• @nybble41@programming.dev
    link
    fedilink
    English
    111 months ago

    Geoblocking in such cases would not be sufficient. For one thing your geo-IP database will never be perfectly accurate, even without considering that “data subjects who are in the Union” can connect to your site via proxies or VPNs with non-EU IP addresses. For another you still need to respond to GDPR requests e.g. to remove data collected on a data subject currently residing in the EU, even if the data was collected while they were outside the EU, and you can’t do that if you’re blocking their access to the site. For a newspaper in particular the same would apply to any EU data subject they happened to report on, whether they had previously visited the site or not.

    • @lolcatnip@reddthat.com
      link
      fedilink
      English
      211 months ago

      What exactly is the EU gonna do about a foreign site that does no business in the EU? They don’t rule the world.

      • @nybble41@programming.dev
        link
        fedilink
        English
        211 months ago

        Sure, they don’t rule the world. They only have the power to ban you (either the company per se or its individual owners, officers, and/or employees) from ever again doing any business in the EU. Which naturally includes business with any individuals or companies either based in the EU (as a seller or a buyer) or wanting to do business in the EU. Or from traveling to the EU, whether for business or personal reasons. Little things like that. Nothing too inconvenient. (/s)

        They haven’t taken things quite that far—yet. But they could. It’s dangerous to assume that you can ignore them without consequences just because your company doesn’t currently depend on revenue from EU customers. The world is more interconnected than that, and the consequences may not be limited to your company.

        • @lolcatnip@reddthat.com
          link
          fedilink
          English
          111 months ago

          So is a local newspaper supposed to be afraid of not complying aggressively enough with foreign laws from the whole world, or just the EU? The way I see it they’re already doing more than is reasonably required by making a good faith effort to prevent people in the EU from accessing their site. Holding them responsible for people who deliberately bypass the blocking seems downright imperialist to me.