upvote

points

by embedding-shape1 days ago |
comments
upvoteby master-lincoln1 days ago|
next
[-]
But to know that you would have to study the laws of other countries or in this case EU which costs money and in this case is not an obviously beneficial investment.
reply
upvoteby soopypoos1 days ago|
parent|
[-]
they blocked a continent without seeking any advice?
reply
upvoteby forgotaccount31 days ago|
parent|
[-]
Why not? That continent is not their target audience.

It probably wasn't worth the effort to block foreign countries just from random unnecessary compute cost to serve a site to them, but when those countries start being serious about penalties you could face for serving their residents? Now it's justifiable to block non-US countries.

reply
upvoteby soopypoos1 days ago|
parent|
[-]
the thing is "We don't want to get legal advice" is a ridiculous justification for acting on legal advice
reply
upvoteby bombcar1 days ago|
parent|
[-]
I'm sure they (or whoever sells the product they use to publish) did get legal advice, of the "what is the cheapest way to ensure this isn't an issue for us" and the response was "block 'em all, let God VPN them out."

After all, using a VPN doesn't absolve companies of the GDPR.

reply
upvoteby soopypoos1 days ago|
parent|
[-]
Yes so the informed choice they made was "block gdpr countries" vs "be transparent about our use of personal data".

Every site that gdpr-blocks itself is saying that they intend to extract value from your data and they don't want to tell you how.

reply
upvoteby throwaway9201021 days ago|
parent|
[-]
No, it can also be saying "I simply have too many other things to do than worry about what the correct data retention or ban appeal or DSA statement of reasons requirement or DSA statement of reasons transparency DB API or UK Ofcom age verification requirements or..."

Sometimes if you're just one person and the EU isn't a core market and you are a small business or non-profit, it's easier to just say, ok you know what, no thanks to all this for now.

reply
upvoteby soopypoos1 days ago|
parent|
[-]
The signal remains the same:

"Will you sell my data?"

"This interview is over. (I'm very busy.)"

reply
upvoteby troad1 days ago|
parent|
[-]
That's absurd. Are you, right now, compliant with all relevant laws and regulations in Turkmenistan? Do you have legal advice to back that up? Why not? Is it because you're a criminal?

No! Of course not! It's because you don't care about Turkmenistan, to the extent you've never even bothered to look up what is and is not legal there, let alone get legal advice about it. That's a perfectly fine answer. This random Michigan newspaper doesn't care about the EU. That's a perfectly fine answer too.

reply
upvoteby soopypoos1 days ago|
parent|
[-]
Turkmen: "Will you sell my data?"

Me: "No."

reply
upvoteby master-lincoln2 hours ago|
parent|
next
[-]
No Turkmen official will approach you to ask that question. You would need to anticipate what the important questions are to comply with Turkmenistan's laws (or hire somebody to figure this out).
reply
upvoteby bombcar1 days ago|
parent|
prev|
[-]
If complying with the GDPR was that easy an entire industry wouldn't be needed.

Use of AWS availability zones as it applies to Article 5?

https://gdpr-info.eu/chapter-5/

reply
upvoteby soopypoos22 hours ago|
parent|
[-]
It is that easy.
reply
upvoteby troad22 hours ago|
parent|
[-]
It's pretty clear you're not a good faith interlocutor at this point.
reply
upvoteby soopypoos17 hours ago|
parent|
[-]
Refute me or shut up.
reply
upvoteby troad1 days ago|
prev|
next
[-]
European law imposes a great deal more obligations on a business than that. This claim is simplistic to the point of disingenuousness.
reply
upvoteby embedding-shape1 days ago|
parent|
[-]
Since obviously there is no "European law" in the first place, I think it's pretty safe to assume you have no idea what you're talking about.
reply
upvoteby troad1 days ago|
parent|
next
[-]
That would be rather surprising to the large number of law schools that teach European Law as a core subject, such as the Panthéon-Sorbonne (Droit européen), Bologna U (Diritto Europeo), and Humboldt U (Europarecht).

Equally surprised would be the authors of very many legal books and journals, e.g. https://www.cambridge.org/core/browse-subjects/law/european-...

reply
upvoteby Ylpertnodi1 days ago|
parent|
prev|
[-]
Interpol would like a word.
reply
upvoteby embedding-shape1 days ago|
parent|
[-]
> Interpol would like a word.

Also not a "European law" by any measure or understanding, that's a international organization that does police cooperation across the continent (and further), it isn't even a law enforcement agency... Not exactly sure how you could confuse that with laws, but here we are.

reply
upvoteby tzs1 days ago|
prev|
[-]
If your site is covered by GDPR and you do not have a physical presence in the EU you have to appoint someone in the EU to receive mail on your behalf, so people who want to make GDPR requests by mail can write to them. See Article 27.

There are services that will do this for you. Last I checked they were typically in the neighborhood of a couple hundred Euros a year.

Whether or not GDPR applies to a site not in the EU is somewhat subjective. It comes down to whether you envisaged serving people in the EU.

If your site does not need EU visitors it can make some sense to block them. That provides evidence that you did not envisage serving people in the EU, and then you don't have to figure out if you need to be hiring a service in the EU to receive GDPR mail.

reply