Bumping a topic from a bit ago, but this came out recently in case anyone's interested:
https://www.dataprotectionreport.com/20 ... -the-gdpr/
What qualifies as offering goods and services?
The GDPR applies to entities that target data subjects in the EU with goods or services. Here, an entity only need an “intention” to offer goods and services to EU data subjects – there is no requirement that commerce or economic activity occurs. For example, if a company’s website displays languages or currencies commonly used in the EU, then that company would be targeting EU data subjects even if it never made a sale in the EU. One limited example is provided of where this intention is not manifest and that is when a US citizen uses a US news app while traveling in the EU.
The Guidelines also give a list of nine factors that can be taken into account in determining where an intention to offer goods and services exists, including: whether an EU member state is designated by name, advertising campaigns in the EU, the international nature of the activity, mention of addresses or phone numbers reachable from an EU country, use of a top level EU domain name, description of travel instructions from the EU to the services, mention of international clientele or customers in the EU, use of language or currency commonly used in the EU, and whether goods are delivered in EU countries.
What meets the threshold for monitoring EU Data Subjects?
The GDPR applies when entities monitor the behavior of EU data subjects when that behavior takes place in the EU. Per the EDPB, ‘monitoring’ implies that the Controller has a “specific purpose in mind for the collection and subsequent reuse of the relevant data about an individual’s behavior within the EU.” Examples of monitoring behavior include the use of common online tools such as cookies, geolocation tracking, and behavioral advertising but also offline monitoring such CCTV.
emphasis is mine. Done to point out things likely relating to forums. Is English considered a common language used in the EU? Also, are moderators considered as "employees" of a forum? Does that mean to fall out of the scope, any EU based moderator or admin would have to be demoted/dropped?
tl;dr for those not interested in reading the article, the EU's throwing a globalist temper tantrum and asserting that it has power that it doesn't have again.