But for compliance many interpretations say it's EU /citizens/; I don't think there are 3 simple steps to block any EU citizen...<p>I'm sure many Governments would <i>love</i> to be able to so simply identify what their citizens do online though.
While this sounds like an overreaction, I question the breadth of this method (unrelated to the reliability of IP address origin).<p>> This tells nginx to assign the $allow_visit variable a 0 for any users the GeoIP database specifies as coming from the “EU” continent.<p>Europe is the continent. The EU does not encompass all European countries. Doesn't this needlessly block non-EU European countries?
Geo IP blocking will not block the EU citizens that are not physically in the EU at the time.<p>Just for fun, I would add<p><pre><code> server {
# snip....
access_log off;
error_log off;
return 307 https://www.google.com/search?q=gdpr;
}
</code></pre>
That should block anyone that might be a EU citizen. /s
Along with the author, I am hesitant to needlessly follow regulations which only apply to a small portion of global population of which I am not a part. Especially since there are simple ways to sidestep the liability.<p>This, however, does give me an idea. Does anyone have an interest in a web framework which provides user/data management in a gdpr compliant way?
This seems to be flawed logic, many EU devices have IP addresses from non EU address blocks.<p>Assuming there is any significant adoption of your proposed solution to avoid GDPR rules the likelyhood is EU citizens will use VPN or Proxy services to bypass the restrictions.<p>I don’t think the use of a VPN would remove the GDPR obligations on the data controller or data processor.