U.S. Websites Go Dark in Europe as GDPR Data Rules Kick In


U.S. Websites Go Dark in Europe as GDPR Data Rules Kick In

New European law foresees steep fines for companies that don’t comply with rules

By Natalia Drozdiak and Sam Schechner Updated May 25, 2018 8:29 a.m. ET

BRUSSELS—Europe’s new privacy law took effect Friday, causing major U.S. news websites to suspend access across the region as data-protection regulators prepare to brandish their new enforcement powers.

Tronc Inc., publisher of the Los Angeles Times, New York Daily News and other U.S. newspapers, was among those that blocked readers in the European Union from accessing sites, as they scrambled to comply with the sweeping regulation.

“We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market,” the company said in notices it displayed when users attempted to access its news sites from the EU on Friday morning.

Others U.S. regional newspapers owned by Lee Enterprises Inc., as well as bookmarking app Instapaper, owned by Pinterest. Inc., were also blocking access in the EU.

The EU’s General Data Protection Regulation foresees steep fines for companies that don’t comply with the new rules, aimed at giving Europe-based users more control over the data companies hold on them.

Businesses have raced to comply with the new law, but surveys indicate that a majority may not be ready.

Companies are unlikely to be blindsided with harsh penalties Friday, because the rules don’t apply retroactively—but some companies are deciding it is safer to suspend access in Europe rather than risk sanctions—which the EU’s top privacy regulator Thursday warned could come soon.

“I’m sure you won’t have to wait for a couple of months,” said Andrea Jelinek, about when the first fines could land. On Friday, Ms. Jelinek is expected to be voted in as the head of a new European Data Protection Board, which includes national data-protection regulators from each of the EU’s member countries.

As of Friday, firms that violate the EU’s privacy rules risk fines as high as 4% of their global revenue.

Companies will be required under the GDPR to report data breaches within several days. In addition, companies will often need to obtain users’ consent to process their personal information. Customers will have the right to see what data companies hold on them and can request for some to be deleted. Companies are responsible for showing they are complying with obligations.

Firms of all sizes have been racing to overhaul their systems in time for the deadline to show that the way they gather and handle information about Europeans follows the rules.

Speaking at a press briefing, Ms. Jelinek said companies should have had plenty of time to comply with the new law, given that the regulation was adopted in 2016. Lawmakers delayed the law’s implementation by two years to give the companies that time. “The situation isn’t new,” she said.

Aggressive potential penalties are likely to affect some business decisions. Large enterprises acquiring small startups that use personal data might decide against launching a service in Europe, out of concern that the startup could expose the parent to a fine based on the entire enterprise’s revenue.

“If I could choose between [launching a data-related business] in Paris and in New York…I’m going to at least advise the business people to do it in New York,” said David Hoffman, global privacy officer at Intel Corp.

GDPR arrives as Facebook Inc. is still struggling to contain the fallout from revelations that data-analytics firm Cambridge Analytica improperly obtained the personal information of as many as 87 million users of the social network.

Facebook CEO Mark Zuckerberg visited European Parliament on May 22 to answer questions about the scandal, which EU officials say only reconfirmed the need for the new privacy rules and helped promote the legislation to the broader public.

The EU’s national privacy regulators, who are each also in charge of tasks like authorizing firms’ data transfers abroad, are unlikely to have the bandwidth to crack down on large numbers of companies across different sectors. Tech companies that profit from users’ data are therefore likely to be prime targets, said EU Justice Commissioner Vera Jourova. The data-protection authority of Ireland has said it would prioritize cases where large numbers of users’ data is processed, which it considers higher-risk.

One still-unsettled question is exactly what data companies can collect. Companies are arguing that certain types of information are necessary to fulfill a contract with the user; meanwhile, activists are planning to challenge some large companies over that question.

Dale Sunderland, deputy commissioner at Ireland’s privacy regulator, said the agency was leading a group of data-protection authorities who are investigating that particular issue. He said he expects the EU’s privacy regulators to publish a paper on the topic in the fall.

“We believe that we collectively need to look into and address this matter to provide clarity for the use of contractual necessity for free online services,” Mr. Sunderland said.


To Read New GDPR Privacy Policies You'll Need a Football Field

Those updated privacy policies flooding your inbox due to Europe's GDPR compliance deadline on May 25 are so long that if you print out the ones from 30-some most-used apps, you could span a football field. Really.

On Thursday, Facebook’s Mr. Zuckerberg told a tech conference that his company has worked hard to comply with the GDPR, including by asking users to opt-in to see targeted ads on Facebook based on their use of other websites and apps.

“The vast majority of people choose to opt in,” Mr. Zuckerberg said, “because the reality is, if you’re going to see ads on a service, you want them to be relevant and good ads.”

Companies aren’t the only ones scrambling to get into shape with the new law. The European Commission, the bloc’s executive body, said eight countries including Belgium, Bulgaria and Hungary were late in implementing the necessary national legislation for GDPR. The commission can launch court proceedings against any member state that fails to implement EU legislation.

Regulatory agencies in other countries worry they are under-resourced for the workload expected to come down the pipeline, Ms. Jourova, the justice commissioner, said.

Asked about the issue of resources, the data-protection board’s Ms. Jelinek said, “We will try to do our best and we will act in a very professional way.”

Write to Natalia Drozdiak at natalia.drozdiak@wsj.com and Sam Schechner at sam.schechner@wsj.com

https://www.wsj.com/articles/u-s-websites-go-dark-in-europe-as-gdpr-data-rules-kick-in-1527242038

Comments

Post a Comment

Popular posts from this blog

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke...
Read more

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that th...
Read more

New ATM's: withdraw money with veins in your finger

New cash machines: withdraw money with veins in your finger Cash machine technology that reads the pattern of finger veins is already available in Japan and Poland   By Telegraph Reporters 6:59PM BST 15 May 2014 Cash machines could soon be installed with devices that identify customers by reading the veins in their fingers. The technology is already being rolled out in Poland, where 1,730 cash machines will this year be installed with readers, negating the need for a debit card and Pin. Developed by Hitachi, the Japanese electronics firm, the machines read the patterns of the veins just below the surface of the skin on your finger using infra-red sensors. The light is partially absorbed by haemoglobin in the veins to capture a unique finger vein pattern profile, which is matched to a profile. The technology is used by Japanese banks and also in Turkey, offering “groundbreaking levels of accuracy and speed of authentication”, Hitachi said, which in t...
Read more