[dns_snek]

It's slightly more involved than this, but not extraordinarily so.

For example seemingly innocuous implementations like loading fonts directly off Google Fonts without consent (i.e. providing Google with information about visitors' browsing habits) would technically be on the wrong side of the GDPR, but I think it's very unlikely that anyone would complain about it, legally speaking.

[MaulingMonkey]

> would technically be on the wrong side of the GDPR, but I think it's very unlikely that anyone would complain about it, legally speaking.

The American in me says that sounds like "someone will definitely complain about it, eventually, if only because they're hoping for a payout".

[seszett]

Maybe that's the problem, I thought the (mostly local media) companies that were blocking EU citizens were doing it out of spite or to make a point, because it doesn't make sense (for one, they're not subject to gdpr if they don't explicitly do business with EU citizens).

But maybe it's just because the US environment is so hostile that they assume it's the same in the EU.

But national regulators in the EU don't waste their time with foreign companies that might by oversight not be totally compliant since they're not even under their jurisdiction (worst is they could be fined and have to pay it if ever they incorporate in that country in the near future? Nobody's going to waste time in that).

And nobody can sue a company on gdpr grounds and get a payout. They're only fines, they benefit to central states and are a negligible amount in regard to national budgets.

[skjoldr]

There already exist ways to proxy those requests in ways that avoid exposing anything about the visitors to Google. It's in the grey area wrt Google's own ToS, but then, it's that or GDPR.