Saturday 20th October 2018

New GDPR services are helping websites block all traffic originating from the EU

GDPR Shield offers a subscription service that helps webmasters concerned about potentially crippling fines block all EU traffic.
Jason Smith
by on 7th May 2018

Very few regulations have created as much opportunity for online consultants and commentators as GDPR in recent years, and some newer services are helping webmasters navigate GDPR compliance by simply blocking all internet traffic originating from the EU.

GDPR Shield is one such service and it works by providing a JavaScript snippet that detects the IP address of inbound traffic. If a user is detected as originating from the EU then they’ll be blocked from accessing the website.

At this stage it’s difficult to tell how many websites have taken advantage of this more clinical approach to GDPR compliance, however the emergence and seeming popularity of such services signals the extent to which webmasters are concerned about being caught out by the EU’s desire to safeguard user privacy.

GDPR Shield is reasonably priced at $9 per month. However, it does appear to be encountering teething problems; its website was down at the time of writing.

GDPR comes into effect on 25th May and corporations found in violation could face fines of up to 20 million EUR. Several large organizations, including Facebook and Google, have taken steps in recent months to make it easier for users to access the data each organization holds on them.

For example, Facebook has promoted its updated terms and conditions to its users; it is also expected to elaborate on a feature called “clear history” at its upcoming F8 conference.

Google meanwhile has sent emails to forewarn advertisers and publishers utilizing personalized ad targeting on actions they’ll potentially need to take to comply with GDPR, however several large publishers have criticized Google’s approach to GDPR compliance for being too eager to shift the burden of acquiring user consent onto publishers.

Several publishers that signed a letter addressed to Google CEO Sundar Pichai are, alongside Google, founding members of the Coalition for Better Ads.

It’s also particularly telling that even an organization with Google’s resources acknowledges the challenges and complexity in complying with GDPR. A Google spokesperson told Reuters, “We appreciate that there is a lot of confusion around the requirements of GDPR, so we are looking to help our publishers as much as we can”.

Aside from concerns about advertising, another service which may fall under the remit of GDPR is Google Analytics.

Ensuring Google Analytics is compliant is likely to the utmost concern for webmasters, however it’s open to interpretation as to how this works in practice.

While webmasters rarely collect personally identifiable information (PII) in Google Analytics, the scope of what is defined as PII by GDPR is broad.

This means URLs containing user details like email addresses or IP addresses could be potential issues of concern for webmasters.

As GDPR comprises 99 articles, corporations whose audiences are predominantly located outside the EU may increasingly decide that utilizing services like GDPR shield to block all EU traffic makes commercial sense.