
Ask HN: Are you blocking EU traffic tomorrow? - donohoe
I&#x27;m collecting best practices for blocking content on the web ahead of GDPR being enforced (and just curious too). Specifically interested in anyone using the 451 error code (&quot;Unavailable For Legal Reasons&quot;).
======
throwawaymath
No.

Brutal honesty: I have no intention of complying with GDPR. I do collect
plenty of data from Europeans; but I am not a European, I do not directly use
the data for commercial purposes (though I publish some of it) and I have no
physical nexus in the EU.

I don't know if GDPR applies to me, but I can't be bothered either way. I've
seen mixed interpretations about whether or not the data I collect, and my
subsequent use of it, is relevant for GDPR. I don't care enough to spare the
mental overhead. I welcome Europeans to contact me under the GDPR, but I'll
likely ignore them completely unless I can be convinced any possible
litigation would both impact me and actually come to pass.

Until I'm forced to do something, I'm not going to do anything at all about
it. I don't expect that to be a popular opinion :)

~~~
godot
Isn't the fine of violation 20mil Euro or 4% annual rev, whichever is
_higher_? That could put any side projects (or even small startups) out of
business, no?

~~~
throwawaymath
Sure, and I welcome an attempt to collect that. I'm not going to hold my
breath though.

~~~
xstartup
Oh, so you don't use services of a company which has to comply with EU
authorities? I am pretty sure, they can freeze your AWS/GCP account.

~~~
throwawaymath
Nope. I do everything on bare metal, local to me. I guess they could squeeze
my ISP, but that wouldn't be a significant business continuity problem for me.
If they come after my utility/energy provider I'll be concerned.

------
andrei_says_
Of course not.

Counting the amount of non-compliant websites out there, the popularity of
mine, the probability of being contacted by the EU enforcement agencies is
close to zero.

If contacted, I’d be given specific instructions and time to comply.

Why would anyone block traffic?

~~~
donohoe
Companies with a legal department may be forced to do so if they have ties to
the EU, regardless of what business side thinks.

------
ColinWright
So out of curiosity, are you looking to do this because you can't work out
what is necessary, or because you choose not to comply with the requirements?

Also, from some advice I've seen, if someone is actually physically based in
the EU, but they access facilities over the 'net via a connection that appears
to come from the USA, the person is still covered by the GDPR, and so the
company providing the service, even though they can't tell that the customer
is residing in the EU, might still be required to comply with the GDPR.

~~~
donohoe
You only gave me two options :)

First, I am doing this because I am curious. I first looked at the 451 error
code for a publisher many years ago where we were anticipating a court order
banning an article in a given country.

Second, I have a number of sites where we have done the work to be compliant
with GDPR so thats nice.

Third, there are sites where there is so many third-party scripts added over
the years that it would take months to administratively figure out what is
needed and what is not. They were not just added on the template level
(medium/easy to clean-up) but added by individuals directly through a CMS
which makes it very very hard.

Its in that third case that we might be forced to have our own 451 error page
(or something else) until it can be untangled.

I'm an advocate of the GDPR and welcome its challenges but its technically
difficult even if you mean well. I'm sympathetic to those hitting problems. To
be clear, it is NOT about 'choosing to comply' or not, and saying so means you
don't fully understand the technical challenges.

