Comment by DangerousPie
5 years ago
Maybe the cost of GDPR compliance just isn't worth the small amount of revenue that they might make from European visitors? US visitors are probably much more 'valuable' in terms of advertisement revenue, and also much more likely to be a subscriber.
And I say this as a European myself. It sucks that I have to jump through hoops to access some sites but I can't really blame them.
I'm not really offended that I can't see all content from Europe, but the idiotic newspeak like "Our European visitors are important to us." is almost offensive. I don't see why they aren't just honest.
“Your call is important to us. Thank you for waiting. You are 8382nd in the call queue because our overworked and understaffed call centre team are all handling other customers. By the way, did you know we understaff this team because customers are super important to us?”
Toxic positivity. It's a pervasive feature of American culture.
I think this is more an example of what we call “bullshit.” There’s a lot of it.
1 reply →
The concept of supermarket greeter blows my mind. As a customer this would be a reason to NOT go to that supermarket. As a potential employee I would have to be starving before I took that job.
1 reply →
That "you are important for us and we care deeply about you and your pet iguana" it's the bread and butter of corporate America's PR - it has it's versions on other parts of the World too.
I'd love to know how much an American user's data is worth and what percentage of clicks belong to European domains.
I know the pervasiveness of the phrase no such thing as a free lunch, but is there really so much revenue lost by not harvesting data? (And yes, it doesn't take an MBA to notice any revenue loss should be avoided, so I understand the reluctance to publish to any market for free.)
I think the problem is not necessarily the loss in revenue due to "not harvesting data" but rather the cost of all the compliance measures and new processes the GDPR requires.
Three years was long enough to figure out that they do not actually find Europeans (or Americans residing in Europe) important.
Change the text.
It’s a bit silly because serving the content without cookies doesn’t cost more than not serving anything. It’s not like a restaurant where serving a steak means you now have one less steak, it’s just data that you can copy as much as you want.
I mean, data transfer is not totally without costs.
At a few thousand reads per day, a MB or so per read... this is costing up to FIFTY DOLLARS PER YEAR to just... give our content away for free?!
Hang on; you're still serving ads, no?
So what's this about "free"? I mean, you weren't planning to charge me in the first place.
So you want to set a cookie so that you can make your ads more "targetted", and so more valuable? There's no public evidence that ad targetting even works.
But this "free" business - I suspect that some local US paper doesn't make a lot of money from ads served to EU residents. So is it possible that the lost revenue stream is from selling PII to data brokers? Oh dear - that's pretty evil, even if the visitor isn't in the EU.
Obviously. But let them be honest about it.
Having worked on and lead 3 GDPR compliance projects, I can say that the cost of GDPR compliance is close to zero if your business is not tracking users or selling their data without consent. This assuming you are following best practises for storing users’ data (ie encryption, limited access to authorised personnel, etc…). If you store data without encryption, allow randos to access users’ personal data, you shouldn’t even be in business.
Also the EU is quite tolerant with breaches, as in if you are found in breach they will give plenty of time to address it (which often means removing a tracking cookie you forgot about or add it to your cookie policy).
At this point GDPR is way too tolerant, given that in 99% of cases you get away with a banner that makes it impossible to refuse tracking.
So not being GDPR compliant, which at this point means a bit more than being decent with users, says more about the business model of these companies than about anything else.
Don't know why you got downvoted.
As a former GDPR compliance officer for a company managing about 40 customer websites, I can confirm that GDPR compliance is not burdensome or costly, unless you are intent on violating the GDPR. You appoint someone on your tech staff as compliance officer, and as an organisation you make sure that complaints are handled.
Handling complaints is something any business should be able to do, GDPR or not; a business that can't handle complaints isn't a viable business.
For small organizations, even if they are not tracking or doing anything with data that would need to be changed to comply with GDPR, the couple hundred or so Euros a year to comply with Article 27 [1] might be enough for them to block EU access.
[1] https://gdpr-info.eu/art-27-gdpr/
If you are not doing anything with the data, you should just not collect it. A newspaper doesn’t need to collect my personal information.
Besides if you don’t have a regular client base in the EEA or you process and collect data only occasionally and on a small scale, you don’t have to appoint a GDPR representative.
In a few words: don’t collect data without permission, don't spy on your users, don’t profile them, don’t process or sell their data without permission, delete all data about them if they ask you to do so, and you’ll be OK.
So basically the US now has its own split off version of the web, only visible to other Americans.
The Great Firewall of the USA, or maybe The Great American Firewall.
IANAL, but can't they just word a disclaimer and checkbox? Something like:
"Our European visitors are important to us... but the cost of GDPR-compliance for a US-focused site is high. For your own GDPR protection, we advise you not to access our site. However, if you choose to do so, you agree to waive any and all rights granted to you under the GDPR. [ ] Agree"
Which is like saying “this building doesn’t follow engineering best practices, it may fall on your head at any moment” and expect to get away with that.
Isn't it more like a website in one country rightly stating it's not bound by the laws in another country?
3 replies →
Correct, you're not a lawyer. IANAL either but I know enough to know people can't generally waive their rights. If they could then every website would just say "you are waiving your GDPR rights if you continue using this site" and be done with it.
I simply thought jurisdiction would be relevant here. The EU can make whatever rules it wants to cover its own citizens, and beyond that - they can't enforce them.
2 replies →
> IANAL
Maybe you are not a lawyer; but perhaps you should actually read the GDPR before suggesting that it's possible to waive all one's rights under the GDPR.