Show HN: GDPR Shield – Block EU users from accessing your website

20 points by niko001 ↗ HN
While I love the EU's new data privacy regulation from a user's perspective, it's a nightmare for businesses to achieve compliance, because of the (sometimes intentionally) vague language of the law. And even if you pay an experienced lawyer to draft the policies and procedures required by GDPR, there's a very real residual risk of predatory law firms collecting penalties from mass-mailed cease-and-desist letters based on technicalities. Even if your business isn't located within the EU, you are required to comply with GDPR because the location of the user matters.

I've built a tool that blocks users who are trying to access your website from within the EU as a short-cut to compliance, which makes sense if your business isn't reliant on EU users and you don't want to spend thousands in legal fees to achieve GDPR compliance.

You can check it out here: https://www.gdpr-shield.io

13 comments

[ 4.1 ms ] story [ 42.9 ms ] thread
Even if I am not presently outside the EU, I might want to browse your products so that when I do go outside the EU, I will be able to buy such a product from you.

A website that would do this is a huge sign that I should look for the said product somewhere else.

I recently wanted to check the menu of one of the top 10 US restaurant/cafe chains (which only has locations within the US) while I was abroad and was surprised that they block all non-US traffic. I completely agree that "actual GDPR-compliance" is always superior, but some companies have spent months preparing for GDPR, involving their engineering and legal team. For some, outright avoiding the headache and potential financial fallout if they get something wrong can be the better option, even if it may mean losing a few potential customers.
That is singel handedly the most retarted service I've ever seen. It's completely counterintuitive to the basic idea of the internet, where information is free. BAsically, your too lazy to make sure your site is complient, so you want to hide it instead. The actual compliance for a normal website is extremely simple. In most cases it's a matter of having a decent privacy page and if you have forms - A text indicating the consent you give by using the form. If you can't even manage to do that, then I'm not sure I would even trust you being able to handle a monthly payment in a safe manner.
First of all - it does not make you fully compliant as it cannot know your country of origin when you visit the website. (Origin means where you REALLY are from, not your current GeOIP country).

And second thing - I actually think that it's a great idea as a way to protest and to show how senseless it is to impose such broad restrictions on the act of collecting the data.

Don't get me wrong - I don't think GDPR is a bad idea in general. I just think that people haven't even began to realize the implications of it. It's not just a "you had one thing" type of thing to follow through. It's a terrible manifesto which completely redefines how user data should be treated, without proper guidance on what's really expected.

For example - if a user logs in and decides to opt-out of all data collection but there's no cookie on him - how are you supposed to know it's the same person if you've logged his IP address the last time he used your website? And if you are using a storage medium that doesn't support one-off removals of data, what are you expected to do? This is just one out of thousands of potential examples of how broad this is, and that's even before talking the legal fees and UI changes you need to do to make sure you're letting your users know everything they have to know about what you do with their data.

BTW - MaxMind are going to get sued by so many companies because of misidentification :)

Sometimes I just dont understand if USA webmasters are dumb or they are just playing dumb?

Cookie can have one single value and that is opt-in:false. Nobody will ever say you are tracking them. If you put into it some guid, it will raise suspicions.

GDPR is otherwise quite simple, handle my data as you would handle yours. I bet you would be quite compliant with just this fact.

Anyway, go and block EU, this will create a bunch of EU companies serving what otherwise you would, but to the whole world + 500 milions EU cityzens. No one will cry about "your" service but someone will earn instead of you. Fine with me.

(Not to mention a hell of a lot less clickbait sites, nothing anyone will cry about - or actually probably it is good for them to be cut off. It would be just perfect if Facebook and Google would block the EU too - it would be a pain for a year, after that we would have our alternatives - GDPR enabled and probably working better. And additional, benefit: 90% of javascript so-called developers would go out of business as they are unable to function without copy/pasting from the web.)

Cheers.

I would use this for my websitew, which get few EU visitors;however, it'll be cheaper to just use https://www.maxmind.com/en/geoip2-databases which I was hoping to avoid, but this is too pricey to be worth it when we can simply code a bit and have pay a lower fee.
If that would gain popularity in the US, it were yet another for Europeans not to visit the US. You couldn't reasonably prepare your trip, because you cannot get up local businesses. Of course VPN is cheap and simple but why bother if you are not forced too. You can spend your travel money elsewhere.
Amazing idea. Thank you for doing this.

Indeed, I feel like europeans must prohibited from using my services, if they're making unnaceptable demands through their regulation malpractices.

Except GDPR also covers EU citizens outside of the EU, so this service is useless.
(comment deleted)