European Union Justice Commissioner Didier Reynders recently told German newspaper 'Welt am Sonntag' that the European Commission is aware of how annoying cookie consent banners have become...
Geoblocking in such cases would not be sufficient. For one thing your geo-IP database will never be perfectly accurate, even without considering that “data subjects who are in the Union” can connect to your site via proxies or VPNs with non-EU IP addresses. For another you still need to respond to GDPR requests e.g. to remove data collected on a data subject currently residing in the EU, even if the data was collected while they were outside the EU, and you can’t do that if you’re blocking their access to the site. For a newspaper in particular the same would apply to any EU data subject they happened to report on, whether they had previously visited the site or not.
Sure, they don’t rule the world. They only have the power to ban you (either the company per se or its individual owners, officers, and/or employees) from ever again doing any business in the EU. Which naturally includes business with any individuals or companies either based in the EU (as a seller or a buyer) or wanting to do business in the EU. Or from traveling to the EU, whether for business or personal reasons. Little things like that. Nothing too inconvenient. (/s)
They haven’t taken things quite that far—yet. But they could. It’s dangerous to assume that you can ignore them without consequences just because your company doesn’t currently depend on revenue from EU customers. The world is more interconnected than that, and the consequences may not be limited to your company.
So is a local newspaper supposed to be afraid of not complying aggressively enough with foreign laws from the whole world, or just the EU? The way I see it they’re already doing more than is reasonably required by making a good faith effort to prevent people in the EU from accessing their site. Holding them responsible for people who deliberately bypass the blocking seems downright imperialist to me.
Geoblocking in such cases would not be sufficient. For one thing your geo-IP database will never be perfectly accurate, even without considering that “data subjects who are in the Union” can connect to your site via proxies or VPNs with non-EU IP addresses. For another you still need to respond to GDPR requests e.g. to remove data collected on a data subject currently residing in the EU, even if the data was collected while they were outside the EU, and you can’t do that if you’re blocking their access to the site. For a newspaper in particular the same would apply to any EU data subject they happened to report on, whether they had previously visited the site or not.
What exactly is the EU gonna do about a foreign site that does no business in the EU? They don’t rule the world.
Sure, they don’t rule the world. They only have the power to ban you (either the company per se or its individual owners, officers, and/or employees) from ever again doing any business in the EU. Which naturally includes business with any individuals or companies either based in the EU (as a seller or a buyer) or wanting to do business in the EU. Or from traveling to the EU, whether for business or personal reasons. Little things like that. Nothing too inconvenient. (/s)
They haven’t taken things quite that far—yet. But they could. It’s dangerous to assume that you can ignore them without consequences just because your company doesn’t currently depend on revenue from EU customers. The world is more interconnected than that, and the consequences may not be limited to your company.
So is a local newspaper supposed to be afraid of not complying aggressively enough with foreign laws from the whole world, or just the EU? The way I see it they’re already doing more than is reasonably required by making a good faith effort to prevent people in the EU from accessing their site. Holding them responsible for people who deliberately bypass the blocking seems downright imperialist to me.