Following GDPR is effectively equivalent to respecting your users' privacy. What are you doing that the GDPR doesn't allow?
You do you of course but at this point GDPR has been round long enough I'm assuming you're looking to double dip and sell my details. Best case scenario you don't trust your own security.
GDPR is only really scary if you're doing questionable things with your user data.
If you're just annoyed at it because it's another thing you need to learn (you have you learn stuff to do a business??) alright fair, no worries. Look into it later tho.
If it's in your way? You're posting your receipts to HN for folks to reference later in jokes haha. Your very own "They trust me. Dumb fucks"
E: Case in point one of your Show HNs handily referenced "End Mass Surveillance
Our government is actively breaking its own laws. [..]"
Why would anyone believe in your campaign when you don't even want to end mass surveillance in your own projects? :)
Maybe he wants to avoid the cost of a paying a service to act as his representative in the Union as required by Article 27 if GDPR applies to his business under Article 3(2).
Whether Article 3(2) applies is somewhat subjective and a big part of it is intent. Blocking EU IP addresses and/or requiring people to say they are not in the EU before allowing them to use your site would help prove that you did not intend to serve people in the EU.
Or maybe he's worried about IP addresses. Regulators in Europe has said they are personal data that is covered by GDPR. If you have to give IP addresses the full GDPR treatment that could be a major hassle for a small organization.
So again if you aren't definitely intending to serve EU visitors blocking them can bolster the case that you don't fall under Article 3(2).
Probably hasn’t appointed a representative in the EU. There are a lot of other bureaucratic requirements. It’s really not the same thing as respecting privacy.
> Following GDPR is effectively equivalent to respecting your users' privacy. What are you doing that the GDPR doesn't allow?
Might be. Might not. No way for me to know without understanding the GDPR. And I’m not interested in studying that law at this point.
My privacy policy is transparent, lists the vendors I do business with and how they are involved with handling data, and what I use data for.
> GDPR is only really scary if you're doing questionable things with your user data.
Any regulation that contains any sort of legal liability that I don’t understand is scary. If I’m compliant, it’s by luck. I’m certainly not compliant deliberately because I don’t understand the GDPR. Am I willing to gamble on luck so EU citizens can access my service?
Nope.
I’d go as far as saying “just be a good person and assume you aren’t going to be held liable in the EU” is a bad take and you shouldn’t promote people taking such a lax approach to legal compliance.
Sorry for disengaging here but I got nothing lmao. From my POV that's like deciding to not follow copyright law anymore.
Uh.. cool. Lol.
If you're legit doing the rest as you say then congratulations you're already GDPR compliant, you're just being stubborn. Seems a waste of brain cycles.
> If you're legit doing the rest as you say then congratulations you're already GDPR compliant, you're just being stubborn. Seems a waste of brain cycles.
How many jurisdictions exchange packets on the internet with your country of residence?
How confident are you that your web service is compliant with all of them simultaneously? Are you compliant with Saudi Arabia’s laws? India? Pakistan? Russia? China? Argentina? Nicaragua? Cuba?
I’m suggesting that conducting business in a jurisdiction without first ensuring you’re compliant with the laws of that jurisdiction is a bad way to conduct business. Making sure I’m compliant with EU law is a waste of brain cells right now. Making sure I’m compliant with U.S. law is taxing enough.
I’m also suggesting that you probably shouldn’t be liable for a random country’s law just because one of their citizens misrepresented themselves and tricked you into exchanging packets under a different set of laws than you know how to operate in.
You do you of course but at this point GDPR has been round long enough I'm assuming you're looking to double dip and sell my details. Best case scenario you don't trust your own security.
GDPR is only really scary if you're doing questionable things with your user data.
If you're just annoyed at it because it's another thing you need to learn (you have you learn stuff to do a business??) alright fair, no worries. Look into it later tho.
If it's in your way? You're posting your receipts to HN for folks to reference later in jokes haha. Your very own "They trust me. Dumb fucks"
E: Case in point one of your Show HNs handily referenced "End Mass Surveillance Our government is actively breaking its own laws. [..]"
Why would anyone believe in your campaign when you don't even want to end mass surveillance in your own projects? :)