Still, using ip addresses to try to determine where a request is originating from is not a good idea. I'm also not intending to bypass a block, I just happen to be in a network right now that that doesn't have a public ip in the EU, I'm using the internet as intended, the fact that ips sometimes correspond to geography is mostly accidental.
dogma1138|7 years ago
And again using or not using the internet as intended isn’t the issue here but rather if they intend to provide services to the EU or not a message saying EU users should leave in the same manner as age conscent is verified is technically sufficient to indicate that you do not provide service to EU residents, geoblocking the IP also sufficient even if it’s not perfect.
nmjohn|7 years ago
How else should they do it? I concede it is not foolproof nor ideal - but for websites which you've not provided your location to yourself, how is it possible for them to determine whether or not you are in Europe?
dogma1138|7 years ago
You can maintain the records of an IP address (as well as other PII) for business needs e.g. security or to enforce other requirements such as geoblocking even without explicit consent of the user it's all about why you and what do you with it which is why legal/lawful grounds exist.
https://ico.org.uk/for-organisations/guide-to-the-general-da...
Also for the most part if you do not have a lawful basis for collecting or processing PII consent is not a sufficient reason to so.