Hacker News new | comments | ask | show | jobs | submit login

It's not clear what's going on with GDPR, good test cases are only now starting to be tested. But the fact that many American newspapers, for example, are blocked in Europe is certainly something to worry about.





> But the fact that many American newspapers, for example, are blocked in Europe is certainly something to worry about.

They are not blocked. They have chosen to take their services offline because they don’t think changing their business model such that it no longer depends on aggressively tracking their users is worthwhile or cost-effective. Which is fine by me imho.


You must understand the economics. Newspapers have zero cash on hand these days, so their choice was to fire staff to allocate money for GDPR or not. Seeing how staff is at a minimum, that was the practical option. Result is equivalent to censorship. I'm surprised you don't find this a terrible outcome.

> Result is equivalent to censorship.

I don't agree that if a business chooses not to operate in a country, because it's unwilling to spend the money required to comply with the country's laws, that that is equivalent to censorship.

Another person's personal information is not protected speech.


I always viewed it as a transaction--go to the news site and read the news, in exchange they will sell data on what articles you're reading, etc.

I was fine with that transaction. In fact, I would rather have them sell my data instead of charging money.

Consumers have a choice on whether or not they want to go to these sites, it's not like they are forced to give away their personal information to news sites.

I would say the GDPR blocking news sites is a net negative because it denies consumers the choice to read news stories.


> I always viewed it as a transaction--go to the news site and read the news, in exchange they will sell data on what articles you're reading, etc.

And I always thought (back in my more naïve days) that I read the site in exchange for being advertised to. Point being, the exact details of the transaction were never shown to the visitors. GDPR fixes that by forcing companies to state the terms of this transaction explicitly, and actually ask the visitors if they're willing to participate in it.

GDPR isn't blocking any sites, it's only disallowing a very particular way of getting users to give up their data and then monetizing that data. Nobody is entitled to their business model working forever, and some companies prefer to shut off a large segment of their market instead of updating their business model. It's their choice.


Agree. There are ways to protect your data if that’s important to you. If I walk out in the middle of a freeway I should expect that I might be hit by a car rather — the EU instead says, “let’s ban freeways”.

No, EU says "let's put signs that point to where there are (previously invisible) freeways".* GDPR does not ban any practices, it just says that certain practices need to be communicated to and approved by the people affected by them.

*metaphors can get quite silly


I personally don't think that it is any government's business to regulate a company that is not inside its jurisdiction, I also don't think think it should be their prerogative to stop me from engaging and communicating with one just because they rightfully say that it's not their job to bend the knee to them. As an adult the EU is neither my parent nor my guardian.

>They are not blocked.

Self blocking in response to a law to avoid the penalties under the law is being blocked by the law.


Self-blocking instead of making one's business model compliant with the law is a choice. An alternative would be to update the business model.

That's all there is to it. GDPR isn't banning news sites, or other companies; it's banning a very particular set of antisocial business practices.


You’re muddying the waters. Just because someone doesn’t want to take on the compliance burden does not mean they have an antisocial business practice. What you’re saying does not logically follow.

It does, you just made an illogical connection. I didn't say that companies who self-block must necessarily have antisocial business practices. I only said that GDPR is banning those practices. I also said that companies have a choice between removing themselves from European market or adjusting their business model to be compliant.

> companies have a choice between removing themselves from European market or adjusting their business model to be compliant

The problem isn't only adjusting business models. It's proving you've adjusted your business model to twenty-eight EU regulators. If one of them misbehaves, you now have to wage a legal fight in a foreign jurisdiction. Against those costs and risks is a minimum required revenue. If that revenue doesn't exist, it doesn't make sense to serve that market. Regardless of your business model.


So if a law gives you a choice in how you choose to censor a work of literature, would it be the artist's self censoring and not an act of government censorship? Assuming we applied the same logic.

> But the fact that many American newspapers, for example, are blocked in Europe is certainly something to worry about.

There's just one large company that decided to block EU visitors: Tribune Publishing[0]. Yes, them blocking Europe is bad. Them owning so many local newspapers that this decision even makes an impact is a bigger problem.

I'm not saying that they're the only ones blocking Europe, but I am saying that we wouldn't think of it to be as wide spread if it weren't for Chicago Tribune, Baltimore Sun, and LA Times (among others).

[0] https://en.wikipedia.org/wiki/Tribune_Publishing


LA Times was blocked before but now loads fine in EU. The other two are still blocked.

tronc [vt] To make content unavailable in certain jurisdictions due to unwillingness to comply with their laws.

Examples:

* Tribune have troncked Europe because their data control is jazzy.

* Google should really tronc China - fight the Firewall!


The GDPR is very similar to the old Data Protection Directive, which came into force in 1995. Many member states had done a piss-poor job of implementing and enforcing the DPD, which was largely the motivation for passing the GDPR. Directives have to be transposed into national law by individual member states, while regulations are immediately applicable across the entire Union.

https://en.wikipedia.org/wiki/Data_Protection_Directive


I'm not saying there won't be an effect, but having an effect it's why you pass a law. But 8 months in, and the landscape doesn't seem radically altered.

If anything, major players deciding not to compete in a market is good to my mind, as a means of increasing a diversity of business styles. Laws like this make businesses pay for the actual cost of thier hidden externalities.


[humor] Given the "quality" of reporting in most of the publications here, we should be thanked for that outcome [/humor]

More seriously, GDPR should not extend beyond its jurisdiction. It does though, and there are consequences. Blocking european IPs cost (loss of revenue) must be balanced against compliance costs.

Claims that "they've had N years to prepare" are specicious, if for no other reason than they aren't bound by the specific law. Meanwhile the law introduces a new, potentially large, liability. Which results in companies self censoring by geolocation.

This is what you call an unintended consequence. Remote access to quite a few resources outside of Europe is likely to be restricted should this pass into EU law. As we like to say here, elections have consequences.

FWIW, I support the aims of GDPR, and wish we would get a sane law on this here in the US as well. But I don't want our law extending to others. That would be unfair to them.


Have you ever heard about the financial law Fatca? Please read up. What about sanctions of Iran that the US forces the rest of the world to go along with?

The US is probably the biggest "exporter" of laws that are forced down the throaths of all other countries.


American newspapers don't need to care about GDPR. Most websites don't need to care about GDPR. Europe does not get to dictate how non European based websites operate. The GDPR can be outright ignored for a significant part of the internet. I have no idea why an American newspaper would give a shit about GDPR. They could literally put a huge banner up saying "fuck GDPR" and face zero legal consequences.

I’m not sure how accurate that is. It’s obvious to me that American companies larger than mine have cared enough to take action. If they really had no obligation I’m sure they would have simply done nothing.

Do they also follow Saudi Arabian law?



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: