarter than this, we will see, but I am more concerned about this than GDPR on its own.