Blocking 500 Million Users Easier Than Complying With GDPR
by Nate Lanxon
(Bloomberg) — For some of America’s biggest newspapers and online services, it’s easier to block half a billion people from accessing your product than comply with Europe’s new General Data Protection Regulation.
The Los Angeles Times, the Chicago Tribune, and The New York Daily News are just some telling visitors that, “Unfortunately, our website is currently unavailable in most European countries.”
With about 500 million people living in the European Union, that’s a hard ban on one-and-a-half times the population of the U.S.
Blanket blocking EU internet connections — which will include any U.S. citizens visiting Europe — isn’t limited to newspapers. Popular read-it-later service Instapaper says on its website that it’s “temporarily unavailable for residents in Europe as we continue to make changes in light of the General Data Protection Regulation.”
A&E Television Networks has narrowed its EU blockade to limit the damage to its audience. Websites for its History and Lifetime channels greet the European visitors with a message that its “content is not available in your area,” whereas the website for youth-focused Viceland remains accessible.
“Denying service to EU citizens does not absolve them of their responsibilities,” says Julian Saunders, chief executive officer of Port, a U.K. startup selling software that helps clients control who gets access to data and creates audit trails to monitor privacy. “They still hold data on EU citizens and therefore they are required to comply and respond to subject access requests like everyone else.”
The newspapers and A&E didn’t immediately respond to emailed requests for comment outside regular office hours.
Privacy has moved from a niche topic to one of the biggest headaches for top bosses such as Facebook Inc. founder Mark Zuckerberg, who this week was grilled by EU lawmakers about how the data of some 87 million users and their friends may have been shared with a consulting firm with links to Donald Trump’s U.S. presidential campaign.
Cambridge Analytica whistle-blower Christopher Wylie was not impressed. And it did little to slow down Austrian law graduate Max Schrems, who made good on his promise to file lawsuits against Facebook, the social media giant’s WhatsApp and Instagram, as well as Alphabet Inc.’s Google. They face four complaints, which accuse them of violating the EU’s new privacy rules by forcing users to agree to new privacy policies.
Lawmakers in Europe this week restated its inflexible stance on corporate data responsibility — part of the reason some services have decided shutting up shop for EU citizens, even temporarily, is the lesser of two evils. The other being potential fines of up to 4 percent of their global annual revenue.
Speaking to reporters Thursday, Andrea Jelinek, who’s in charge of policing GDPR, said, “If there are reasons to warn we will warn, if there are reasons to reprimand, we will do that and if we have reasons to fine, we are going to fine.”
GDPR “didn’t just fall from heaven,” Jelinek said in an email in response on Friday. “Everyone had plenty of time to prepare.”
While the immediate impact of GDPR is most readily visible on the homepages of international newspapers and other media outlets, it’s unlikely to stop there, said Sofie Willmott, an analyst for GlobalData.
‘‘Retailers must also be prepared to lose a sizable proportion of their customer database as subscribers ignore communications to opt in to receiving marketing messages or choose to take the opportunity to opt out in order to declutter their inbox,” she said.