Comment by quickthrower2
3 years ago
If it is physical location, that is something you cannot possibly know for a user, due to VPNs. You might know that a person is logged in and registered with a US address, but you don't know if they are traveling (they might even VPN via the US because it is convenient for work).
So I guess you need to assume this applies for all visitors.
I think that's correct; and I suspect it was intentional.
I strongly disapprove of extraterritorial legislation (a US specialty). But in the case of the GDPR, if you want to regulate internet activity, then you more-or-less have to go extraterritorial.