Lack of interest Enable/disable GDRP features by geography

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
MySiteGuy

MySiteGuy

Well-known member
I would like to see the use of either mod_geoip2/mod_maxmind environment variables or PHP's geoip functions to allow admins the option of turning on GDPR related features only if the user is viewing the site from an EU IP address.
 
Upvote 3
This suggestion has been closed. Votes are no longer accepted.
Incorrect. GDPR does not apply to EU citizens, it applies to EU data subjects. That's why it covers a US citizen when they travel to the EU, but not visa versa.

Art. 3 GDPR Territorial scope
  1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
  2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
    1. the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
    2. the monitoring of their behaviour as far as their behaviour takes place within the Union.
  3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

Its very important to me in the USA, and I know of others, some on this forum, who want the same. This feature is already available via plugins in WordPress, Drupal, etc.
 
The thing is, you can't use an IP address as a basis for where a user is. I've said this before, I can change my IP address to make it look like I'm in just about any country I like with 2 clicks of my mouse. That can work in either direction. I can make it look like I'm in the EU, or like I'm in the US.

Granted, there's an argument that you've done your due diligence, but it hasn't been tested and I wouldn't want to be the one it's tested on.
 
Snog said:
The thing is, you can't use an IP address as a basis for where a user is. I've said this before, I can change my IP address to make it look like I'm in just about any country I like with 2 clicks of my mouse. That can work in either direction. I can make it look like I'm in the EU, or like I'm in the US.

Granted, there's an argument that you've done your due diligence, but it hasn't been tested and I wouldn't want to be the one it's tested on.
Click to expand...

The major geo ip databases let you know when someone is visiting via proxy (A1 country code) or satellite (A2 country code).
 
ftsservice said:
The major geo ip databases let you know when someone is visiting via proxy (A1 country code) or satellite (A2 country code).
Click to expand...
A2 is actually by "Satellite" communications. A1 is only if it's detected as a proxy. Not all proxies are detected.
 
Google uses geolocation data as part of their GDPR compliance measures with Adsense and other product offerings, but perhaps you know the law better than them?

If you don't like the suggestion, why not simply allow the thread to be here for those who might instead of nitpicking it to death? No one is going to force you to use such a feature.
 
ftsservice said:
Google uses geolocation data as part of their GDPR compliance measures with Adsense and other product offerings, but perhaps you know the law better than them?

If you don't like the suggestion, why not simply allow the thread to be here for those who might instead of nitpicking it to death? No one is going to force you to use such a feature.
Click to expand...

This is a forum, and threads are usually posted and a discussion takes place. Just because someone does not agree with a suggestion that don’t mean they are nitpicking.
 
ftsservice said:
Google uses geolocation data as part of their GDPR compliance measures with Adsense and other product offerings, but perhaps you know the law better than them?

If you don't like the suggestion, why not simply allow the thread to be here for those who might instead of nitpicking it to death? No one is going to force you to use such a feature.
Click to expand...
Well Ok then. I guess input isn't welcome in this thread. I'll not post here again.
 
ftsservice said:
Incorrect. GDPR does not apply to EU citizens, it applies to EU data subjects. That's why it covers a US citizen when they travel to the EU, but not visa versa.

Art. 3 GDPR Territorial scope
  1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
  2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
    1. the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
    2. the monitoring of their behaviour as far as their behaviour takes place within the Union.
  3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

Its very important to me in the USA, and I know of others, some on this forum, who want the same. This feature is already available via plugins in WordPress, Drupal, etc.
Click to expand...

Don't forget about Recitals 2 and Recitals 14:

Recitals 2
The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should, whatever their nationality or residence, respect their fundamental rights and freedoms, in particular their right to the protection of personal data. This Regulation is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.
Click to expand...

Recitals 14
The protection afforded by this Regulation should apply to natural persons, whatever their nationality or place of residence, in relation to the processing of their personal data. This Regulation does not cover the processing of personal data which concerns legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person.
Click to expand...
 
ManagerJosh said:
Don't forget about Recitals 2 and Recitals 14:

Recitals 2


Recitals 14
Click to expand...

I didn't forget.

Their nationality or residence doesn't matter, but their location when their behaviour takes place within the Union does. That's why a non-EU citizen while in the EU is covered when their behaviour takes place within the Union.

Scan GDPR, you'll find no behavior outside the EU by the individual is covered.* Only by data processors outside the EU if they have a domicile in the EU or target EU residents for products and services.


*If you can, please cite it.
 
So what if I live in Germany, but the server I connect through at work is based out of the US and my IP is showing as such?
 
ozzy47 said:
So what if I live in Germany, but the server I connect through at work is based out of the US and my IP is showing as such?
Click to expand...

Regional language code from the browser is passed in the header "Accept-Language:". For instance, Great Britain's English is distinguished from other's by "EN-GB". USA = EN-US, Canada = EN-CA
 
ftsservice said:
I didn't forget.

Their nationality or residence doesn't matter, but their location when their behaviour takes place within the Union does. That's why a non-EU citizen while in the EU is covered when their behaviour takes place within the Union.

Scan GDPR, you'll find no behavior outside the EU by the individual is covered.* Only by data processors outside the EU if they have a domicile in the EU or target EU residents for products and services.


*If you can, please cite it.
Click to expand...

Honestly, the lawyers are still debating this. There are camps on that says it's based on where the person is at the time to based on the intent in the recitals it is based on a EU citizenship.

Plus there's debate too on what determines how a processor knows such behavior is done within outside the EU.

For example, one of my mobile hotspots occasionally exists out of the UK from time to time even though physically I'm in the US.
 

Similar threads

S
User option to enable/disable a User Group: Resolved
Replies
2
Views
861
Orit
Orit
I
XF 2 Showcase Add-On (big job)
Replies
6
Views
2K
Bob
Bob
Ozzy47
Add-on [OzzModz] Advanced ACP Beta Testers
Replies
2
Views
1K
Ozzy47
Ozzy47
Wildcat Media
  • Suggestion Suggestion
Implemented Disable Markdown as an Option
Replies
7
Views
2K
AbuGhaith
AbuGhaith
Alpha1
  • Suggestion Suggestion
Lack of interest Usergroup Permission: Disallow Bad/Questionable Host
Replies
0
Views
463
Alpha1
Alpha1
Top Bottom