zlacker

How does this affect people who aren't based in Europe?

>>maxk42+(OP)
I think many (most?) companies will implement these privacy policies across all of their users as it can be hard to determine whether a user is in the EU or not... so indirectly, this law might mean that everybody will finally have strong privacy guarantees (at least when it comes to companies of a meaningful size).

>>maxk42+(OP)
How do you check if someone is an EU resident?

>>maxk42+(OP)
Perhaps something similar to the supersuccesful EU "cookie law" where a website could ask you on your first visit if you are an EU citizen.

Wait, or is it EU residents and not just citizens? Be sure to get that correct.

>>halfli+b
And as so often the EU will be the initiator of a world wide adoption of (semi) unified rules, as it was for USB charging, among other things.

It will naturally get a lot of flack and a few people/companies will make it their scapegoat as to deflect from them as usual, but that's - sadly - almost normal now.

Is it all good: no!

Is it a good start: yes!

Is it IMPOSSIBLE to comply: heck no, I'm working at a small Austrian company and we had to change almost nothing, as lo and behold, we have no desire to be a data kraken and tried to held the privacy of our customer and users always on a reasonable level. As we'd wish that others do with our data and use of service...

>>merino+q
same with the age check, you ask them

>>merino+q
Geolocation, IP Lookup etc. You generally shouldn't care whether they're a resident in the EU, but just whether they are in EU or not. Remember GDPR doesn't cover any citizens from EU who aren't in EU.

>>tlampo+r1
A few years from now I predict people will deny that the EU had anything to do with instigating this, the way people often insist the manufacturers just suddenly decided USB charging was the way to go and ignore that it first happened after the EU threatened them.

>>Anabee+m1
EU residents in the EU, EU citizens worldwide.

>>baussh+U2
I read that GDPR applies to EU residents. That means someone who is EU resident non necessarily could be browsing from the EU. For example when on holidays.

>>LoSboc+B1
Not sure why you got down voted as it is correct.

When you do business with a customer asking for the location is a common part of the sign up process.

We're talking about a law that is about data gathering, if you're not gathering data about that customer there's nothing to worry about.

>>tobyla+63
No, there's nothing in the law about EU citizens. It's only about people in the EU.

>>merino+T4
Yes, but you cannot check whether a person is a resident unless you explicitly ask them. There are no "public" API.

It's much easier and safer to just assume someone who's in Europe is a resident, rather than figuring out if they really are.

GDPR only applies to EU residents, yes, but not if they're on ex. holiday outside of EU.

Say, a EU citizen is on holiday in The U.S.

In such case the EU citizen is not protected by GDPR.

>>baussh+ce
> GDPR only applies to EU residents, yes, but not if they're on ex. holiday outside of EU.

While this is an interesting way to interpret it, it's likely that the law may be clarified in the future to state that if at the time of collecting their data the user is in the EU, the protections shall apply to said data regardless of where the user is now.

>>halfli+b
> I think many (most?) companies will implement these privacy policies across all of their users

In terms of percentages, exceptionally few businesses outside of the EU will implement GDPR. The rest of the world will overwhelmingly entirely ignore it.

There are 20 million businesses in the US. 500,000 new businesses are created each year. 0.1% or less will comply with GDPR. Why? Because very few US businesses ever do business with the EU.

A small clothing retail shop from Texas or Florida or Michigan is not going to concern itself with complying with GDPR just because they took three orders from the EU. They're going to ignore GDPR and continue doing business as they always have. And the EU is going to find it entirely impossible to enforce compliance for those types of small instances due to the scale & tracking required to do so. If by chance they develop a larger EU business, then they'll comply.

Further, how do you force compliance on a US clothing shop from Florida, that sells 27 items per year into the EU, and violates GDPR (while having zero presence in the EU)? They can't, unless the EU develops a Chinese firewall.

The extremely majority of small businesses in India and China also do not do business with the EU. They will not be worried about GDPR. That's true about nearly all the rest of the businesses around the globe.

>>baussh+ce
But this is only your assumption and not a fact. Person on holiday is still EU resident and enjoys protection of GDPR. Do you have a source that says that GDPR doesn't apply to IP outside of EU?

>>tlampo+r1
I'm curious as to how much time you've taken in researching and implementing specific privacy laws of non-EU countries, since you don't seem to find it burdensome to comply with such regulations. Do you know for a fact you're in compliance with South African, Sri Lankan, or Australian privacy laws?

>>merino+qP
It's not by my assumption. I work with GDPR implementations. Read the GDPR yourself if you want a source.

>>cbg0+ph
That is true, which is why it's really difficult to special case a lot of things related to this, because the behavior could change to match the special cases.