zlacker

[parent] [thread] 3 comments
1. DanBC+(OP)[view] [source] 2018-05-18 21:31:52
This is, yet again, untrue.

https://gdpr-info.eu/recitals/no-23/

> In order to determine whether such a controller or processor is offering goods or services to data subjects who are in the Union, it should be ascertained whether it is apparent that the controller or processor envisages offering services to data subjects in one or more Member States in the Union. 3Whereas the mere accessibility of the controller’s, processor’s or an intermediary’s website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the Union, may make it apparent that the controller envisages offering goods or services to data subjects in the Union.

By blocking EU IPs the service is very clearly, unambiguously, not targetting EU residents.

replies(2): >>merino+Y9 >>merino+Xy
2. merino+Y9[view] [source] 2018-05-18 23:26:36
>>DanBC+(OP)
No, this is only not targeting people accessing internet using EU IP addresses, it doesn't exclude EU residents.
3. merino+Xy[view] [source] 2018-05-19 10:10:35
>>DanBC+(OP)
Not sure why downvotes. If you block EU IP, EU resident accessing a website on holiday outside EU will not know that the website is not meant to offer services to EU residents. Solely blocking EU IPs is not sufficient. What would do probably is to have a banner on the website, where user is informed that website doesn't allow EU resident visitors with "Leave" button. Now the problem is if the EU resident confirms that he/she is not an EU resident. Then controller or processor is still processing protected data, but unknowingly.
replies(1): >>DanBC+kI
◧◩
4. DanBC+kI[view] [source] [discussion] 2018-05-19 13:40:49
>>merino+Xy
If you block EU IPs but your business is not targeting Europeans who are on holiday you don't need to comply with GDPR.

If you block EU IPs but your business is targeting Europeans who are on holiday - well, you probably still don't need to comply with GDPR because you've demonstrated attempts to actively avoid European residents.

The test in GDPR is not "does any European ever use the service?" but "are you targeting them?"

[go to top]