GDPR compliance as a service

115 点作者 bmurray7jhu大约 7 年前

28 条评论

lillesvin大约 7 年前

> Simply paste our JavaScript snippet into your website's code. We'll check every visitor of your site and will block access to users located within the EU.See, the problem here is that you actually have to send an HTTP request to the site that's trying to block you, then you load it along with their JavaScript which then blocks you, but at that point the initial request(s) has already been logged and now they have to comply with the GDPR.I refuse to believe this is not a joke.

评论 #16991472 未加载

评论 #16991516 未加载

评论 #16993528 未加载

评论 #16991592 未加载

tylermenezes大约 7 年前

The idea that simply having an EU visitor load your site can subject you to a $2M fine is a recurring bit of FUD.Directly from the EU:> Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.(<a href="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/enforcement-and-sanctions/sanctions/what-if-my-company-organisation-fails-comply-data-protection-rules_en" rel="nofollow">https://ec.europa.eu/info/law/law-topic/data-protection/refo...</a>)

评论 #16991573 未加载

评论 #16991702 未加载

评论 #16991596 未加载

评论 #16991547 未加载

esya大约 7 年前

niko001 / Niklaus or whatever. This is extremely shady. You've copy pasted your whole terms and conditions from this page :<a href="https://buffer.com/terms" rel="nofollow">https://buffer.com/terms</a> VS: <a href="https://gdpr-shield.io/terms" rel="nofollow">https://gdpr-shield.io/terms</a> - Saved here <a href="https://web.archive.org/web/20180504020320/https://gdpr-shield.io/terms" rel="nofollow">https://web.archive.org/web/20180504020320/https://gdpr-shie...</a> for good measureWhich is illegal to begin with. You even forgot to replace the part that explains what the service does and left the part that says that gdpr shield "provides a social media management tool".You're selling something that just basically does a geoip lookup, and then tries to block people from an entire continent, with pure JS, which can be easily avoided, by the way. I'm shooting buffer an email to let them know you're infringing on their legal material.

评论 #16992193 未加载

评论 #16992284 未加载

jloughry大约 7 年前

The privacy of EU persons coming in from a non-EU IP address still need to be protected under GDPR. This solution is a start but it's not bulletproof.Edit: I don't want anyone to think I believe it's a good start but it is a kind of solution. I wonder if lots of US companies, once they begin to realize GDPR is a problem for them, won't decide to try one of two things:1. This: block access from IP addresses believed to belong in Europe.2. Lobby Congress for a law (or a quick Executive Order) saying that US companies don't have to comply with GDPR.A few weeks ago on Twitter [1], I speculated about #2. It was too early, I guess. Few people in USA seem to be aware of GDPR at the present time. That'll change in a couple of weeks.[1] <a href="https://twitter.com/CnAdoctor/status/978849723808301057" rel="nofollow">https://twitter.com/CnAdoctor/status/978849723808301057</a>

评论 #16991452 未加载

评论 #16991460 未加载

评论 #16993086 未加载

评论 #16991450 未加载

评论 #16991310 未加载

quickthrower2大约 7 年前

I'm currently an EU-ish Citizen, not residing in the EU. Will it block me?Also will it block JS-blocking EU Citizens residing in the EU?Let's not mention VPNs. Let's not mention Tor.This feels like a "registry cleaner" for GDPRo. xkcd: <a href="https://xkcd.com/1969/" rel="nofollow">https://xkcd.com/1969/</a>

评论 #16991408 未加载

评论 #16992232 未加载

评论 #16991390 未加载

privacypoller大约 7 年前

A "GDPR Compliance" service with a 6000 word terms of service including such gems as agreeing to binding arbitration, no class-action lawsuits, and royalty-free use of your logo and name, a privacy policy that allows them to use your personal information to promote "new features and special offers" and runs google analytics...This is a joke, right? You'd have to be crazy to protect these guys with anything to do with personal information protection and privacy.

CorpOverreach大约 7 年前

Maybe I'm missing something - but as a US citizen, with a US company, how can EU laws be enforced against me?What's the legal channel here? Do they plan on arresting me if I decide to vacation to an EU country? Will the US gov't comply with levying fines due to some treaty/agreement between the countries?

评论 #16991495 未加载

评论 #16991477 未加载

评论 #16991339 未加载

评论 #16991364 未加载

评论 #16997817 未加载

评论 #16991487 未加载

rjv大约 7 年前

I have this eerie suspicion that GDPR cases will be a haven for trollish and/or opportunist behavior. Instead of huge corporations having to shell out significant money to swallow up start-up competitors, they could much more cheaply pay EU citizens to exploit the huge burden of the law on small companies or even solo endeavors. I hope I can be convinced to be optimistic.

评论 #16991527 未加载

评论 #16991896 未加载

评论 #16991564 未加载

评论 #16997767 未加载

nightcracker大约 7 年前

From GDPR-shield's terms and conditions (<a href="https://gdpr-shield.io/terms" rel="nofollow">https://gdpr-shield.io/terms</a>):1. GDPR Shield Service OverviewThe Service provides a social media management tool that enables users to customize the link preview window of websites under their control on social platforms, in addition to other analytics tools to help bolster users' social media content....what? Is this a botched copy/paste job?

评论 #16991713 未加载

cddotdotslash大约 7 年前

Put your site behind CloudFront, block EU countries. There, we've solved the problem without a shady SaaS.Edit: which wasn't even a problem to start with but if this is the route you want to go, the above is nearly fool proof and costs next to nothing.

评论 #16992217 未加载

threeseed大约 7 年前

I can't tell if this is a joke or not.Don't pay "thousands" for GPDR compliance work which will improve your product by providing basic privacy and security features.Instead pay up to $79 a month for a service to block a large percentage of your traffic.

评论 #16991501 未加载

评论 #16991309 未加载

CLGrimes大约 7 年前

I can't tell if this is a fake service or not, but blocking users from EU IP address ranges (which I'm assuming how it works) will still not stop the EU from following a trail of data that could originate from your organization.That's the biggest thing from the EU's GDPR rules - what is your organization's data inventory, how does it map outside of your organization, and how are you securing PII?If a complaint is made from someone who is an EU citizen, and another organization shows logs that they got this information from your web app or service, that will trigger an audit from the EU. Blocking access to a subset of IP ranges will do absolutely nothing to stop this, and will not stop the sharks once they have smelled blood.In a sense, the EU has plain rules that you can protect against, unlike the FTC/FDA (for HIPPA etc) who are vague and will not disclose how you can protect your own organization.

troydavis大约 7 年前

Disclaimer: This is not legal advice.Blocking EU visitors by IP doesn’t eliminate the need to comply with GDPR, because GDPR jurisdiction isn’t based on where the service thinks think the user is (whether from IP geocoding or another source).If an EU resident is using a VPN, or using an IP that incorrectly geocodes to a non-EU country, or behind a private corporate network and NAT that egresses traffic in a non-EU country, GDPR still applies. Any site with more than trivial traffic will have some users with those characteristics.Experts debate whether explicitly requiring users to confirm that they aren’t in the EU - say, a country dropdown - is even a solution. If an EU resident visitor lies, they may well still be protected by GDPR (and the EU is large enough for enforcement to matter even if a site doesn't have an EU presence).

评论 #17006515 未加载

emddudley大约 7 年前

This is GDPR noncompliance as a service...

评论 #16991655 未加载

esya大约 7 年前

The more I look into this, the shadier it seems.They're selling at a whooping $79/month, a single php script that does not even check any sort of authentication or API key, and only does a dumb lookup against a GeoIP database : <a href="https://gdpr-shield.io/check.php" rel="nofollow">https://gdpr-shield.io/check.php</a>And this is called by this tiny javascript script <a href="https://code.gdpr-shield.io/script.js" rel="nofollow">https://code.gdpr-shield.io/script.js</a> that just.. displays an overlay div when you're in the EU. Smells like scam when you're willing to sell a whole product that can be coded in 20 minutes for up to $1000 a year.

评论 #16992137 未加载

sbuk大约 7 年前

"The European Union's new GDPR (General Data Protection Regulation), which takes effect on 25th May 2018, creates uncertainty and risk for website owners. It applies to businesses world-wide, because it protects all users accessing your site from the EU, regardless of where your business is located. GDPR threatens website owners with fines of 4% of turnover or €20 million (whichever is higher). If you don't have an in-house legal team, complying with the law requires you to consult with a lawyer specializing in data protection law. In addition, you're at risk of vindictive reporting from no-win-no-fee legal firms."Total, unmitigated FUD.

judge2020大约 7 年前

Thought this was a joke SaaS offering, but inputting google.com as the domain and a burner card, it's real [0].[0] <a href="https://judge.sh/3Bc2E0GR.png" rel="nofollow">https://judge.sh/3Bc2E0GR.png</a>

评论 #16991362 未加载

vemv大约 7 年前

Anyone can expand on what "vindictive reporting from no-win-no-fee legal firms" would exactly consist of?

评论 #16991397 未加载

评论 #16991370 未加载

hartator大约 7 年前

I wonder if you can do something like this directly in Cloudflare.

评论 #16991799 未加载

corobo大约 7 年前

Another site going with the light grey on white text theme. What happened to the accessibility binge everyone was on a few years back :(

cdancette大约 7 年前

I think this is actually good for privacy. We will know that companies using this service don't care about privacy, even for non-european users.We could then can design a tool detecting the use of this service and notifying the user "this service doesn't care about your personal data".

kruhft大约 7 年前

"God Damn Protection Racket"

pietroglyph大约 7 年前

This appears to be Javscript based... Assuming then that it works on the client side, I wonder how long it will take for someone to release a browser plugin to bypass it.

评论 #16992118 未加载

drivingmenuts大约 7 年前

Argh. Just sent a note to a game company I did some work for that they need to be aware of this.Might have to shut off access to the game for the EU.Dammit.

shiado大约 7 年前

Are European TOR users protected under GDPR? What about VPN users? Seems like IP-based services might be tricky.

tscs37大约 7 年前

Is there some example page I can look at to see if this even works?

rdiddly大约 7 年前

You spelled "avoidance" wrong...

asn1parse大约 7 年前

lol fqdn registered on 2018-04-24? gmafb

评论 #16991571 未加载

评论 #16991598 未加载

28 条评论

lillesvin大约 7 年前

评论 #16991472 未加载

评论 #16991516 未加载

评论 #16993528 未加载

评论 #16991592 未加载

tylermenezes大约 7 年前

评论 #16991573 未加载

评论 #16991702 未加载

评论 #16991596 未加载

评论 #16991547 未加载

esya大约 7 年前

评论 #16992193 未加载

评论 #16992284 未加载

jloughry大约 7 年前

评论 #16991452 未加载

评论 #16991460 未加载

评论 #16993086 未加载

评论 #16991450 未加载

评论 #16991310 未加载

quickthrower2大约 7 年前

评论 #16991408 未加载

评论 #16992232 未加载

评论 #16991390 未加载

privacypoller大约 7 年前

CorpOverreach大约 7 年前

评论 #16991495 未加载

评论 #16991477 未加载

评论 #16991339 未加载

评论 #16991364 未加载

评论 #16997817 未加载

评论 #16991487 未加载

rjv大约 7 年前

评论 #16991527 未加载

评论 #16991896 未加载

评论 #16991564 未加载

评论 #16997767 未加载

nightcracker大约 7 年前

评论 #16991713 未加载

cddotdotslash大约 7 年前

评论 #16992217 未加载

threeseed大约 7 年前

评论 #16991501 未加载

评论 #16991309 未加载

CLGrimes大约 7 年前

troydavis大约 7 年前

评论 #17006515 未加载

emddudley大约 7 年前

This is GDPR noncompliance as a service...

评论 #16991655 未加载

esya大约 7 年前

评论 #16992137 未加载

sbuk大约 7 年前

judge2020大约 7 年前

评论 #16991362 未加载

vemv大约 7 年前

Anyone can expand on what "vindictive reporting from no-win-no-fee legal firms" would exactly consist of?

评论 #16991397 未加载

评论 #16991370 未加载

hartator大约 7 年前

I wonder if you can do something like this directly in Cloudflare.

评论 #16991799 未加载

corobo大约 7 年前

Another site going with the light grey on white text theme. What happened to the accessibility binge everyone was on a few years back :(

cdancette大约 7 年前

kruhft大约 7 年前

"God Damn Protection Racket"

pietroglyph大约 7 年前

This appears to be Javscript based... Assuming then that it works on the client side, I wonder how long it will take for someone to release a browser plugin to bypass it.

评论 #16992118 未加载

drivingmenuts大约 7 年前

Argh. Just sent a note to a game company I did some work for that they need to be aware of this.Might have to shut off access to the game for the EU.Dammit.

shiado大约 7 年前

Are European TOR users protected under GDPR? What about VPN users? Seems like IP-based services might be tricky.

tscs37大约 7 年前

Is there some example page I can look at to see if this even works?

rdiddly大约 7 年前

You spelled "avoidance" wrong...

asn1parse大约 7 年前

lol fqdn registered on 2018-04-24? gmafb

评论 #16991571 未加载

评论 #16991598 未加载