GDPR

Some people (mostly provider from EU (in this page, it includes UK because brexit provisions made EU GDPR into UK domestic law) where GDPR is their law) asks me to comply with GDPR in my services; while their law states their law extends to me because I happen to handle EU person's data, that does not make sense to me because it is too wide of a extraterritorial application of law, and that I already have my own 'Personal Information Protection Act' in my country, since 2012. Also, most of my service is generally targeted at Korean people, and rest of the World is accepted just because there are either Korean (either as a nationality, or as a language speaker) is present everywhere — and I also travel outside Korea. After all, EU has no means to force me to court in EU country and face penalty, other than by my voluntary submission.

So my stance on GDPR is: while I mostly accept the principle of GDPR (excluding that fucked up bullshit cookie notice), I refuse to be bound by EU law. If you want to exercise your privacy right, you will need to cite Korean Personal Information Privacy Act clauses, and use K-PIPA forms and procedures to get it done. (Note PIPA is GDPR adequate as of the publication of this post.)