It's been three years. Stop saying your European visitors are important to you
5 years ago
I live in Europe after growing up in the States. Every now and then, a link to an interesting news article is suggested to me. Clicking the link, I see this text:
Our European visitors are important to us.
This site is currently unavailable to visitors from the European Economic Area while we
work to ensure your data is protected in accordance with applicable EU laws.
For my European friends, try a link like <www.everythinglubbock.com> or <www.tristatehomepage.com> or <www.khon2.com> or <www.wtrf.com> or <www.wnct.com> or <www.fox46.com> ... or many of the other "local" news sources in the U.S. It's important to note: While these sites cover news in a particular region, we'd need to start calling each McDonald's a local burger joint under this classification.
At the bottom of each page: <https://www.nexstar.tv> - If you click this link, you are not geoblocked! In fact, there are a ton of statistics showing just how many resources this media group has at their disposal to address releasing news articles to Europe. Save a click. It's 4 billion USD revenue, over 100 news sites and TV stations, and a reach into two-thirds of American households. This is no mom and pop operation. They just don't---or maybe can't---care.
I only focused on one media group, but there are others. Here's a news article from the same year GDPR began enforcement two years after its introduction in 2016: <https://www.bbc.com/news/world-europe-44248448>
A little has changed, but not much! Chicago Tribune is finally available. NY Daily News? Can't access. Baltimore Sun or Orlando Sentinel? Also, no.
"Why are you complaining?" you might ask. "What is your goal?"
Besides the obvious---I'd like to read about the communities of my friends and former neighbors---I want two outcomes:
First, any giant search engine company with a news subdomain and 100,000 employees could stop suggesting/featuring geofenced articles to European residents. At least weight these results so they aren't the number one, front page feature. (Although in Google's defense, one can usually click the "Cached" button to get the linked story.)
Second, say something else. The people living across the Atlantic (and their pesky differences of opinion on privacy) can't possibly be more than an inconvenience at this point.
You are in Europe. Mind your own business.
---
Edit: First post. No idea how to get links to display properly even following "Formatting Options" instructions.
“We care about your privacy.” is also a real joker. Those boxes often provide no “opt-out all” button and force you to “object” to “legitimate interests” one-by-one even if you do “opt-out”.
Why do companies even bother writing that?
They clearly don't care, if they did that box wouldn't even be there.
Sites like Imgur are the absolute worst. "We care about your privacy" and presents you with a list of 1200 companies they share information with.
Because lying works, propaganda works. You won't ever be able to convince everyone but you can confuse enough people that there isn't a united front that demands change. Especially those who want to believe because they're comfortable and thus reluctant to challenge the status quo. Also people who aren't intelligent enough to understand what's going on.
Maybe more in a sense like "I care about your well being, as I'll exploit you and if you die then I can't exploit you anymore." kind of way.
It's not even lying.
When people say “we care about global warming”, it doesn’t mean they want global warming to occur. Same with companies, they don’t want your privacy to continue either.
Is there any way to auto opt-out of these sites? Like an adblocker, but for these privacy pops?
3 replies →
At least they are not lying when they phrase it as "We value your privacy". I know you value it, down to a dollar.
It used to be the most common lie was "I have read the EULA". Nowadays the most common lie is "we care about your privacy" or possibly "we get it, you hate ads".
Or, "We take security very seriously..." after they just got breached and their databases copied because they left a default password on a router.
I wonder why, when I click to choose which measures I opt in/out, by default everything is just disabled and I just press confirm. Is it just me? Anyway, always saves me some effort.
Tho I optin analytics usually :)
Well, to properly comply you should assume no consent by default. However, most of the dialogs these days assume opt out for the main bit but there is a separate section for Legitimate Interest and you have to manually opt out of those. Is it possible you are just not noticing the separate legitimate interest section?
1 reply →
How GDPR is implemented is a total shitshow. It clearly says that it's an OPT-IN, not opt-out and one has to uncheck everything one by one.
We're creating a fucking dystopia just to click on more ads.
I used to see only that, but lately I've been seeing cases where once you choose the "manage cookies" option, all the nonessential cookies are opted out by default.
5 replies →
Noyb.eu is working to fix this: https://noyb.eu/en/noyb-aims-end-cookie-banner-terror-and-is...
The GDPR itself is sane. Its enforcement is severely lacking though.
It‘s such an abhorrent marketing style of talking.
"Your life is important to us. Therefore we must kill you.“
The way Dilbert put it was "Your call is important to us...please hold while we ignore it."
"Our Business is life itself" ~Umbrella Corporation
In this case they're actually being consistent. Your privacy is so important to us that we won't allow you to access our website and get tracked.
It is a very safe assumption to make that anything you see or hear in media means the exact opposite.
Including your comment, I suppose? ;)
2 replies →
It is absolutely, in no way whatsoever, even close to a safe assumption.
It is, in fact, what people who are far, far gone into conspiracy theory madness think.
Again, this is not a reasonable thing to think. It is bordering on mental illness.
Lawmakers and voters sometimes act as if regulations are free. They think “wouldn’t it be nice” and pass on the costs to businesses.
They aren’t in fact free.
Correct.
But the axiom is misguided.
Legislation on the safety of cars for instance is not free, but necessary.
You could argue that the makers of go-karts are being priced out of the market: after all, the free market should make people put a price on their own safety.
But the issue is often that people don’t really have a good grasp of what it truly means and you can’t put a monetary number on things like that.
I’m not an anarchist, I just don’t think people always realize or recognize that there will be downsides as well as upsides to the latest “sounds good” piece of legislation.
1 reply →
> You could argue that the makers of go-karts are being priced out of the market: after all, the free market should make people put a price on their own safety.
> But the issue is often that people don’t really have a good grasp of what it truly means and you can’t put a monetary number on things like that.
Furthermore, here in Europe everyone pays for health care for everyone to some degree so allowing people to do outrageously stupid stuff ends up increasing the tax for everyone.
Of course regulations are not without cost to those being regulated.
Lawmakers and voters would prefer not to have regulations; they would prefer if businesses just did the right thing. But they don't, so they have to be regulated. And nobody wants the cost of that regulation to fall on voters; so it falls on businesses.
Hey, who makes money out of these websites? Voters? Nope. Why should anyone but businesses pay the costs of regulating businesses?
To extend @bradleyjg's point, businesses often do try and "do the right thing" but don't always get the "voters" support. For instance, you could have no ads or tracking on your site, and just charge people to view the content. And of course the vast majority of people will simply not view it, go find a "free" version that has ads instead. Most companies could go 100% green today and do so by charging 2-10x more for their products -- do you think people in general would pay for it? It works on some scale, but not in general. So its not as simple as the business doing the right thing and business owners paying the costs. Its about forcing all business to adhere to some regulation, and pass the same cost on to customers in the same way, to achieve some hopefully laudable goal. And that's totally fine in my opinion, but it breaks down when people assume there are no costs passed on to customers, and (again to @bradleyjg's ponit) that you can merely make owners pay it without any knock on effect. Recognizing the costs and how policy works helps voters to push for the right ones IMHO.
It is magical thinking to believe that a law can impose a cost on businesses and it will come straight out of the pockets of the owners of that business.
There’s an entire sub-field of economics devoted to studying where the incidence of taxes and regulations fall, but voters don’t care to read the literature. If it sounds like we are sticking it to the people that their oversimplified model of the world has decided are bad guys, they are all for it.
7 replies →
Words are free.
Stop saying banned customers are great.
This is my argument.
The frustration in the EU is the inability to access the content, not the verbiage of the deny message.
Writing words takes time and effort. Time and effort cost money.
1 reply →
The user here just wants honesty - a "As a local American* media, we cannot afford the additional costs of GDPR compliance. As such, this content is not available to EU/EEA." That's it. Not "We are evaluating options to deliver your favorite [sic] content to EEA." when they already decided to no longer server Europeans.
* "local American media" WTF. Almost all of you are large corporates.
This is trivially easy for "local american media" to solve: if you can't manage consent, then stop depositing cookies on European computers.
2 replies →
Or maybe they are planning to give you localised [sic] content at some point and just haven't prioritised [sic] it yet?
1 reply →
> No idea how to get links to display properly even following "Formatting Options" instructions.
You can't have links in text posts like this. HN stories are a link or text. From https://news.ycombinator.com/formatdoc: "Urls become links, except in the text field of a submission."
To make proper links in comments, just put "https://" in front of them so they're URLs. "<" and ">" are for unusual URLs that get mis-detected with their surrounding text, and they are hardly ever needed.
Oops. Even in seven sentences, I missed a detail. :(
Thanks; noted for the future.
Maybe the blocked content is just divine retribution for the abhorrent cookie consent buttons we all have to press 20 times a day now.
Many sites show cookie consent when they don't have to.
You don't have to show cookie consent when you use cookies purely for "technical stuff" - e.g cookie based authentication.
>Operational cookies
>There are some cookies that we have to include in order for certain web pages to function. For this reason, they do not require your consent. In particular:
>authentication cookies
>technical cookies required by certain IT systems
https://ec.europa.eu/info/cookies_en
Consent is only necessary for cookies that aren't in the interest of the user (session cookies, other cookies set to fulfil user requests).
You only "have to" press these because a lot of websites decide they'd rather torture users with popups than stop tracking personal data.
I've never even been to Europe, and I still get them. What are we Americans, chopped liver?
Looks like sites "care about you" just as much as they do about Europeans.
I recommend the Consent-O-Matic browser extension and failing that, the "I don't care about cookies" browser extension.
https://github.com/cavi-au/Consent-O-Matic
https://www.i-dont-care-about-cookies.eu/
... only when paired with cookie browser settings switched to strict blocking.
Maybe because everyone (According to Facebook anyway, which is very not true) there wants to track - GDPR ain't really about the cookies, it's about the mismatch of corporate America's desire to track versus Europe's desire to not get tracked. Heck, American companies are breaking American law, at least in California.
I have been very grateful for GDPR, because on lots of sites the very first question is "do I care enough about this content to try and click a bunch of buttons?" Nine times out of ten the answer is no and I just close the tab without reading the article, and I genuinely think I'm happier for it. I certainly have more time.
EU said, "Do this or you can't do business in our countries." These websites said, "Ok" and didn't do business in those countries. Maybe kind of annoying, but this is explicitly the price you pay for more privacy.
Yes, but the complaint is about the awful PR messaging of "We care about you". Just be honest and be done with it.
This should become a meme so that those companies will think twice in using that phrasing.
They'll just switch their phrasing.
Seeking the wisdom of the HN crowd:
Does RSS, with the full article content in each item's description, avoid the "problem" of GDPR compliance?
Maybe it'll become "cheaper" for global content creators to go back to old-fashioned content-targeted ads, which can be distributed through RSS [1], among other domains.
Placing the ads will be more expensive [2] (no more than it used to be), but it might be cheaper than guaranteeing GDPR compliance with the adware they've grown cozy with recently, and it opens up the EU as an available market.
[1]: for one example of this already working, podcasts are distributed via RSS, and have a rapidly growing advertising market around them: https://www.emarketer.com/content/us-podcast-ad-spending-sur....
[2]: apparently, most podcast ads are placed with a human in the loop (only 8% are placed programmatically). there might be a product idea here, in building a "static, content-targeted ad" exchange.
What I don't understand is, why are these local US news sites required to comply with GDPR? I wouldn't think they'd have any obligation to follow it (or any possible recourse for not doing so) unless they have business operations in the EU. Are these local news sites in fact all owned by multinationals that do have operations in the EU?
Edit: I'm getting downvoted -- just in case it helps to clarify, I'm not trying to say anything anti-GDPR here... I'm just genuinely surprised these ostensibly US-only companies feel obligated to follow it and genuinely asking why? Is there an actual legal risk to non-compliance for them? Given the already low level of effort just to detect an EU-based IP address and show the patronizing error message, it seems like they must have had some motivation to even do that much and I'm just wondering what that was.
Any company that serves EU residents has to comply. If they block users from the EU, they don't have to comply. Fines can be massive (up to 2% global revenue).
Nexstar might not have any European assets, but non-compliance might not be a smart move if they get fined and business executives travel to Europe...
A company in the US has no legal obligation to pay fines in the EU. There is no ability to enforce these rules on US companies.
Also, individuals traveling to the EU will never be liable for the fines of their company.
Our company just completely ignores GDPR - and I suspect no one will ever care.
2 replies →
I understand it as: if you're taking my data as European citizen, that is protected; even if you're in the US I'm still European.
That’s incorrect. What matters is where you are, not whether you’re an EU citizen.
If an EU citizen accesses a site from inside the USA, the GPDR does not apply. That’s also why these sites can use geo-blocking without knowing who accesses their site (for some definition of ‘can’. Technically they can’t because geo-blocking can’t be perfect. If you access a site from the EU through a VPN in the USA, the GDPR still applies)
The EU can still, in theory, sue them because they're serving Europeans. Especially in the beginning many companies became afraid of the possibility so they simply blocked access to see where it goes. Then it probably became clear the European customers are not worth the effort to change back. But actually it's still illegal what they're doing because the GDPR also states that customers have to be treated neutral regardless of their location, as long as it's not about licensing of course.
GDPR applies whenever you're providing services to EU citizens, regardless of where you have operations. If you want those people to read your stuff, it applies to you.
And before you say that's crazy, look at US tax laws.
Also, US Foreign Corruption Practices Act.
> GDPR applies whenever you're providing services to EU citizens
That's a common misconception. GDPR applies to the data of people "in the Union". There is no mention of citizens at all in GDPR.
If someone is not an EU citizen but is in the Union, it applies.
If someone is an EU citizen but is not in the Union, it does not apply.
> US-only companies feel obligated to follow it and genuinely asking why?
It doesn't matter where a company is located, only where its products are accessible. If you offer a product/service to EU citizens - for example a globally accessible news website - you have to comply with GDPR. Or you deny access to EU citizens, which is fine too.
The vast majority of "local" news sites are in fact owned by just a handful of media conglomerates.
I always read this as:
"Our European visitors are important to us BUT vacuuming all your data and selling to multiple bidders is importanter"
You wanna be obnoxious? Sure, go ahead, but I'll dislike your site more (and I have adblock so I have no qualms in accepting). Wanna pretend you're compliant by having an obvious non-compliant "solution" and think that will shield your responsibility? Now I'll just hate you and will probably bounce off your site
They're serving you a web-page regardless. It probably isn't the data as much as they don't want to run afoul of EU law.
Breaking the law is a generally considered a big mistake and regardless of the stereotyping about businesses they can be pretty timid when dealing with governments.
Sure, I have more respect for the ones that 451 it than for the ones that pretend (very obnoxiously) to be compliant.
> Breaking the law is a generally considered a big mistake
Except when it's about breaching the GDPR. In this case it's considered "business as usual" and Google and Facebook successfully get away with it.
But they are breaking the law.
"Accept/Ask me later" is in violation of the GDPR.
Exactly this. Every time I read about GDPR compliance, it feels like a very well-designed set of guidelines that are easy to follow ... IF you aren't stalking users. The complaints about it have the same tone as the Guild of Assassins complaining that laws against murder are really hard to comply with in their industry. Of course they are, and that's the point.
--------------
Hypothetical conversation with a Malicious Advertising Website:
MAW: Can I stalk my users without telling them?
GDPR: No, you must have consent to track users.
MAW: So I can assume I have consent because they're using my site?
GDPR: No, the consent must be explicit.
MAW: Got it, I'll put it somewhere in the fine print of the terms of service.
GDPR: Uninformed consent doesn't count. Fine print doesn't count as informing users.
MAW: Okay, so I'll have a banner with an obvious "accept" button and several hidden steps to opt out.
GDPR: Nope, it must be just as easy to retract permission as to grant it. If it's a single step to accept, then it must be a single step to reject.
MAW: In that case I'll have the "reject" button kick them off the site.
GDPR: Consent must be freely given, and having a service be conditional on consent is coercion. Consent to track may only be given as a gift, and not as an exchange.
MAW: WAAAH!! This is so hard!!
---------
Hypothetical conversation with a Non-Malicious Website:
NMW: I don't track any information about visitors to this site, and only serve non-targeted advertisements.
GDPR: Sounds good, go right ahead.
NMW: Say, I want to make a "To-Do List" site. Do I need to warn users that I'm going to remember the to-do items for them?
GDPR: Nope, no issue there. That's necessary for the service to function.
NMW: Huh, this is really simple.
MAW: Nevermind, I'll identify users via browser fingerprinting.
GDPR: Browser generated information was ruled personal data and falls under GDPR.
MAW: Just let me stalk on my users without their consent, goddamit!
>Every time I read about GDPR compliance, it feels like a very well-designed set of guidelines that are easy to follow ... IF you aren't stalking users.
There's a difference between being compliant and being _in compliance_. There's a real cost to the latter. Why should sites that primarily serve non-European readers bother with it? The assumption that they don't because they're all greedily stalking users is a misguided, but popular, cynical take.
1 reply →
it looks like great tl;dr, but I'm not expert on GDPR
nice
1 reply →
Except the GDPR doesn't work as sold.
More accurate to say "businesses don't do as told".
How so?
1 reply →
> Every now and then, a link to an interesting news article is suggested to me.
If the link looks like something worth the effort, plug it in to archive.is and read the output there. Or try it via outline.com instead. These tend to work for most text-based articles/sites, and archive.is often breezes right through paywalls, too.
Thanks for the advice.
To load one of the Google News links took more than 30 seconds on archive.is but eventually worked.
Outline did not work with the links as-is.
In short, this is not a comfortable workaround, but it is a working alternative.
Just gotta ride the VPN all day long
Before GDPR passed I heard nothing but "I don't want to patronize a site that doesn't want to respect my privacy" and "we don't need sites that won't follow basic rules like this". Well you got your wish. Your internet is no longer polluted with these reprehensible site owners. Yet people continue to bitch and moan.
Read the thread. They can keep their news, but it's _pushed_ to me by Big Tech. Then, the news sources have the nerve to say, "Thanks for coming. Get out!"
It's the 0% APR that virtually nobody qualifies for at the dealership. Don't suggest content I want but can't have.
News aggregators hardly qualify as "big tech".
2 replies →
The moan is about the language used, not the availability of the site.
The reality is that "Outside US support" is usually the lower priority step-two of any project, because it is easier to make more money inside the US, for US companies, for example because of (a lack of) regulations like GDPR. (Source: I am a European working for a US company)
I don't think they entirely don't care, they just care more about (perhaps need to) making money fast than serving a global audience.
Jeez, what a mess. To extend the McDonald’s analogy, when McDonald’s is serving its American customers, it doesn’t heed European laws about beef and potatoes. Because those laws are irrelevant to them, they have no bearing on McDonald’s making money (again in the context of serving their American customers). McDonald’s is never going to check what Brussels says about dairy before they make a milkshake in Spokane. Sorry.
My friend, that couple of sentences you’re so wound up about means more or less exactly what you’ve said at the end. Businesses aren’t in the business of giving a shit about things that don’t affect their business. You’re upset that they don’t word it more bluntly? Really?
Actions have consequences is my response. Sorry you all didn’t get the consequences you wanted. But it’s very frustrating the childish way people on HN approach these issues. Zero material analysis or thinking, always pointedly naive idealism of this type: “well you SAID you care about Europeans”- come on.
I’m begging you all to take the next step and think through the actual forces at play, instead of banging on with the churlishness.
The way this works is very simple- law is introduced, business figures out the easiest way to deal with it and get back to what they were doing, rinse and repeat.
Maybe the European search engines do a better job at this. You could give them a try.
You missed the McDonald's analogy. A burger in every shop in the U.S. will taste the same as any other. It follows the rules of the franchise, just as every site I linked is a cookie cutter website for local news. Each "local" site has nearly the same functionality, look, backend... because they are from the same supplier. It's news franchises serving your local paper and TV station, and it has been for a while.
Certainly, this media conglomerate does not need to care about European visitors, but to claim they do on the "Access Denied" page is quite hypocritical.
I hadn't even mentioned the detail, "while we work to ensure..." This would imply they've been doing anything at all for the past three years.
Also, I'm 15 miles away from a Google office, so I guess I've been using a European search engine all along!
This:
> McDonald’s is never going to check what Brussels says about dairy before they make a milkshake in Spokane. Sorry.
conflicts with this:
> law is introduced, business figures out the easiest way to deal with it and get back to what they were doing, rinse and repeat.
So which is it? If they care about Brussels, then they are willing to go the extra mile. If they don't care, why put up the block anyways?
Amen. If a court in the EU fines the Bozeman Daily Chronicle, what is stopping the Chronicle from replying, "lol ok." and continuing to not care?
1 reply →
Most companies (and most individuals, I'd say) want to do what's necessary to not be bothered. It's doubtful these organizations have any great fear of EU regulatory bodies, but if showing a warning (that the user can subsequently bypass) shows they made an effort and staves off 90% of complaints, it'll be worth it.
1 reply →
But US meat is not allowed in Europe because of hormones.
So they have to adjust their EU meat supplier for servings in Europe though.
Someone located in Brussels does not buy a cheeseburger from a McDonalds in Spokane.
Someone located in Brussels might easily end up on the website of a Spokane newspaper.
A newspaper in Spokane is also not going to be covered by GDPR unless that actively target people in the EU. If a few people in the EU happen to wander over to your website, that's not enough to make you subject to GDPR.
I don't understand completely why you're being downvoted. I'm european, in favour of GDPR, and I think this is a valid way of doing it. These reactions confuse me the same as using incognito or adblockers to pass paywalls and such - if that's their business model and their choice, I'm going to say no, and won't even be interested.
> I don't understand completely why you're being downvoted.
Because it's irrelevant, wrong and passive-aggressive belligerent: "Sorry you all didn’t get the consequences you wanted... childish ... Zero thinking ... churlishness".
[dead]
Is this really what's considered good content on HN at this point? I come here specifically to avoid junk like this.
Disappointing.
One of the most popular services of one of the most popular tech companies is pushing content to one of the largest economic participants that is relevant but unusable.
While I didn't mean for this to blow up and was merely venting, I'd like to think my unreplied vim-regex comments were good contributions and valid content for the HN community.
And just for you: Five years ago, the front page had "House sabotages net neutrality", "lawyers suing over We Shall Overcome", "Haitian cholera epidemic started by UN peacekeepers", "coffee shops signal urban change", "how the law is tracking down prank callers", "Merkel allows lawsuit against German comedian"... oh, and a new minor version of Jupyter and Tera were introduced.
I'm sad that you remember HN being different back then.
Several times I've said that HN should block European IP addresses. Nothing they have to say is relevant in the US.
And pay your own damn defense budgets.
I'm a U.S. citizen and veteran working for a company with many customers the U.S. and friends working in every reach of the country. I didn't realize I'm not part of the tech scene because of my location.
Alas, I have paid and do still pay my country's defense budget---financially, physically, emotionally.
2 replies →
Sorry to break your bubble.
I'm from Europe and would love this. Let us have our own forums!
Maybe the cost of GDPR compliance just isn't worth the small amount of revenue that they might make from European visitors? US visitors are probably much more 'valuable' in terms of advertisement revenue, and also much more likely to be a subscriber.
And I say this as a European myself. It sucks that I have to jump through hoops to access some sites but I can't really blame them.
I'm not really offended that I can't see all content from Europe, but the idiotic newspeak like "Our European visitors are important to us." is almost offensive. I don't see why they aren't just honest.
“Your call is important to us. Thank you for waiting. You are 8382nd in the call queue because our overworked and understaffed call centre team are all handling other customers. By the way, did you know we understaff this team because customers are super important to us?”
Toxic positivity. It's a pervasive feature of American culture.
4 replies →
That "you are important for us and we care deeply about you and your pet iguana" it's the bread and butter of corporate America's PR - it has it's versions on other parts of the World too.
I'd love to know how much an American user's data is worth and what percentage of clicks belong to European domains.
I know the pervasiveness of the phrase no such thing as a free lunch, but is there really so much revenue lost by not harvesting data? (And yes, it doesn't take an MBA to notice any revenue loss should be avoided, so I understand the reluctance to publish to any market for free.)
I think the problem is not necessarily the loss in revenue due to "not harvesting data" but rather the cost of all the compliance measures and new processes the GDPR requires.
1 reply →
It’s a bit silly because serving the content without cookies doesn’t cost more than not serving anything. It’s not like a restaurant where serving a steak means you now have one less steak, it’s just data that you can copy as much as you want.
I mean, data transfer is not totally without costs.
At a few thousand reads per day, a MB or so per read... this is costing up to FIFTY DOLLARS PER YEAR to just... give our content away for free?!
1 reply →
Obviously. But let them be honest about it.
Having worked on and lead 3 GDPR compliance projects, I can say that the cost of GDPR compliance is close to zero if your business is not tracking users or selling their data without consent. This assuming you are following best practises for storing users’ data (ie encryption, limited access to authorised personnel, etc…). If you store data without encryption, allow randos to access users’ personal data, you shouldn’t even be in business.
Also the EU is quite tolerant with breaches, as in if you are found in breach they will give plenty of time to address it (which often means removing a tracking cookie you forgot about or add it to your cookie policy).
At this point GDPR is way too tolerant, given that in 99% of cases you get away with a banner that makes it impossible to refuse tracking.
So not being GDPR compliant, which at this point means a bit more than being decent with users, says more about the business model of these companies than about anything else.
Don't know why you got downvoted.
As a former GDPR compliance officer for a company managing about 40 customer websites, I can confirm that GDPR compliance is not burdensome or costly, unless you are intent on violating the GDPR. You appoint someone on your tech staff as compliance officer, and as an organisation you make sure that complaints are handled.
Handling complaints is something any business should be able to do, GDPR or not; a business that can't handle complaints isn't a viable business.
For small organizations, even if they are not tracking or doing anything with data that would need to be changed to comply with GDPR, the couple hundred or so Euros a year to comply with Article 27 [1] might be enough for them to block EU access.
[1] https://gdpr-info.eu/art-27-gdpr/
1 reply →
So basically the US now has its own split off version of the web, only visible to other Americans.
The Great Firewall of the USA, or maybe The Great American Firewall.
IANAL, but can't they just word a disclaimer and checkbox? Something like:
"Our European visitors are important to us... but the cost of GDPR-compliance for a US-focused site is high. For your own GDPR protection, we advise you not to access our site. However, if you choose to do so, you agree to waive any and all rights granted to you under the GDPR. [ ] Agree"
Which is like saying “this building doesn’t follow engineering best practices, it may fall on your head at any moment” and expect to get away with that.
4 replies →
Correct, you're not a lawyer. IANAL either but I know enough to know people can't generally waive their rights. If they could then every website would just say "you are waiving your GDPR rights if you continue using this site" and be done with it.
3 replies →
> IANAL
Maybe you are not a lawyer; but perhaps you should actually read the GDPR before suggesting that it's possible to waive all one's rights under the GDPR.
This is what your politicians asked for.
...to be told we're important?
A bunch of Americans lying to us?
So should the whole world obey every diktat that comes from the EU? Whether GDPR is good or bad, it's an EU law, not an international or American one.
The complaint is about saying "we care" when they clearly don't.
It's perfectly reasonable for US media to block European users rather than deal with GDPR compliance, but why not be honest about it?
Sorry, I wasn't paying attention as I have to fill my FACTA form.
I’m the opposite: I grew up in Europe but live in the States. There’s a ton of European websites and content I can’t access from here.
While this may suck for you personally I don’t think American companies (especially local news companies) should have to comply with invasive and expensive European privacy laws. Especially after forcing the entire world to adopt useless and annoying cookie walls. If you really want to access those articles you can use a VPN like the rest of the world does when they are accessing geo restricted content. GDPR has never really been a reasonable law to begin with.
Can you give some examples of European websites which are unavailable in the USA?
I don't believe they need to comply, either. Just stop saying people living in Europe are important. They obviously are not.
The argument in the post is that they are all from the same, large media company:
> At the bottom of each page: <https://www.nexstar.tv>
Nobody asked for cookie walls, which anyway don't bring sites into compliance. The cookie walls are erected by companies that are trying to shirk GDPR responsibilities.
They can avoid these responsibilities by refusing to serve content in the EU. That's their prerogative (although it is discriminatory, and thefore violates GDPR). And if they think they are out-of-reach for EU law, they can just ignore the GDPR; but watch out, similar regulations are coming to a jurisdiction near you.
Whether the GDPR is "reasonable" depends on your perspective; regulated parties always think that the regulations under which they trade are unreasonable.
[Edit: qualified the "their prerogative" bit]
Then pay.
Pay for what, they are all free sites OP listed?
Pay to… buy out the news company? I guess?
Ah yes, another headline-only reader.
> It's been three years. Stop saying your European visitors are important to you
> Then pay.
I don't think it really fits as a response if I had only read the headline.
I do concede that my comment was more terse then necessary and not as constructive as it could have been.
My point was that the links listed looked like small free organizations that don't have the resources, or actually any other incentive. They probably have very few readers outside of their localities.
So pay for a bigger news org that does.
For a news source that does care and have the resources to implement GDPR compliance.
I'm European and I block EU customers as well (mainly for VATMOSS though, more than GDPR, albeit I'm not sure whether I'm GDPR ready or not).
Simply put, it's a very low margin and low time investment business on my side and I'd rather work on something that can make me more money than to implement the required changes to support Europe's regulatory plat du jour.
Having worked in big businesses, even if they have the money to spend, they may face other organisational issues. Implementing any change in big businesses is not easy and takes significant more time than you would imagine.
As you correctly say, I'm sure they evaluated the cost benefit of EU visitors and concluded it wasn't as high as the cost of getting things done.
For news, that means that people will be able to access less independent content, or maybe just access what is visible behind the walled gardens of social media. For ecommerce (and VATMOSS), stores just moved to Amazon / eBay so they don't have to deal with the complexity.
As usual, regulators screwed all us up pretending to target big business (whether it's privacy or paying sales tax) and dealt a massive blow to all the small competitors of big business.
Use VPN. And use browser extension like uBlock Origin. You can access blocked content and you get privacy.
I'd love to be able to drop NoScript and uBlock Origin, but the web has become such a shitshow that they're vital security tools.
But it's ridiculous that we have to go to such insane lengths, for privacy or even for access. Noscript, in particular, can be very annoying, but it saves me from a lot of worse annoyances.
This also crosses over to the crawling horror of IoT, where every device maker wants your sweet, sweet data. Oh, sure, we can throw our IoT devices on a carefully-firewalled VLAN - provided we have networking gear with that capability and the knowledge to use it, neither of which is likely for the average consumer.
I never imagined I'd live in a real-life cyberpunk dystopia when I first read "Johnny Mnemonic" in Omni so many years ago, but here we are.
This is a solution for an end user, and besides the point.
It’s mostly local papers in rural areas. They are trying to proof some point, and happen to be mostly just not very interesting for European readers. So cutting them off is cheap.