What percentage of United States retailers have decided to block European visitors from reaching their websites?

BCLP
Contact
LinkedIn
Facebook
X
Send
Embed

25%

There are two situations in which the GDPR purports to apply extraterritorially to companies that have no contact to the European Union. The first situation, described in Article 3(2)(a) of the GDPR, occurs when a company that has no contacts with the European Union “offer[s] goods or services” to a person that is located in the European Union.  The second situation, described in Article 3(2)(b) of the GDPR, occurs when a company that has no contacts with the European Union “monitor[s]” the “behaviour” of someone “as far as their behaviour takes place within the Union.”1 

While the GDPR implies that merely having an internet website that is accessible to European Union residents is not enough for the GDPR to attach, there is uncertainty about whether a European supervisory authority might attempt to apply the GDPR to a website that is accessible to European Union residents.  Some companies have attempted to mitigate that risk by geofencing their websites – i.e., blocking any individual from visiting their website from a European IP address.

In order to help companies understand and benchmark industry practices, BCLP randomly selected a sample of 33% of the Fortune 500 companies identified as being predominantly within the “retailing” sector and then visited their homepages from a server with an IP address in the United States and from a server with an IP address in Europe.2  As of January 13, 2020, 25% of Fortune 500 retailers had blocked their websites from being visited by European IP addresses.3

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. GDPR, Article 3(2)(b).

2. Websites were visited from as server in Paris France with the following IP: 139.28.219.252.

3. Note that some companies in the survey population maintain multiple homepages.  For example, a corporation might own several different retail brands.  The survey focused only on the homepage of the corporate parent (if available) and did not analyze brand-specific practices.  If no corporate homepage was available the survey reviewed the website of the company’s most prevalent brand.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BCLP | Attorney Advertising

Written by:

BCLP
BCLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide