And once again...
The EU causes more collateral damage than they probably anticipated. I'm actually hoping that this trend continues: be GDRP compliant and just lock out EU users, simple as that. Then you can continue with your business, no questions asked.
This reminds me of that brilliant cookie law which the EU just had to push through. And as a result nothing has changed. The only change is that they'll now nicely ask you up front: "Do you accept this cookie?", and if the answer is no you're blocked from the site. SO... no matter what kind of cookie: if you want to use the site you'll have to click yes. And continue clicking yes again and again and again and again for every website. Another one of those awesome EU ideas!
Now, don't get me wrong here. The motivation behind GDRP is a good one, securing user data. But I also think that, as usual within politics, they're not thinking things through.
I mean... if you ask a webmaster to remove your data and they say "Ok, done", without actually doing anything. Then what? Would you be the wiser? I doubt it. And even if you can proof this, then what? Call the cops? If you're dealing with a US company and then call the cops on them for an EU law infraction then I'm not too sure that they'll bother to help you. Why should they?
In the end this will be one of those brilliant ideas which will cause more harm than profit. Like the DCMA takedown requests: that also began as a good idea until people started abusing it left and right because... the consequences for false reports are practically zip as far as I know.
I fear that this won't be any different. As such: just block the EU and be done with it, easy :)
(for the record: I am from Europe myself, but not quite a fan of this GDRP intrusion).
We're forced to delete user data. Ok, got it.
But what about the data retention law, from that very same EU? Never heard of that? Easy: it basically forces companies to store and archive communications passing through their servers (such as e-mails) for up to 3 years. Wouldn't you say that this somehow contradicts with the GDRP? I mean, can it get any more personal than e-mails or forum messages?
And just so we're clear: the intent of the data retention law is that communications must be stored in such a way that the information can be used to fully trace the users origin. Which is exactly the opposite of GDRP which demands that data needs to be anonymized.
So what is it? You can't have it both ways, yet that's exactly what they're trying to do.