Linked by Thom Holwerda on Fri 25th May 2018 20:23 UTC
Legal

This article is terrible, and clearly chooses sides with advertisers and data harvesters over users - not surprising, coming from Bloomberg.

For some of America's biggest newspapers and online services, it's easier to block half a billion people from accessing your product than comply with Europe's new General Data Protection Regulation.

The Los Angeles Times, the Chicago Tribune, and The New York Daily News are just some telling visitors that, "Unfortunately, our website is currently unavailable in most European countries."

With about 500 million people living in the European Union, that's a hard ban on one-and-a-half times the population of the U.S.

Blanket blocking EU internet connections - which will include any U.S. citizens visiting Europe - isn't limited to newspapers. Popular read-it-later service Instapaper says on its website that it's "temporarily unavailable for residents in Europe as we continue to make changes in light of the General Data Protection Regulation."

Whenever a site blocks EU users, you can safely assume they got caught with their hands in the user data cookie jar. Some of these sites have dozens and dozens of trackers from dozens of different advertisement companies, so the real issue here is even these sites themselves simply have no clue to whom they're shipping off your data - hence making it impossible to comply with the GDPR in the first place.

The GDPR is not only already forcing companies to give insight into the data they collect on you - it's also highlighting those that simply don't care about your privacy. It's amazing how well GDPR is working, and it's only been in effect for one day.

Permalink for comment 657497
To read all comments associated with this story, please click here.
RE[3]: Reality Check
by daveak on Mon 28th May 2018 09:35 UTC in reply to "RE[2]: Reality Check"
daveak
Member since:
2008-12-29

Yep, this is the problem with GDPR, so many consultants try to make money by scaring people. Again, coming from a UK perspective as stated by the ICO, common sense will be applied, if you are in breach, so long as you can demonstrate you are moving towards compliance (and the breach is small enough) you will be ok, do the same thing again and you may face a tougher response.

Spamcop is an interest example. Probably a weak argument, but I would say they are acting as a data processor, with you as the data controller so allowable, although without a contract stating this it probably wouldn't stand up in court. You could also state that it is a requirement for the service, i.e. without it your email server could not work due to the volume of spam, or most likely to hold up, you have a legitimate interest in using Spamcop.

Simple answer is document your processes, providing evidence as to why you are processing any personal information you have, and see which of the 6 basis apply for doing so.

Subject access requests have the same caveat as the right to erasure. Under GDPR you are no longer allowed to charge an admin fee, however you are allowed to charge a fee if a large amount of work would be required, just like the right to erasure. Again, it is matter of being able to evidence why you need to charge.

Reply Parent Score: 2