[_o_]

Exactly this is the problem of GDPR, user can lie, and you have no passive defense against it, you can't even make an excuse, you didn't know. You shouldn't even offer him a choice. The only defense is that the user gives you consent to it (at least GDPR is giving that choice). Everything else is void. Same as with slavery. You can't violate fundamential human rights even if user begs you to do it, except in states like South Korea, China (actually, you don't need to beg there =/)

I think that at the end, world will be better place due to GDPR, but there is surely some rough ride ahead - not due to respect of privacy but due to violating it so often that it became normal to us.

[downandout]

Again, if they lie to you, you’re covered. It’s about your intent. Do you intend to offer goods and services in GDPR-affected countries? If you have a checkbox like this, then you clearly don’t, and GDPR does not apply to you.

[_o_]

Yes, I understood your point, but I think you are struggling with mine, you might not offer goods to EU, but your ads provider might. And by feeding it with GDPR protected data it might sue you, on local courts, just for the PR reasons or something else. I am not saying they will, I am just showing you the justification why they might.

I think that much greater threat is comming from a direction of US companies you use than from EU courts this (again, might) become another "patent trolling"-like action from some US companies.

[downandout]

Yes, but you’re feeding them data based on your understanding that the user is not subject to the GDPR. Under GDPR, site owners have the responsibility to determine this, and they rely on you to not load their code if a user is subject to it. So the EU cannot go after anyone whose code is on your site (ad networks, analytics providers, etc) if your site does not “envisage” offering services to EU residents.

[_o_]

Well, we can't be much smarter than this, we will see, but I am more concerned about this than GDPR on its own.