Is that really how "laws of other countries" work?
People from all around the world can visit the US or get a US IP via some other mechanism (by using a cloud browser for example) and then they will see the content anyhow.
With the infamous GDPR for example, it does not matter if you georestrict your content. If you track someone from a European country without their consent, no matter where they are, you are violating the GDPR.
> With the infamous GDPR for example, it does not matter if you georestrict your content. If you track someone from a European country without their consent, no matter where they are, you are violating the GDPR.
In the following, "you" means the entity dealing with personal data, and "them", "their", "they", etc., refer to the person who's personal data you are dealing with.
You have to follow GDPR if:
1. You are in the Union, regardless of where they are.
2. You are not in the Union, and
2a. You are offering goods or services to them and they are in the Union, or
2b. You are monitoring their behavior as far as their behavior takes place in the Union.
For 2a, you have to envisage offering services to them. If they come to your site and it works but you didn't envisage offering services to them it is not enough for 2a.
For 2b, what is important is whether or not you are profiling them, particularly in in order to take decisions concerning them or for analyzing or predicting their personal preferences, behaviors, and attitudes.
Trying to block EU users won't help with 2b, but it can greatly help with 2a in showing that you did not envisage serving EU users. For a lot of sites avoiding 2a is all they need to avoid GDPR completely.
I’m not disputing this is the case ( you fall under GDPR even if you put a geo blocker ) but, I feel like this is something absurd from GDPRs part.
If you say “we don’t want eu clients” and actively try to keep them away, to me it makes sense not to be liable anymore.
I feel like it’s like, let’s say this scenario. I’m pretty sure in Germany it’s illegal to host content promoting nazisim. Let’s say a hacker posts against all measures taken by the company content that is against the law. Should the german website be held accountable for content they unwilling hosted for a time? Shouldn’t the fact this was done against the wishes of the platform matter?
I might be wrong technically with the german example but the point still stands. I don’t think a platform should be liable if it’s in breach of a law against it’s wishes, if it has reasonable prevention and mitigation measures in place.
Of course in the marginal cases. But even simple restrictions greatly reduce liability. And anyways running afoul of gdpr will not affect you much if you don't plan to do business in the EU
No but what is the EU going to do to a US company that will likely never set foot in Europe. Unless of course Mr Trump is keen on getting a golden visa
The European Commission sent me some questions about competing with Google. I couldn't figure out if it was because I was a search engine, or if it was just that I had an app that competed with some part of Google.
Either way, I asked my lawyers if I had to answer, given that we had zero revenue coming in from Europe. They said no, I didn't for this kind of request, but they could easily send me a more vehement request that I did need to answer.
I ignored the EC, and didn't get that second letter.
BTW, my lawyers are smart enough that I had the only search engine threatened by but never sued by Perfect 10.
This isn't even true. Websites do that to "avoid" GDPR but GDPR very clearly says it applies to EU citizen, not people in the EU, so if you geoblock the EU but still store the data of a EU citizen using a VPN / in vacation you're breaking the law.
> [...] GDPR very clearly says it applies to EU citizen, not people in the EU [...]
What it says is that it applies to data subjects who are "in the Union". The word "citizen" does not appear anywhere in GDPR or in the accompanying recitals.
People from all around the world can visit the US or get a US IP via some other mechanism (by using a cloud browser for example) and then they will see the content anyhow.
With the infamous GDPR for example, it does not matter if you georestrict your content. If you track someone from a European country without their consent, no matter where they are, you are violating the GDPR.