[jiehong]

Actually, that's not really true. If you don't store any user information, you're compliant.

It's only if you start storing those that you have some rules to follow. Nowadays, it's the same if you are in California with the recent data protection laws.

Also, Right Dao is under New York law, so it has to follow US law I guess.

[indymike]

"If you don't store any user information, you're compliant."

So, how do I do business with people?

[marenkay]

That is a horribly wrong view point. Information required for business purposes, e.g. to write invoices or file taxes is considered user information you are fine to retain.

It's not about not having information, it's about having consent before acquiring it.

[indymike]

I think you are not understanding what the point of view is. These regulations inject a whole set of requirements on a hobbyiest, not for profit or tiny business to write code to track regulatory compliance and ensure that various processes exist the law requires. Those requirements are often more complex and costly than the core business.