The list's probably going to get a lot longer. I wonder how it's going to compare to the list of sites who block Europeans due to GDPR concerns. I've only ever noticed two sites that did that, even though the amount of noise from Americans was not insubstantial. The OSA is a lot more invasive than the GDPR though.
It’s not just the UK implementing age verification actively. 5 EU member states [0] are actively participating: Denmark, Greece, Spain, France [1], and Italy.
It puts a UK user in a weird situation. On one hand, the more countries that join in (and I've heard of US states too), the more likely it is that age verification becomes well supported and I continue having access to the wider world's internet. On the other hand, we've reached a very thick part of the wedge already: this is terrible for competition and I do not trust any state with this power.
The best path is one of calamitous implementation that scares off other countries and embarrasses this one into a u-turn. But it's increasingly unlikely.
Do keep in mind that the EUs approach is very different from the UK one.
The UK law is basically a "go figure it out", which inevitably leads to making shady deals with third parties that are now handling the data of citizens... privacy and data leakage issues abound.
The EU meanwhile is working on a whitelabel application that can confirm nothing other than "this user is above 18" (which they can do because the EU has national ID for basically anyone living in it. It also works for another set of age ranges, as the idea is to also use this to confirm stuff like buying alcohol) and is designed to be easy to implement for anyone without having to get approval from the EU first. (Technical specification is available here[0]). It's not perfect (last I saw, they're apparently tying it to Google Play Services for device verification), but it's a far better attempt than the UK/Australia are doing.
Are any countries in the EU a lot less online than the rest, to the point that this matters more than a few percentage points? Even grandmas in Eastern Europe have smartphones now, and I don't think the EU has expanded to Sub-Saharan Africa quite yet (unless you want to count Réunion).
How about when it’s a local site, they don’t really care about EU traffic? It’s too much “pointless” effort to comply such as having EU servers to process user data, extra code to show the ugly cookie consent, and privacy policy and terms of service that would comply with GDPR.
Or perhaps just don't use sketchy 3rd party advertising and analytics? You can always offer companies to send you PNG's of ads and serve them to the user without any of this. You can always analyze server logs to see which pages are the most popular, without deanonymizing the users. It's how some news agencies in the EU already do.
I wish I knew what's going through the minds of the people who approve all these analytics partners. I've not been able to effectively argue even against the use of "consent or pay" in EU apps and websites, despite "the European Data Protection Board released a non-binding opinion stating that in most cases, consent-or-pay models do not constitute valid consent within the meaning of the GDPR." - https://en.wikipedia.org/wiki/Consent_or_pay
If you are a local site by a local company on the other side of the world you don't need to block anyone, you just ignore foreign laws.
In the case of those news sites, though I suspect that most are owned by large multinational companies whose lawyers advised that blocking EU visitors is the only 100% sure way to avoid hypothetical retaliations by EU authorities.
If it's a local site then it's not subject to the GDPR. The GDPR applies to sites aimed at europeans.
However the privacy attacking malware they embed on there to mine data from their users would apply, and that's why they block it - because America allows abuse of their citizens data, but Europe doesn't.
Of course there is no enforcement for an entity attacking European citizens in this way so they could do it anyway, but like with cookie banners the point isn't to comply with a law, the point is to get citizens to blame the law rather than the abusers.
Invasive from the content providers' POV, yes. Mostly in good ways in my experience being on the other side of that, but its obviously not completely non-invasive, given that a few things happened after the GDPR came into effect. If it was completely non-invasive, then nothing would have happened, and there wouldn't have been any point in passing it. No point in passing a law you don't want to actually affect anything.
