I've generally read on Hacker News that having EU users is sufficient to put you within the GDPR's reach, and that for a web service there's therefore nothing that will protect you besides IP-blocking Europe.
The quote that you provide here that supposedly shows that the GDPR is irrelevant to Ebay Japan does not in fact contradict that claim.
> I've generally read on Hacker News that having EU users is sufficient to put you within the GDPR's reach, and that for a web service there's therefore nothing that will protect you besides IP-blocking Europe.
This is fairly ridiculous, if you're have no European presence, you're free to ignore the GDPR. The EU has no legal jurisdiction over you, the only recourse would be for the EU to block your site and that's just not going to happen - no one wants to see a Great Firewall of the EU, can you imagine the backlash?
A prerequisite for "purchasing" (renting) a .eu TLD is that you're a European Union citizen. Technically, it's against the ToS to rent one to anyone else. If they're not aiming for the market, I think they also can't get .eu domain.
That being said, it sure will be fun when all the British people/corporations won't be able to renew their .eu domains no more!
> and that for a web service there's therefore nothing that will protect you besides IP-blocking Europe.
Which is bizarre reasoning: geo-IP databases are not foolproof, and thus you will get legitimate EU traffic from EU ISPs regardless. Further, by this reasoning, what's to say an EU customer using a VPN to exit in the US is somehow excluded from GDPR?
If someone tells you “I have no interest in serving you, because I do not wish to follow your rules”, and you disguise yourself as someone else and ask again, how could you possibly expect your rules to be suddenly be followed? It would be absurd. At that point, they would have follow all rules across all countries simultaneously, because who knows what country any given person is really from? Ask and they’ll lie, and you’ll still be on the hook!
At some point the responsibility has to fall on the user instead of the business, and the I think actively skirting the rules is sufficient and a nice, clear line, to fault the user.
It is likely though that, if GDPR proves effective, other countries will soon follow suit and implement a similar set of data protection regulations.
Perhaps by then companies around the world will be forced into paying more attention to these matters, and a system of reward for white hats may become the norm.
The quote that you provide here that supposedly shows that the GDPR is irrelevant to Ebay Japan does not in fact contradict that claim.
Do you have an excerpt or other source that does?