undefined | Better HN

0 pointsmminer2373y ago0 comments

No, but that's irrelevant. It's illegal for an American to host a home server with EU visitors for the same reason it's illegal for them to use AWS or Google Analytics. A GDPR-compliant website can't embed Google Analytics or Google Fonts or a US-hosted image because then the host could log those IP addresses and the host could be subject to a US warrant. Likewise, a GDPR-compliant site can't be operated or hosted by an American because then the operator/host could be logging visitor IP addresses and be subject to a warrant and be compelled to give the government the evidence.

0 comments

jhgb3y ago

> Likewise, a GDPR-compliant site can't be operated or hosted by an American because then the operator/host could be logging visitor IP addresses

Because you "could" be logging visitor IP addresses? First, why would you have to log them? Is this a legal requirement in the US? You can't serve a page over HTTP unless you log a crapton of stuff for the government? And second...I don't believe it's illegal to log IP addresses under GDPR as log as the user consents to it...or is it?

mminer237OP3y ago

Yes, the EU says it's illegal if you could be logging them, regardless of whether you are or not.

And yeah, it's not illegal if a user consent to it, but the issue is that the user has to connect (with their IP address) to give you his consent or not. That's why I said theoretically you could use some international service to handle all primary routing and get users to waive their rights under the GDPR before connecting to your website proper, but I'm not aware of such a service at this time.

jhgb3y ago

> Yes, the EU says it's illegal if you could be logging them, regardless of whether you are or not.

Wait, what? Where do they say that?

> That's why I said theoretically you could use some international service to handle all primary routing and get users to waive their rights under the GDPR before connecting to your website proper

Why would you do such a complicated thing?

j / k navigate · click thread line to collapse

0 comments

jhgb3y ago

> Likewise, a GDPR-compliant site can't be operated or hosted by an American because then the operator/host could be logging visitor IP addresses

mminer237OP3y ago

Yes, the EU says it's illegal if you could be logging them, regardless of whether you are or not.

jhgb3y ago

> Yes, the EU says it's illegal if you could be logging them, regardless of whether you are or not.

Wait, what? Where do they say that?

> That's why I said theoretically you could use some international service to handle all primary routing and get users to waive their rights under the GDPR before connecting to your website proper

Why would you do such a complicated thing?

j / k navigate · click thread line to collapse