
New Service Blocks EU Users so Companies Can Save Thousands on GDPR Compliance - asclepi
https://www.bleepingcomputer.com/news/security/new-service-blocks-eu-users-so-companies-can-save-thousands-on-gdpr-compliance/
======
troydavis
Disclaimer: This is not legal advice.

Blocking EU visitors by IP doesn’t eliminate the need to comply with GDPR,
because GDPR jurisdiction isn’t based on where the service thinks think the
user is (whether from IP geocoding or another source).

If an EU resident is using a VPN, or using an IP that incorrectly geocodes to
a non-EU country, or behind a private corporate network and NAT that egresses
traffic in a non-EU country, GDPR still applies. Any site with more than
trivial traffic will have some users with those characteristics.

Experts debate whether explicitly requiring users to confirm that they aren’t
in the EU - say, a country dropdown - is even a solution. If an EU resident
visitor lies, they may well still be protected by GDPR (and the EU is large
enough for enforcement to matter even if a site doesn't have an EU presence).

~~~
duckMuppet
It is much easier and better mandate a physical address during a forced
registration.

At that point, it's quite easy to inform EU residents that they are unable to
continue do to regulations rather than rely on some type of spoofed IP or VPN

