2

Let's say I have a service that asks registration details from the user and for some reason I, as a provider of that service, can't comply to GDPR and therefore want to refuse registration of new users protected by GDPR or similar law. Is it possible to add a clause in the registration form requiring user to cancel registration of their new account if they are covered by GDPR (or, better, any similar law)?

For simplicity let's assume that I don't have to worry about existing users.

Update: I see similar question that seeks to achieve the same effect by means of introducing filters or by other disruptive means, this is different as it relies on EULA that user should accept before proceeding to use the website.

Alex
  • 135
  • 4

4 Answers4

3

Yes, you could do this be means of the EULA, provided you are not in the EU yourself.

You only have to comply with the GDPR if you are offering a product or service to people that are in the EU. If you are making it clear that whatever you offer is not available to Europeans, you make your site exempt from the GDPR.

Free Radical
  • 3,322
  • 16
  • 28
2

Technically blocking EU ips may fall under article 22 section 1:

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

And to scope: Article 3 section 2:

This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

So by processing a users ip to designate whether or not they can access a website violates article 3 section 2.b. And more than likely violates article 22 section 1.

Shinrai
  • 403
  • 2
  • 8
2

You can outright refuse service to EU citizens. What you can't do is offer them service but only if they accept your terms which include processing their data for non-essential reasons. But an outright block is fine.

user
  • 1,896
  • 1
  • 11
  • 23
0

I don't think this will achieve what you want to achieve. It's well known that a general rule users don't read anything.

So whatever you write on your registration form, users from EU countries where the GDPR applies will register for the service if they want to.

I don't see any reason to think that the fact that they didn't follow the registration instructions would prevent the GDPR being enforced against you if you don't comply with it.

bdsl
  • 1,122
  • 9
  • 17