The EU only cares if your website affects EU citizens. This one has pulled out of the EU market entirely, the EU doesn’t care then and have no jurisdiction either then.
You can’t just say “nah, fuck it” and not serve the page.
You can, and it’s compliant. It’s a loss of potential business for companies that haven’t made the necessary changes, but they also don’t get your data.
One of the main tenets of the internet is you can run your site the way you want, but nobody has to visit it. Kind of like free speech, you can say what you want but nobody has to listen to it.
Not if “the way you want” is by serving malware without giving the user a choice or even informing them that they’re agreeing to malware by entering. That’s all the EU law mandates: seeking informed consent.
There’s also a difference between session cookies, which are code to keep track of what you do on the site, and tracking cookies which are code that spies on everything you do online in order to monetize it. A lot of us consider the former benign and the latter malware that we want the option of avoiding.
Malware is anything that negatively affects your computer. Cookies tracking your every move to sell your information to a third party that then inundates you with unwanted ads every time you use the internet would qualify IMO.
It’s not compliant. You might be serving eu citizens living in other countries. I’ve had to implement gdpr regs for a US only company. This isn’t compliant with GDPR.
Sorry, that’s not correct, the GDPR applies to EU Citizens and Non-EU Citizens located within the EU, and an EU Citizen’s Data if it’s moved outside the EU while the person is still located within the EU. An EU Citizen located outside the EU is not covered, as they would be under the laws and regulations of wherever they’re located.
I literally had to work with lawyers to cover this. GDPR covers EU citizens across the planet. Doesn’t matter where you are. I don’t know where you got your information from, but mine came from both the law, and FinTech lawyers whose job it is is to know this stuff.
My info came from my missus who managed the GDPR compliance for 2 of the top 5 largest pharmaceutical companies on the planet for the of the largest blue chip IT infrastructure provider on the planet. GDPR does not supersede local regulations even if you are a citizen of the EU. A website refusing to do business to IP addresses in the EU does not make it non compliant with GDPR, if an EU citizen physically leaves the EU to a country where GDPR doesn’t apply, it doesn’t magically apply because the keyboard senses an EU finger is on those keys. If someone moves from France to Canada, and uses a local website that doesn’t comply with GDPR, do they automagically get a fine for non compliance? Best they can do is refuse delivery if you try to order something to be shipped back home.
If those pharmaceutical companies try to ever do business in the EU they will immediately find out that the laws do apply. I’m sorry but your “missus” is uninformed. You can go check for yourself instead of believing me though. There’s plenty of resources for it to explain it to both of you.
deleted by creator
Is the EU gonna force a company in China to sell something to its citizens or something? Lol.
Source?
It’s only illegal if you say “nah, fuck it” when users decline to agree with your data collection terms, but offer it when they do.
This is an identical experience, independent of your (dis)agreement with their policies.
The EU only cares if your website affects EU citizens. This one has pulled out of the EU market entirely, the EU doesn’t care then and have no jurisdiction either then.
You can, and it’s compliant. It’s a loss of potential business for companies that haven’t made the necessary changes, but they also don’t get your data.
True, but it’s also a loss of access due to geographical location, which is the opposite of one of the original main tenets of the internet.
One of the main tenets of the internet is you can run your site the way you want, but nobody has to visit it. Kind of like free speech, you can say what you want but nobody has to listen to it.
Not if “the way you want” is by serving malware without giving the user a choice or even informing them that they’re agreeing to malware by entering. That’s all the EU law mandates: seeking informed consent.
There is a difference between cookies (which are just strings of characters often used to keep you logged in) and actual malware executable code.
There’s also a difference between session cookies, which are code to keep track of what you do on the site, and tracking cookies which are code that spies on everything you do online in order to monetize it. A lot of us consider the former benign and the latter malware that we want the option of avoiding.
I think malware is software (executable) by definition though. Cookies are never executable, they are just data.
Malware is anything that negatively affects your computer. Cookies tracking your every move to sell your information to a third party that then inundates you with unwanted ads every time you use the internet would qualify IMO.
It’s not compliant. You might be serving eu citizens living in other countries. I’ve had to implement gdpr regs for a US only company. This isn’t compliant with GDPR.
Sorry, that’s not correct, the GDPR applies to EU Citizens and Non-EU Citizens located within the EU, and an EU Citizen’s Data if it’s moved outside the EU while the person is still located within the EU. An EU Citizen located outside the EU is not covered, as they would be under the laws and regulations of wherever they’re located.
I literally had to work with lawyers to cover this. GDPR covers EU citizens across the planet. Doesn’t matter where you are. I don’t know where you got your information from, but mine came from both the law, and FinTech lawyers whose job it is is to know this stuff.
My info came from my missus who managed the GDPR compliance for 2 of the top 5 largest pharmaceutical companies on the planet for the of the largest blue chip IT infrastructure provider on the planet. GDPR does not supersede local regulations even if you are a citizen of the EU. A website refusing to do business to IP addresses in the EU does not make it non compliant with GDPR, if an EU citizen physically leaves the EU to a country where GDPR doesn’t apply, it doesn’t magically apply because the keyboard senses an EU finger is on those keys. If someone moves from France to Canada, and uses a local website that doesn’t comply with GDPR, do they automagically get a fine for non compliance? Best they can do is refuse delivery if you try to order something to be shipped back home.
If those pharmaceutical companies try to ever do business in the EU they will immediately find out that the laws do apply. I’m sorry but your “missus” is uninformed. You can go check for yourself instead of believing me though. There’s plenty of resources for it to explain it to both of you.