They are not blocked. They have chosen to take their services offline because they don’t think changing their business model such that it no longer depends on aggressively tracking their users is worthwhile or cost-effective. Which is fine by me imho.
I don't agree that if a business chooses not to operate in a country, because it's unwilling to spend the money required to comply with the country's laws, that that is equivalent to censorship.
Another person's personal information is not protected speech.
I was fine with that transaction. In fact, I would rather have them sell my data instead of charging money.
Consumers have a choice on whether or not they want to go to these sites, it's not like they are forced to give away their personal information to news sites.
I would say the GDPR blocking news sites is a net negative because it denies consumers the choice to read news stories.
And I always thought (back in my more naïve days) that I read the site in exchange for being advertised to. Point being, the exact details of the transaction were never shown to the visitors. GDPR fixes that by forcing companies to state the terms of this transaction explicitly, and actually ask the visitors if they're willing to participate in it.
GDPR isn't blocking any sites, it's only disallowing a very particular way of getting users to give up their data and then monetizing that data. Nobody is entitled to their business model working forever, and some companies prefer to shut off a large segment of their market instead of updating their business model. It's their choice.
*metaphors can get quite silly
Self blocking in response to a law to avoid the penalties under the law is being blocked by the law.
That's all there is to it. GDPR isn't banning news sites, or other companies; it's banning a very particular set of antisocial business practices.
The problem isn't only adjusting business models. It's proving you've adjusted your business model to twenty-eight EU regulators. If one of them misbehaves, you now have to wage a legal fight in a foreign jurisdiction. Against those costs and risks is a minimum required revenue. If that revenue doesn't exist, it doesn't make sense to serve that market. Regardless of your business model.
There's just one large company that decided to block EU visitors: Tribune Publishing. Yes, them blocking Europe is bad. Them owning so many local newspapers that this decision even makes an impact is a bigger problem.
I'm not saying that they're the only ones blocking Europe, but I am saying that we wouldn't think of it to be as wide spread if it weren't for Chicago Tribune, Baltimore Sun, and LA Times (among others).
* Tribune have troncked Europe because their data control is jazzy.
* Google should really tronc China - fight the Firewall!
If anything, major players deciding not to compete in a market is good to my mind, as a means of increasing a diversity of business styles. Laws like this make businesses pay for the actual cost of thier hidden externalities.
More seriously, GDPR should not extend beyond its jurisdiction. It does though, and there are consequences. Blocking european IPs cost (loss of revenue) must be balanced against compliance costs.
Claims that "they've had N years to prepare" are specicious, if for no other reason than they aren't bound by the specific law. Meanwhile the law introduces a new, potentially large, liability. Which results in companies self censoring by geolocation.
This is what you call an unintended consequence. Remote access to quite a few resources outside of Europe is likely to be restricted should this pass into EU law. As we like to say here, elections have consequences.
FWIW, I support the aims of GDPR, and wish we would get a sane law on this here in the US as well. But I don't want our law extending to others. That would be unfair to them.
The US is probably the biggest "exporter" of laws that are forced down the throaths of all other countries.