Happy GDPR Day – but not for some US websites
BRUSSELS: The EU’s flagship new data protection laws came into effect on Friday but hit an early hitch as several major US news websites were blocked to European users.
The Los Angeles Times and Chicago Tribune newspapers were among those inaccessible on the other side of the Atlantic following the entry into force of the General Data Protection Regulation (GDPR).
Separately Facebook and Google already face their first legal cases under the new law after an Austrian privacy campaigner accused them of effectively forcing users to give their consent to the use of their personal information.
The EU has billed the GDPR as the biggest shake-up of data privacy regulations since the birth of the web, saying it sets new standards in the wake of the recent Facebook data harvesting scandal.
But it has also been blamed for a flood of emails and messages in recent weeks as worried firms rush to request the explicit consent of users.
It led to the hashtag #HappyGDPRDay taking off on social media as people sarcastically celebrated the end of the deluge of spam.
Even though the rules were officially adopted two years ago, with a grace period until now to adapt to them, companies have been slow to act, resulting in a last-minute scramble this week.
Companies can be fined up to 20 million euros ($24 million) or four percent of annual global turnover for breaching the strict new data rules for the EU, a market of 500 million people.
Several firms experienced real-world problems over complying with the EU laws, with US newspapers owned by the Tronc group, formerly known as Tribune Publishing, saying that they were blocked to Europeans for now.
“Unfortunately, our website is currently unavailable in most European countries,” said the message carried by the LA Times, Chicago Tribune, New York Daily News, Baltimore Sun and Orlando Sentinel.
“We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.”
Local US newspapers owned by Lee Enterprises, including the St. Louis Post Dispatch and Arizona Daily Sun, were also out of reach, explicitly blaming the GDPR.
The European Commission insisted that it was not responsible for the blackout of some US sites, saying it was “proud to set high data protection standards” for the bloc’s 500 million citizens.
“We have seen the press reports, but it is not for the Commission to comment on individual companies’ policies in terms of offering services in the EU,” a spokesman said in an emailed comment to AFP.
“We expect all companies to fully comply with the General Data Protection Regulation as of today. With the new rules in place, EU data protection authorities will watch over their correct application across the EU and ensure full compliance.”
Meanwhile campaigner Max Schrems said he had launched four court cases on Friday under the new law.
They target Google in France, picture-sharing site Instagram in Belgium, WhatsApp in Germany and Facebook in his native Austria.
A previous case brought by Schrems against Facebook triggered the collapse of a previous EU-US data sharing agreement.
Brussels says the new laws put Europeans “back in control” of their data.
“When it comes to personal data today, people are naked in an aquarium,” said EU Justice Commissioner Vera Jourova.
The law says individuals must explicitly grant permission for their data to be used. It also establishes their “right to know” who is processing their information and what it will be used for; and gives them the “right to be forgotten”.
Parents will decide for children until they reach the age of consent, which member states will set anywhere between 13 and 16 years old.
The case for the new rules has been boosted by the recent scandal over the harvesting of Facebook users’ data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.
Facebook chief Mark Zuckerberg said as he apologised to the European Parliament on Tuesday over the scandal that his firm will be “fully compliant” with the EU law.