[zerostar07]

> will be solidly violating the GDPR come tomorrow

how do you know that? i mean technically he says they re violating it today, just like we all did the past 2 years because it wasnt enforceable. what changes with their ban tomorrow?

[jacquesm]

That they are still violating it tomorrow and they are giving their users an excellent excuse to contact the regulators because they cut off communications. This is about as dumb as it comes.

[kodablah]

I was under the impression that of you don't do business with EU users, you are not subject to the rules. This seems like the only reasonable way to not do business with EU customers. Other thoughts aside, if they wanted to stop doing business in the EU, how should they?

[jacquesm]

> Other thoughts aside, if they wanted to stop doing business in the EU, how should they?

Erase everything.

[kodablah]

I suppose for most thinking rationally, it seems like "stop doing business in the EU" is different than "make it like you've never done business in the EU". Taken to its conclusion, which Instapaper surely won't, it's not going to be easy to punish a business that has cut ties with the EU because of what they collected before. Granted it appears that with the law, like its predecessors, practicality of reasonable enforcement takes a backseat to intent.

[jacquesm]

The rational approach to legislation is to make a (timely) effort to comply.

When you're told the highway near your house has a new speedlimit you can either obey the speed limit, use a detour (which will still be slower on account of it being longer) or you can take your car off the road in huff.

The first one is the only solution that makes sense.

[kodablah]

If we're going with these analogies, there are other approaches if you disagree with the speed limit. You might protest the speed limit if you lived there (hopefully without being berated while you do so) or if you don't live there you might avoid the place with unreasonable speed limits.

[zerostar07]

sounds like a technical reason to me. what provision of gdpr does it break? contact the regulator about what?

[jacquesm]

The ability of users to access their data, to edit their data, to delete their data and to export their data.

[zerostar07]

is there a requirement that this ability is 24/7/365?

I mean , knowing GDPR , i would guess at best the provision would be something like "a reasonably long amount of time but not long enough to be unreasonable based on appropriate considerations of data subject's patience"

[jacquesm]

It certainly isn't a provision in the law that if you feel that you won't be able to deal with your users legitimate requests that you have the option to lock them out entirely.

I can imagine something to the effect of stopping further gathering of data (to stop digging the hole deeper), to give your users the option to request what is their right through some kind of form and to park those requests until you're done with the implementation and in the meantime give them continued access.

After all, the law already has a provision in it that you have 30 days to respond, and another 2 months after that if you are for some reason technically incapable and need an extension.