[XCabbage]

I've generally read on Hacker News that having EU users is sufficient to put you within the GDPR's reach, and that for a web service there's therefore nothing that will protect you besides IP-blocking Europe.

The quote that you provide here that supposedly shows that the GDPR is irrelevant to Ebay Japan does not in fact contradict that claim.

Do you have an excerpt or other source that does?

[shittyadmin]

> I've generally read on Hacker News that having EU users is sufficient to put you within the GDPR's reach, and that for a web service there's therefore nothing that will protect you besides IP-blocking Europe.

This is fairly ridiculous, if you're have no European presence, you're free to ignore the GDPR. The EU has no legal jurisdiction over you, the only recourse would be for the EU to block your site and that's just not going to happen - no one wants to see a Great Firewall of the EU, can you imagine the backlash?

[Scoundreller]

If you have EU TLDs, maybe you could lose those domains?

Or your trademarks become unenforceable in EU?

Imagine the mess if I start usatoday.eu, but « focussed only on the EU market ».

Since .com doesn’t operate in the EU market because of GDPR, am I really infringing in their mark?

[r3bl]

A prerequisite for "purchasing" (renting) a .eu TLD is that you're a European Union citizen. Technically, it's against the ToS to rent one to anyone else. If they're not aiming for the market, I think they also can't get .eu domain.

That being said, it sure will be fun when all the British people/corporations won't be able to renew their .eu domains no more!

[robin_reala]

Unfortunately that’s the truth: https://ec.europa.eu/info/sites/info/files/notice_to_stakeho...

[Scoundreller]

Maybe for .eu, but I don’t believe that’s true for all other EU TLDs (e.g. .co.uk (for another few months anyway...))

[elithrar]

> and that for a web service there's therefore nothing that will protect you besides IP-blocking Europe.

Which is bizarre reasoning: geo-IP databases are not foolproof, and thus you will get legitimate EU traffic from EU ISPs regardless. Further, by this reasoning, what's to say an EU customer using a VPN to exit in the US is somehow excluded from GDPR?

[setr]

If someone tells you “I have no interest in serving you, because I do not wish to follow your rules”, and you disguise yourself as someone else and ask again, how could you possibly expect your rules to be suddenly be followed? It would be absurd. At that point, they would have follow all rules across all countries simultaneously, because who knows what country any given person is really from? Ask and they’ll lie, and you’ll still be on the hook!

At some point the responsibility has to fall on the user instead of the business, and the I think actively skirting the rules is sufficient and a nice, clear line, to fault the user.

[yc-kraln]

Amusingly, if a European citizen is not in Europe, they are also covered, so IP banning Europe will not help you.

[ashelmire]

The analysis I’ve seen from lawyers is that it only applies to EU citizens inside the EU.

[strictnein]

That's not how things work. You don't get to bring your laws with you when you travel.