Linked by Thom Holwerda on Fri 25th May 2018 20:23 UTC
Legal

This article is terrible, and clearly chooses sides with advertisers and data harvesters over users - not surprising, coming from Bloomberg.

For some of America's biggest newspapers and online services, it's easier to block half a billion people from accessing your product than comply with Europe's new General Data Protection Regulation.

The Los Angeles Times, the Chicago Tribune, and The New York Daily News are just some telling visitors that, "Unfortunately, our website is currently unavailable in most European countries."

With about 500 million people living in the European Union, that's a hard ban on one-and-a-half times the population of the U.S.

Blanket blocking EU internet connections - which will include any U.S. citizens visiting Europe - isn't limited to newspapers. Popular read-it-later service Instapaper says on its website that it's "temporarily unavailable for residents in Europe as we continue to make changes in light of the General Data Protection Regulation."

Whenever a site blocks EU users, you can safely assume they got caught with their hands in the user data cookie jar. Some of these sites have dozens and dozens of trackers from dozens of different advertisement companies, so the real issue here is even these sites themselves simply have no clue to whom they're shipping off your data - hence making it impossible to comply with the GDPR in the first place.

The GDPR is not only already forcing companies to give insight into the data they collect on you - it's also highlighting those that simply don't care about your privacy. It's amazing how well GDPR is working, and it's only been in effect for one day.

Thread beginning with comment 657484
To view parent comment, click here.
To read all comments associated with this story, please click here.
TemporalBeing
Member since:
2007-08-22

"The problem with the GDPR, however, is that it is written to apply to any EU Citizen regardless of where they are.


Why do people keep writing this FUD?

EU law -inkluding GDPR- covers things *in the EU*. If the data is in the EU, it is covered by EU law. If it is in the US it is covered by US law. I really isn't that hard to understand.
"

GDPR is written around protecting the privacy of EU citizens and does not limit itself to data stored within the EU.

So if you are a US company and you have an EU citizen access your service, then the GDPR views your service as within the scope of the GDPR, regardless of whether the EU citizen accessed the service from within an EU country or if they were traveling abroad and accessing your service from another country (f.e from within the US or even Australia).

That is then the problem - how does one identify an EU citizen to differentiate them from a non-EU citizen? Since you can't easily differentiate the GDPR has to be applied globally in order to ensure 100% compliance unless you block (or put it on the user to self-verify and then block) EU citizens.

Now some may say online companies have been ignoring various laws around the globe - but that's not really the case. They follow the laws of where they are established. We see the hustle around the GDPR because it is so broadly scoped and tries to encompass every jurisdiction that an EU citizen may enter - thereby bringing in companies that previously ignored the EU because they had no business relationship with the EU unless an EU citizen reached out across borders to create such a relationship - f.e a company entirely hosting their site and operating within the US or Australia but having an EU citizen do business with them because they can access the site over the Internet, not because they are purposely seeking to do business with an EU citizen.

Reply Parent Score: 0

TheForumTroll Member since:
2018-04-28

So if you are a US company and you have an EU citizen access your service, then the GDPR views your service as within the scope of the GDPR, regardless of whether the EU citizen accessed the service from within an EU country or if they were traveling abroad and accessing your service from another country (f.e from within the US or even Australia).


No. If the service is in the US and the person accessing it is in Australia, then neither the person or the data is covered by GDPR, no matter where the person is born. Have you even looked at GDPR? It says nothing even remotely like this.

For GDPR to cover anything "US" it has to be a service for people in the EU (like facebook.com/de) from a business that has a presence in the EU, like facebook does. It is covered because the data is *in the EU*.

At least read it before you spread FUD.

Reply Parent Score: 1

TemporalBeing Member since:
2007-08-22

"So if you are a US company and you have an EU citizen access your service, then the GDPR views your service as within the scope of the GDPR, regardless of whether the EU citizen accessed the service from within an EU country or if they were traveling abroad and accessing your service from another country (f.e from within the US or even Australia).


No. If the service is in the US and the person accessing it is in Australia, then neither the person or the data is covered by GDPR, no matter where the person is born. Have you even looked at GDPR? It says nothing even remotely like this.

For GDPR to cover anything "US" it has to be a service for people in the EU (like facebook.com/de) from a business that has a presence in the EU, like facebook does. It is covered because the data is *in the EU*.

At least read it before you spread FUD.
"

Problem is, corporate training provided by people that have dissected the GDPR *are* talking about it that way because the GDPR is centered around the EU Citizen (not birthplace, but citizenship), not where they are accessing it from or where the services are provided from.

Essentially, if you store data on an EU Citizen you are under the GDPR, regardless of how you got that data or from where. Doesn't matter if the EU Citizen gave it to you while they were in the EU or not; doesn't matter if you directed your services at EU citizens or not.

So if you only have a mycompany.us website (e.g TLD for US-oriented websites, though it's almost never used) and someone from Denmark creates an account while visiting Australia or South Dakota, then you fall under the GDPR. (FWIW, this is why regional blocking IPs doesn't really gain you compliance.)

Reply Parent Score: 2