Show HN: GDPR Shield – Block EU users from accessing your website
While I love the EU's new data privacy regulation from a user's perspective, it's a nightmare for businesses to achieve compliance, because of the (sometimes intentionally) vague language of the law. And even if you pay an experienced lawyer to draft the policies and procedures required by GDPR, there's a very real residual risk of predatory law firms collecting penalties from mass-mailed cease-and-desist letters based on technicalities. Even if your business isn't located within the EU, you are required to comply with GDPR because the location of the user matters.
I've built a tool that blocks users who are trying to access your website from within the EU as a short-cut to compliance, which makes sense if your business isn't reliant on EU users and you don't want to spend thousands in legal fees to achieve GDPR compliance.
You can check it out here: https://www.gdpr-shield.io
13 comments
[ 4.1 ms ] story [ 42.9 ms ] threadA website that would do this is a huge sign that I should look for the said product somewhere else.
And second thing - I actually think that it's a great idea as a way to protest and to show how senseless it is to impose such broad restrictions on the act of collecting the data.
Don't get me wrong - I don't think GDPR is a bad idea in general. I just think that people haven't even began to realize the implications of it. It's not just a "you had one thing" type of thing to follow through. It's a terrible manifesto which completely redefines how user data should be treated, without proper guidance on what's really expected.
For example - if a user logs in and decides to opt-out of all data collection but there's no cookie on him - how are you supposed to know it's the same person if you've logged his IP address the last time he used your website? And if you are using a storage medium that doesn't support one-off removals of data, what are you expected to do? This is just one out of thousands of potential examples of how broad this is, and that's even before talking the legal fees and UI changes you need to do to make sure you're letting your users know everything they have to know about what you do with their data.
BTW - MaxMind are going to get sued by so many companies because of misidentification :)
Cookie can have one single value and that is opt-in:false. Nobody will ever say you are tracking them. If you put into it some guid, it will raise suspicions.
GDPR is otherwise quite simple, handle my data as you would handle yours. I bet you would be quite compliant with just this fact.
Anyway, go and block EU, this will create a bunch of EU companies serving what otherwise you would, but to the whole world + 500 milions EU cityzens. No one will cry about "your" service but someone will earn instead of you. Fine with me.
(Not to mention a hell of a lot less clickbait sites, nothing anyone will cry about - or actually probably it is good for them to be cut off. It would be just perfect if Facebook and Google would block the EU too - it would be a pain for a year, after that we would have our alternatives - GDPR enabled and probably working better. And additional, benefit: 90% of javascript so-called developers would go out of business as they are unable to function without copy/pasting from the web.)
Cheers.
Indeed, I feel like europeans must prohibited from using my services, if they're making unnaceptable demands through their regulation malpractices.