With the enforcement of the
The lead-up to the effective date of the GDPR led to many companies and websites changing their privacy policies and features worldwide in order to comply with its requirements, and providing email and on-site notification of the changes, despite having had at least two years to prepare and do so.
On the effective date, some international websites began to block EU users entirely (including
Instapaper,  Unroll.me,  and Tronc-owned newspapers, such as the and the Chicago Tribune ) or redirect them to stripped-down versions of their services (in the case of Los Angeles Times National Public Radio and ) with limited functionality and/or no advertising, in order to remove their liabilities. USA Today
4 Steps to Make Your Website GDPR Compliant -
The SDMB is owned by a US entity and is likely based in a US datacenter, with no EU presence. Would it be subject to EU regulations in the first place? What mechanisms in US law would make the Reader liable to attempted enforcement?
According to the
(1) In relation to third countries and international organisations, the Commission and supervisory authorities shall take appropriate steps to:
a) develop international cooperation mechanisms to facilitate the effective enforcement of legislation for the protection of personal data;
b) provide international mutual assistance in the enforcement of legislation for the protection of personal data, including through notification, complaint referral, investigative assistance and information exchange, subject to appropriate safeguards for the protection of personal data and other fundamental rights and freedoms;
c) engage relevant stakeholders in discussion and activities aimed at furthering international cooperation in the enforcement of legislation for the protection of personal data;
d) promote the exchange and documentation of personal data protection legislation and practice, including on jurisdictional conflicts with third countries.
Which suggests to me that they are not bothering themselves to write anything explicit into the GDPR, but instead figure it out if they ever actually decide they need to fine someone and most likely counting on the risk of the fines (20 million euros or 4% of total global turnover whichever is greater) to help companies decide it’s ultimately cheaper to just be compliant.
The EU doesn’t care one bit where an Internet company is located. If a single person in the EU visits the web site, then the SDMB is subject to their laws.
Going about enforcing their laws on the Reader or whoever is something else entirely.