zlacker

[parent] [thread] 7 comments
1. merino+(OP)[view] [source] 2018-05-18 15:21:19
It is not possible, unless you'll check id and residence certificate of all visitors. Blocking EU IP is not sufficient.
replies(2): >>0care+Ck >>DanBC+oL
2. 0care+Ck[view] [source] 2018-05-18 17:51:58
>>merino+(OP)
I am having a hard time seeing how EU judgements will be enforceable in the US?
replies(2): >>merino+9I >>apple4+kK
◧◩
3. merino+9I[view] [source] [discussion] 2018-05-18 20:59:08
>>0care+Ck
Probably they will not be - but there are cases of extradition of EU citizens to the US for various crimes like hacking. Who knows, maybe it will happen the other way around or some people will have to take holidays in the EU off the list.
◧◩
4. apple4+kK[view] [source] [discussion] 2018-05-18 21:20:34
>>0care+Ck
I was really wondering that as well. Can we be held accountable?

It would be nice if the GDPR had a piece about “if a company refuses sales, even if they accidentally happen, the company isn’t liable” and/or “blocking EU IPs or redirecting to a no sale page is sufficient to avoid compliance”.

5. DanBC+oL[view] [source] 2018-05-18 21:31:52
>>merino+(OP)
This is, yet again, untrue.

https://gdpr-info.eu/recitals/no-23/

> In order to determine whether such a controller or processor is offering goods or services to data subjects who are in the Union, it should be ascertained whether it is apparent that the controller or processor envisages offering services to data subjects in one or more Member States in the Union. 3Whereas the mere accessibility of the controller’s, processor’s or an intermediary’s website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the Union, may make it apparent that the controller envisages offering goods or services to data subjects in the Union.

By blocking EU IPs the service is very clearly, unambiguously, not targetting EU residents.

replies(2): >>merino+mV >>merino+lk1
◧◩
6. merino+mV[view] [source] [discussion] 2018-05-18 23:26:36
>>DanBC+oL
No, this is only not targeting people accessing internet using EU IP addresses, it doesn't exclude EU residents.
◧◩
7. merino+lk1[view] [source] [discussion] 2018-05-19 10:10:35
>>DanBC+oL
Not sure why downvotes. If you block EU IP, EU resident accessing a website on holiday outside EU will not know that the website is not meant to offer services to EU residents. Solely blocking EU IPs is not sufficient. What would do probably is to have a banner on the website, where user is informed that website doesn't allow EU resident visitors with "Leave" button. Now the problem is if the EU resident confirms that he/she is not an EU resident. Then controller or processor is still processing protected data, but unknowingly.
replies(1): >>DanBC+It1
◧◩◪
8. DanBC+It1[view] [source] [discussion] 2018-05-19 13:40:49
>>merino+lk1
If you block EU IPs but your business is not targeting Europeans who are on holiday you don't need to comply with GDPR.

If you block EU IPs but your business is targeting Europeans who are on holiday - well, you probably still don't need to comply with GDPR because you've demonstrated attempts to actively avoid European residents.

The test in GDPR is not "does any European ever use the service?" but "are you targeting them?"

[go to top]