Well, no. Outfits like Facebook and Amazon can afford to hire attorneys to keep them in compliance with GPDR (or, more accurately, skirt around it).
Small website operators can't do that. Accordingly, many have banned EU IP addresses altogether.
The basic phenomenon is called "regulatory capture" -- the large player counterintuitively does not object to onerous regulations, because their smaller competitors can't afford to comply with them.
Happens all the time, in many different sectors of the economy.
With regard to FOSS, I certainly wouldn't work on anything for free that was likely to get me enmeshed in the legal system of another country.
If this legislation is as described above, someone's probably working on a FOSS license right now that allows the software to be used everywhere except the EU.
> Well, no. Outfits like Facebook and Amazon can afford to hire attorneys to keep them in compliance with GPDR (or, more accurately, skirt around it).
> Small website operators can't do that. Accordingly, many have banned EU IP addresses altogether.
It's much easier for small sites: not collecting data is free and if they aren't trying to resell it in ways which they don't want their customers to know about, it's easy enough to have a simple privacy policy. Those obtrusive banners are a political choice trying to make it look like GDPR compliance is onerous, but if you're not in the ad-tech business that's really not so hard since all of your cookies are essential.
At GitHub, we want to protect developer privacy, and we find cookie banners quite irritating, so we decided to look for a solution. After a brief search, we found one: just don’t use any non-essential cookies. Pretty simple, really.
So, we have removed all non-essential cookies from GitHub, and visiting our website does not send any information to third-party analytics services. (And of course GitHub still does not use any cookies to display ads, or track you across other sites.)
> Compliance with GDPR is trivial for the absolute vast majority of businesses.
Nonsense.
> Here's how GitHub does it
That's nice. GitHub is a billion dollar Microsoft subsidiary with a gigantic legal team on speed dial.
What does "non-essential" mean here? Personally, I'm not willing to gamble that my interpretation of "non-essential" matches the interpretation of some random EU bureaucrat.
> That's nice. GitHub is a billion dollar Microsoft subsidiary with a gigantic legal team on speed dial.
And instead of third-party tracking, selling your data to the highest bidder, and pestering you with miles-long cookie popups with hundreds of "partners", they don't do any of that.
So, how is this impossible for any other business that doesn't have those lawyers?
> What does "non-essential" mean here?
The law has been around for 7 years now. If you still ask this question and assume that you need to spend billions on lawyers to do the easy sensible thing, it only means that you don't care about answers.
Complying with GDPR shouldn’t be that hard at all for most businesses if they introduce some basic procedures for handling/storing user data and most importantly don’t want to transfer/sell it to third parties
Small website operators can't do that. Accordingly, many have banned EU IP addresses altogether.
The basic phenomenon is called "regulatory capture" -- the large player counterintuitively does not object to onerous regulations, because their smaller competitors can't afford to comply with them.
Happens all the time, in many different sectors of the economy.
With regard to FOSS, I certainly wouldn't work on anything for free that was likely to get me enmeshed in the legal system of another country.
If this legislation is as described above, someone's probably working on a FOSS license right now that allows the software to be used everywhere except the EU.