from Hacker News

Our startup received GDPR violation “notice”

by jitbit on 8/28/23, 4:00 PM with 28 comments

• by ajmurmann on 8/28/23, 5:08 PM

  Would it be a crazy move for an early-stage startup to block access from the EU till product-market fit is established and one can focus on expansion and more compliance?

• by kwhitefoot on 8/28/23, 5:25 PM

  > The tricky part is that it's not just for EU citizens, but anyone in the EU.

  Why is this regarded as tricky? Laws generally apply to everyone in the jurisdiction not just citizens; why should it be tricky or surprising that this is also the case for laws regulating activities on the Internet?

• by brycewray on 8/28/23, 5:23 PM

  FWIW:

  - https://github.com/google/fonts/issues/1495

  - https://github.com/google/fonts/issues/5537

• by gochi on 8/28/23, 5:12 PM

  That's funny, demanding the scammer pay more after finding out their scam site uses google fonts too.

• by ericfrazier on 8/28/23, 5:31 PM

  That's the trick, make yourself bulletproof from lawsuits by having no money or assets and you can do as you like.

• by LaundroMat on 8/29/23, 5:31 AM

  If you're worried about GDPR or your users' privacy when using Google Fonts, someone wrote privacy-friendly drop-in replacement at https://github.com/coollabsio/fonts

• by playday on 8/28/23, 4:52 PM

  Using Google fonts is a type of fraud since most users don’t know that you’re giving Google some of their Pii.

  Thankfully it’s easy to block with noscript. Too bad for people who don’t have technical knowledge or have other limitations that prevent them from protecting themselves from personal information theft.

• by varispeed on 8/28/23, 5:40 PM

  > In January 2022, a German court in Munich did establish a precedent - they deemed the use of Google Fonts a GDPR violation. The website owner had shared IP addresses with Google without getting users' consent first. And because IP addresses are apparently "PII" or Personally Identifiable Information, the result was... a whopping 50 euro fine for the webmaster.

  As predicted. Busy bodies going after low hanging fruit and bullying small business while big corporations can basically ignore GDPR - the fines if ever comes to it is just a cost of running business.

• by kstrauser on 8/28/23, 5:14 PM

  > After all I'm actually in the European Union, while he's just a little peice of... (that's where I inserted a bunch of Serbian curse words that I had to google).

  That’s a bad look. Swap “United States” for EU there to see what I mean. If you’d said “you’re not in the EU so you don’t have legal standing here”, cool.