
U.S. Websites Go Dark in Europe as GDPR Data Rules Kick In - ytNumbers
https://www.wsj.com/articles/u-s-websites-go-dark-in-europe-as-gdpr-data-rules-kick-in-1527242038
======
AhtiK
Looks like strictly specific to Tronc publishing,
[https://en.wikipedia.org/wiki/Tronc#Newspapers](https://en.wikipedia.org/wiki/Tronc#Newspapers)

Anyone else blocking?

Additionally, blocking access to the site that already has the data from the
people of EU is violating GDPR more than simply keeping the site alive. GDPR
is not about the data that is collected only after the May 25th.

~~~
codedokode
Why block EU users instead of just disabling analytics and ads for them?

~~~
Turing_Machine
Because that would result in the EU users burning bandwidth and processor time
without any offsetting revenue.

I'd imagine that the cost of providing (say) the Los Angeles Times to the EU
is non-trivial.

------
dvfjsdhgfv
> Aggressive potential penalties are likely to affect some business decisions.

Aggressive user tracking and nonchalant attitude to users' personal data seems
to be less problematic to them.

------
efbb
Pretty sure WSJ is non-compliant to GDPR by not providing the option for EU
readers to opt out of their cookie policy, ironic that that will be a reason
for Tronc blocking EU readers altogether.

~~~
downandout
GDPR doesn’t apply to WSJ or any other site that doesn’t “envisage” offering
its services to users in the EU. See recital 23.

Edit: apparently they accept EU currencies, which means they have subjected
themselves to it.

~~~
dekrg
What? It says the opposite - if you are providing services to EU residents
outside of the EU GDPR applies to you.

[http://www.privacy-regulation.eu/en/recital-23-GDPR.htm](http://www.privacy-
regulation.eu/en/recital-23-GDPR.htm)

> In order to ensure that natural persons are not deprived of the protection
> to which they are entitled under this Regulation, the processing of personal
> data of data subjects who are in the Union by a controller or a processor
> not established in the Union should be subject to this Regulation where the
> processing activities are related to offering goods or services to such data
> subjects irrespective of whether connected to a payment.

~~~
downandout
You completely ignored the relevant part of that recital:

 _In order to determine whether such a controller or processor is offering
goods or services to data subjects who are in the Union, it should be
ascertained whether it is apparent that the controller or processor envisages
offering services to data subjects in one or more Member States in the Union.

Whereas the mere accessibility of the controller's, processor's or an
intermediary's website in the Union, of an email address or of other contact
details, or the use of a language generally used in the third country where
the controller is established, is insufficient to ascertain such intention,
factors such as the use of a language or a currency generally used in one or
more Member States with the possibility of ordering goods and services in that
other language, or the mentioning of customers or users who are in the Union,
may make it apparent that the controller envisages offering goods or services
to data subjects in the Union_

If you are not “offering goods or services to data subjects who are in the
Union” then you are not subject to GDPR. As stated in the recital, the mere
fact that a site is accessible from within the EU DOES NOT make it subject to
GDPR. This recital tells you the test that is used to determine whether or not
you are. It isn’t necessarily even required to block EU traffic to be immune
from it, though it’s a good idea since you’re playing with fire. You simply
can’t translate your site to EU only languages, create content or services
that might appeal specifically to EU residents, etc.

No targeting of EU residents = no GDPR liability.

~~~
dekrg
>No targeting of EU residents = no GDPR liability.

I'm gonna have to disagree with that interpretation.

If I can use their services from within EU then they are providing services to
EU residents regardless whether or they explicitly say that they want EU
customers and thus are subject to GDPR.

~~~
downandout
Read the part of the recital that you seem to be ignoring on purpose for
whatever reason. It literally says that the mere accessibility of a site from
within the EU does not by itself mean that the site is offering services in
the EU for the purposes of GDPR. It’s not really up for debate - it is written
right there in black and white.

I’ve been through this with actual lawyers. There are things you can do that
make you subject to GDPR without explicitly saying you want EU customers - an
example might be creating a site in English but that exclusively reports
German news. But, for example, if you have a US news site that doesn’t sell
subscriptions to EU citizens, isn’t based in the EU, doesn’t specialize in
news arising from EU countries, and doesn’t translate its content to EU-only
languages, you aren’t subject to it. Again, as stated in the recital, the mere
fact that an EU resident can access the site does not by itself trigger GDPR
exposure.

------
rekshaw
Just in case you're not a WSJ subscriber, use this to bypass the pay wall:
[https://m.facebook.com/l.php?u=https%3A%2F%2Fwww.wsj.com%2Fa...](https://m.facebook.com/l.php?u=https%3A%2F%2Fwww.wsj.com%2Farticles%2Fu-
s-websites-go-dark-in-europe-as-gdpr-data-rules-kick-in-1527242038)

~~~
huhtenberg
This leads straight to the Facebook login form.

~~~
jmiserez
That just opens the page via a FB referral, basically this bookmarklet:

    
    
        javascript:window.location.href='https://m.facebook.com/l.php?u='+encodeURIComponent(window.location.href);

------
mrleiter
This regulation has been on its way for 2 years, and before that it was
discussed extensively. Any big corporation not complying or making such a move
as simply blocking EU users is ridiculous. Lobbying obviously didn't work so
now they want users to revolt against EU lawmakers, or what is the endgoal
here? There was enough time to comply, I find this behaviour unfair and short-
sighted on the mid to long run.

------
jake_the_third
As a non-European who has no problems complying with the GDPR and has
resources at his disposal: Please, If someone knows of a list of all companies
and services that refuse to comply with the GDPR, please point me to it.

To me, this seems like an incredible once-in-a-lifetime opportunity to get
into previously captured markets.

------
legitster
To add some flavor to this, there are only a handful of vendors that sell
cookie opt-in software in the US, and implementing one on our own tiny site
was a nightmare. If the business model revolves around ads or third party
services, I can't imagine how much worse it would be to get running.

------
darkgray
Japanese forum giant 5ch (formerly 2ch) has also decided to IP block all of EU
in order to "comply" with GDPR, as of a few days ago.

I've been hoping it wouldn't spread, since it's depressing to be confined to a
little internet bubble in this day and age. Guess I'll be needing a VPN.

~~~
cyber
Careful which countries you go to with that VPN. You don’t want to
intentionally circumvent an access control restriction. ;)

------
pjc50
I'm actually looking forward to seeing less US news. One of the downsides of
being on the global English-speaking internet of social link propagation-
discussion sites is that it's incredibly US centric. We need to pay more
attention to our own countries and localities.

------
drivingmenuts
So what happens with all the open-source projects that EU citizens are
involved in? Some of those are (more or less) based in the US. Are they also
covered by the GDPR or is it just businesses?

------
dvfjsdhgfv
> We are engaged on the issue

Dear Tronc,

You had two years to comply. You are being ridiculous. Good luck with
complying.

EU Users

~~~
Iv
As a European who has many time been asked to comply with the various
sillinesses coming from US legislators, I must say there is some strong
schadenfreude on this current event.

And for once, I think that the law that annoys everybody actually comes from a
good intent (protecting users instead of profits)

~~~
TimJYoung
Yeah, I've got to agree on this point. Whenever I hear complaints from US
citizens, I think to myself: imagine having your whole country need to learn
another language in order to do business...we are _very_ lucky that much of
the world does business in English, and we are able to benefit greatly from
that.

------
stunt
If your core values are we don't give a f.. to our user's privacy, obviously
you don't do anything in 2 years for them.

------
sildur
Well, good riddance to all of those companies which do not want to comply with
a law made to protect citizen’s privacy. Europeans now have an antispam,
anticrooks filter for free.

