> Following GDPR is effectively equivalent to respecting your users' privacy. What are you doing that the GDPR doesn't allow?
Might be. Might not. No way for me to know without understanding the GDPR. And I’m not interested in studying that law at this point.
My privacy policy is transparent, lists the vendors I do business with and how they are involved with handling data, and what I use data for.
> GDPR is only really scary if you're doing questionable things with your user data.
Any regulation that contains any sort of legal liability that I don’t understand is scary. If I’m compliant, it’s by luck. I’m certainly not compliant deliberately because I don’t understand the GDPR. Am I willing to gamble on luck so EU citizens can access my service?
Nope.
I’d go as far as saying “just be a good person and assume you aren’t going to be held liable in the EU” is a bad take and you shouldn’t promote people taking such a lax approach to legal compliance.
Sorry for disengaging here but I got nothing lmao. From my POV that's like deciding to not follow copyright law anymore.
Uh.. cool. Lol.
If you're legit doing the rest as you say then congratulations you're already GDPR compliant, you're just being stubborn. Seems a waste of brain cycles.
> If you're legit doing the rest as you say then congratulations you're already GDPR compliant, you're just being stubborn. Seems a waste of brain cycles.
How many jurisdictions exchange packets on the internet with your country of residence?
How confident are you that your web service is compliant with all of them simultaneously? Are you compliant with Saudi Arabia’s laws? India? Pakistan? Russia? China? Argentina? Nicaragua? Cuba?
I’m suggesting that conducting business in a jurisdiction without first ensuring you’re compliant with the laws of that jurisdiction is a bad way to conduct business. Making sure I’m compliant with EU law is a waste of brain cells right now. Making sure I’m compliant with U.S. law is taxing enough.
I’m also suggesting that you probably shouldn’t be liable for a random country’s law just because one of their citizens misrepresented themselves and tricked you into exchanging packets under a different set of laws than you know how to operate in.
Might be. Might not. No way for me to know without understanding the GDPR. And I’m not interested in studying that law at this point.
My privacy policy is transparent, lists the vendors I do business with and how they are involved with handling data, and what I use data for.
> GDPR is only really scary if you're doing questionable things with your user data.
Any regulation that contains any sort of legal liability that I don’t understand is scary. If I’m compliant, it’s by luck. I’m certainly not compliant deliberately because I don’t understand the GDPR. Am I willing to gamble on luck so EU citizens can access my service?
Nope.
I’d go as far as saying “just be a good person and assume you aren’t going to be held liable in the EU” is a bad take and you shouldn’t promote people taking such a lax approach to legal compliance.