| > With the infamous GDPR for example, it does not matter if you georestrict your content. If you track someone from a European country without their consent, no matter where they are, you are violating the GDPR. In the following, "you" means the entity dealing with personal data, and "them", "their", "they", etc., refer to the person who's personal data you are dealing with. You have to follow GDPR if: 1. You are in the Union, regardless of where they are. 2. You are not in the Union, and 2a. You are offering goods or services to them and they are in the Union, or 2b. You are monitoring their behavior as far as their behavior takes place in the Union. For 2a, you have to envisage offering services to them. If they come to your site and it works but you didn't envisage offering services to them it is not enough for 2a. For 2b, what is important is whether or not you are profiling them, particularly in in order to take decisions concerning them or for analyzing or predicting their personal preferences, behaviors, and attitudes. Trying to block EU users won't help with 2b, but it can greatly help with 2a in showing that you did not envisage serving EU users. For a lot of sites avoiding 2a is all they need to avoid GDPR completely. |