[HeadsUpHigh]

>Why should foreign companies have to comply with these policies anyway?

Because they want revenue from EU citizens? Should a car company from China have to comply to US safety regulations when selling cars to US citizens?

>GDPR compliance has already had a negative impact on web UX.

Nah. I've switched off tracking on every website I use often via the popups and I've noticed much faster loading. Imo GDPR has made the web experience better.

[nnash]

> Should a car company from China have to comply to US safety regulations when selling cars to US citizens?

In your example, the car company is implicitly selling to a foreign country. When it comes to software/websites, a user from a foreign country is incidentally served rather than implicitly.

[point78]

The websites are profiting off the visitors no matter what country they're in. If they don't want to follow the laws then block the country.

[runeks]

So everyone who hosts a website has the obligation to read up on the legality of that particular website for all countries in the world, and block accordingly?

That doesn’t seem reasonable to me.

[point78]

Uh...yes? You think you can just open a business in country x, break their laws, then shrug your shoulders and say "Well it's legal where I'm from"

[HeadsUpHigh]

Which part of the ip is hard to decode? If you don't like how a country's laws are shaped, then stop selling there. You can't have your pie and eat it too. Either you obey the market laws and sell or you don't. If someone is using a VPN to get around your geo ban, then I think that's the user's implicit choice.

[int_19h]

Why should the onus of blocking content in some faraway country be on the company publishing it? If you don't want your country's citizens to have access to something, well then, time for a Great Firewall.

[HeadsUpHigh]

>If you don't want your country's citizens to have access to something, well then, time for a Great Firewall.

It's not the EU who wants to ban access to something. It's the provider who wants to benefit financially from selling that product( targeted ads) without having to comply to the laws of the country that the selling happens. There is no other market that you get to do that. Why should your web page be different?

[strken]

IP addresses aren't country codes, in the same way that phone numbers aren't permanent unique identifiers. If you block IP ranges, you'll let some European users through, and block some non-European users.

Is "at least we tried"-style blocking good enough?

[HeadsUpHigh]

>Is "at least we tried"-style blocking good enough?

Yea exactly. In absence of a mechanism to block users the discussion of who gets to police who is worthwhile. But if a company chooses not to comply with GDPR and at the same time doesn't utilize any available mechanism to block EU users then there is definitely intentional ignorance on their part.

[friedman23]

> Because they want revenue from EU citizens?

First of all not all websites make money.

Secondly, monetizing the EU is a step that usually occurs very late into the life of a startup. Startups almost always monetize the US first.

So if you are a company that owns a website that doesn't make money from the EU and the EU comes up with regulations that adds thousands of dollars in costs and hundreds of thousands of dollars in potential liability to your business, the obvious and easiest solution is to simply shut them off.

We have seen this occur for GDPR and I am confident it will occur for this legislation as well.

[HeadsUpHigh]

>Secondly, monetizing the EU is a step that usually occurs very late into the life of a startup. Startups almost always monetize the US first.

It's not a matter of what the founder/CEO of a startup chooses here. I will often open links from e.g. New York Times or other US news sites because something happened in New York or there's an interesting opinion piece that I want to read. These sites are profiting from my clicks so they have to obey the EU laws. If it was impossible for them to determine that I'm an EU citizen then it's a different story but an geo ban is trivial.

[repolfx]

Or - they could just make money off you, and ignore what the EU wants!

Ultimately the EU's only recourse in things like this is to either convince the USA to act as its enforcer, or to set up a Great Firewall to stop you browsing to the NYT.

[zaarn]

Or the EU could declare that business with NYT means you can't do business in the EU. Which would probably hurt a bit if ad networks jump off (I doubt Google wants to deal with this).

There are more than two options there, many more.

[friedman23]

> It's not a matter of what the founder/CEO of a startup chooses here. I will often open links from e.g. New York Times or other US news sites because something happened in New York or there's an interesting opinion piece that I want to read. These sites are profiting from my clicks so they have to obey the EU laws

Ok, I don't think you understand how ads work. Your clicks don't make a website money if they are not selling ads in your country. The New York Times is not a startup so your point is irrelevant.

edit: if you are not aware that different countries have different ads markets your probably shouldn't have an opinion on GDPR.

[kruczek]

> First of all not all websites make money.

If they don't make money, then why would they need to collect and share data about their users? If they don't collect and share, then they don't need to make any privacy notifications, so it doesn't impact UX.

[friedman23]

> If they don't make money, then why would they need to collect and share data about their users?

If you've ever developed a website you should absolutely know why you might need to collect and share data. Google analytics is considered sharing btw.

[kruczek]

Perhaps I wasn't explicit, but by data I mean personal data, which is what GDPR is all about. While the desire to collect general statistics about site usage is obvious, I still do not see any reason to collect personal data.