You can’t just say “nah, fuck it” and not serve the page.
You can, and it’s compliant. It’s a loss of potential business for companies that haven’t made the necessary changes, but they also don’t get your data.
Edit: Ehh… it’s bit of a grey area, you’ll probably not see massive companies do this, but smaller ones will, and they’ll get away with it as the EU would much rather being screwing with Zuckerberg and Musk, which is always a good thing. So not 100% compliant, but if the regulation isn’t enforced as the company has made an effort to stop EU types using the site, it’s probably as good as you’ll get short of requiring passports to log in, which is a whole new kettle of angry fish of regulations.
One of the main tenets of the internet is you can run your site the way you want, but nobody has to visit it. Kind of like free speech, you can say what you want but nobody has to listen to it.
Not if “the way you want” is by serving malware without giving the user a choice or even informing them that they’re agreeing to malware by entering. That’s all the EU law mandates: seeking informed consent.
There’s also a difference between session cookies, which are code to keep track of what you do on the site, and tracking cookies which are code that spies on everything you do online in order to monetize it. A lot of us consider the former benign and the latter malware that we want the option of avoiding.
Malware is anything that negatively affects your computer. Cookies tracking your every move to sell your information to a third party that then inundates you with unwanted ads every time you use the internet would qualify IMO.
It’s not compliant. You might be serving eu citizens living in other countries. I’ve had to implement gdpr regs for a US only company. This isn’t compliant with GDPR.
You can, and it’s compliant. It’s a loss of potential business for companies that haven’t made the necessary changes, but they also don’t get your data.Edit: Ehh… it’s bit of a grey area, you’ll probably not see massive companies do this, but smaller ones will, and they’ll get away with it as the EU would much rather being screwing with Zuckerberg and Musk, which is always a good thing. So not 100% compliant, but if the regulation isn’t enforced as the company has made an effort to stop EU types using the site, it’s probably as good as you’ll get short of requiring passports to log in, which is a whole new kettle of angry fish of regulations.
True, but it’s also a loss of access due to geographical location, which is the opposite of one of the original main tenets of the internet.
One of the main tenets of the internet is you can run your site the way you want, but nobody has to visit it. Kind of like free speech, you can say what you want but nobody has to listen to it.
Not if “the way you want” is by serving malware without giving the user a choice or even informing them that they’re agreeing to malware by entering. That’s all the EU law mandates: seeking informed consent.
There is a difference between cookies (which are just strings of characters often used to keep you logged in) and actual malware executable code.
There’s also a difference between session cookies, which are code to keep track of what you do on the site, and tracking cookies which are code that spies on everything you do online in order to monetize it. A lot of us consider the former benign and the latter malware that we want the option of avoiding.
I think malware is software (executable) by definition though. Cookies are never executable, they are just data.
Malware is anything that negatively affects your computer. Cookies tracking your every move to sell your information to a third party that then inundates you with unwanted ads every time you use the internet would qualify IMO.
It’s not compliant. You might be serving eu citizens living in other countries. I’ve had to implement gdpr regs for a US only company. This isn’t compliant with GDPR.