Europe’s strict privacy law, the General Data Protection Regulation (GDPR), goes into effect today—and not everyone made the deadline. Many U.S. companies have reportedly blocked their sites in the region rather than make the necessary changes required to adhere to the rules.
Dozens of high-profile newspapers, including the Los Angeles Times, the New York Daily News, the St. Louis Dispatch, the Chicago Tribune, and the Orlando Sentinel can no longer be accessed in Europe. These sites are part of the Tronc and Lee Enterprises media publishing groups.
Readers in Europe are greeted with a message explaining that the service is temporarily unavailable. (If you’re in the U.S., you can test this by connecting to a VPN server in Europe.)
“Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the E.U. market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism,” some sites read.
Another error message references the GDPR.
“We recognise you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the E.U, which enforces the General Data Protection Regulation (GDPR) and therefore cannot grant you access at this time.”
Other U.S. publications, like the Washington Post and Time, require users to accept new terms. You’ve probably received dozens of emails over the past few months from various companies explaining changes made to their privacy policies and/or terms of service. Those were spurred by the GDPR, an ambiguous set of rules that will have a profound effect on companies who do business in the E.U., including many U.S. firms.
Shifting the balance of power back to users, the GDPR requires companies to gain clear consent before they can collect data. It also gives customers the right to request access to information companies store on them. They can then ask that certain information be deleted, corrected, or delivered in a portable form for download. Companies must also disclose any security breaches 72 hours after they are first discovered.
- GDPR prompts flood of terms of service update emails
- Facebook’s new privacy review notice protects itself—not you
- Mark Zuckerberg’s EU testimony was a huge waste of time
The GDPR was passed in April 2016, giving companies more than two years to prepare for them. The E.U.-wide blackouts indicate companies would rather stop offering their service to users than potentially face hefty penalties. If a company violates GDPR rules, even by failing to comply with a user’s data request, they face up to €20 million fines or 4 percent of their global revenue.
“It didn’t just fall from heaven,” Andrea Jelinek, chairwoman of the new European Data Protection Board, said in a statement, according to the New York Times. “Everyone has had plenty of time to prepare.”
Several other U.S. services, not only newspapers, also halted operations in Europe. TV broadcaster A&E Networks shut Europe out from watching A&E, History, and Lifetime channels. The digital ad company Drawbridge and bookmarking app Instapaper have also closed up shop.
The GDPR went live just days after Mark Zuckerberg testified before the European Parliament to reassure users and lawmakers in the region that their data is safe. Fear about how companies like Facebook, Google, and Amazon use the wealth of sensitive information they collect on users reached new heights earlier this year after Cambridge Analytica exploited the data of 87 million Facebook users.