Linked by Thom Holwerda on Fri 25th May 2018 20:23 UTC
Legal

This article is terrible, and clearly chooses sides with advertisers and data harvesters over users - not surprising, coming from Bloomberg.

For some of America's biggest newspapers and online services, it's easier to block half a billion people from accessing your product than comply with Europe's new General Data Protection Regulation.

The Los Angeles Times, the Chicago Tribune, and The New York Daily News are just some telling visitors that, "Unfortunately, our website is currently unavailable in most European countries."

With about 500 million people living in the European Union, that's a hard ban on one-and-a-half times the population of the U.S.

Blanket blocking EU internet connections - which will include any U.S. citizens visiting Europe - isn't limited to newspapers. Popular read-it-later service Instapaper says on its website that it's "temporarily unavailable for residents in Europe as we continue to make changes in light of the General Data Protection Regulation."

Whenever a site blocks EU users, you can safely assume they got caught with their hands in the user data cookie jar. Some of these sites have dozens and dozens of trackers from dozens of different advertisement companies, so the real issue here is even these sites themselves simply have no clue to whom they're shipping off your data - hence making it impossible to comply with the GDPR in the first place.

The GDPR is not only already forcing companies to give insight into the data they collect on you - it's also highlighting those that simply don't care about your privacy. It's amazing how well GDPR is working, and it's only been in effect for one day.

Permalink for comment 657476
To read all comments associated with this story, please click here.
RE: Reality Check
by daveak on Sun 27th May 2018 21:30 UTC in reply to "Reality Check"
daveak
Member since:
2008-12-29


The GDPR also seems to overreach in terms of what it considers PI, particularly IP addresses - which seems more than a little excessive, since an IP address CAN be personally-identifiable when combined with ADDITIONAL information, but not on its own. Not to mention the fact that there are signficant, legitimate technical reasons to retain IP addresses in server logs. And I know of many businesses that have websites, but don't have the technical resources to scrub logs of IP addresses on-request (and certainly don't have the financial resources to pay someone to do it for them, at least with any kind of frequency).


Retaining IP addresses in logs? You are probably ok with doing so. The right to erasure is not absolute. You are processing IP addresses as part of the service you provide, i.e. a website, failing that you have a legitimate interest, and therefore need to see what IP accessed when so you can investigate intrusions etc. This technical basis is a good enough. If however you are taking your logs and selling on information about the pages people visit GDPR is intended to stop such abuses.

Take a look at what the UK ICO (they are the body who will take action here if there is a breach) has to say: https://ico.org.uk/for-organisations/guide-to-the-general-data-prote... you can even refuse if it will be too much work or charge for doing so, e.g. scrubbing your log files.

Reply Parent Score: 4