| > then you will do well to stay out of that market. Agree with you 100%. I actually do this. I forbid non-U.S. access in my ToS, because I only do business in jurisdictions where I understand the law. Keeping track of 50 states is tricky enough, let alone all the other nations. So if you are in the EU I don’t really do business with you. But I actually worry this isn’t sufficient. AFAICT the GDPR doesn’t require my consent to engage in a transaction with an EU citizen. I can ban them in my ToS and they can use my service anyways subjecting me to GDPR. And I don’t understand GDPR well enough to properly implement it (like, don’t I need a registered agent in the EU or something?) I can block the EU IP block and they can use my service anyways using a VPN, subjecting me to GDPR. In fact, I’m not sure how to avoid doing business with an EU citizen. I’ve toyed around with putting liability for all damages, fines, and lawsuits on the user in an attempt to pass GDPR fines onto EU users who attempt to use my service without my consent, but I suspect that’s not going to stand. So not exactly sure what I should do. |