- U.S. newspapers, media outlets blocking EU citizens from sites
- Strict data regulation and threats of fines to blame
A number of high-profile US news websites are temporarily unavailable in Europe after new European Union rules on data protection came into effect.
The Chicago Tribune and LA Times were among those posting messages saying they were currently unavailable in most European countries.
The General Data Protection Regulation (GDPR) gives EU citizens more rights over how their information is used.
The measure is an effort by EU lawmakers to limit tech firms’ powers.
Under the rules, companies working in the EU – or any association or club in the bloc – must get express consent to collect personal information, or face hefty fines.
Which sites are unavailable?
News sites within the Tronc and Lee Enterprises media publishing groups were affected.
Tronc’s high-profile sites include the New York Daily News, Chicago Tribune, LA Times, Orlando Sentinel and Baltimore Sun.
Its message read: “Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market.”
Lee Enterprises publishes 46 daily newspapers across 21 states.
Its statement read: “We’re sorry. This site is temporarily unavailable. We recognise you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore cannot grant you access at this time.”
CNN and the New York Times were among those not affected. The Washington Post and Time were among those requiring EU users to agree to new terms.
What is GDPR?
Lawmakers in Brussels passed the new legislation in April 2016, and the full text of the regulation has been published online.
Misusing or carelessly handling personal information will bring fines of up to 20 millions euros ($23.4m;£17.5m), or 4% of a company’s global turnover.
In the UK, which is due to leave the EU in 2019, a new Data Protection Act will incorporate the provisions of the GDPR, with some minor changes.
All EU citizens now have the right to see what information companies have about them, and to have that information deleted.
Companies must be more active in gaining consent to collect and use data too, in theory spelling an end to simple “I agree with terms and conditions” tick boxes.
Companies must also tell all affected users about any data breach, and tell the overseeing authority within 72 hours.
Each EU member state must set up a supervisory authority, and these authorities will work together across borders to ensure companies comply.
This is it.
Today, our EU #DataProtection rules enter into application, putting the Europeans back in control of their data.
Europe asserts its digital sovereignty and gets ready for the digital age.
Read our statement → https://t.co/P19IRPWfqv #GDPR pic.twitter.com/hwCKSj2TjE
— European Commission 🇪🇺 (@EU_Commission) May 24, 2018
The new chair of the European Data Protection Board, Andrea Jelinek, told the FT they expected cases to be filed “imminently”.
“If the complainants come, we will be ready,” she said.
Ireland’s data regulator Helen Dixon also spoke to the newspaper, saying the country was ready to use “the full toolkit” against non-compliant companies.
Both Facebook and Twitter have their EU headquarters in Ireland.
The new rules come amid growing scrutiny about how major tech companies like Google and Facebook collect and use people’s personal information.
Facebook founder Mark Zuckerberg faced questions from MEPs earlier this week about his company’s collection of data.
Are the rules good news for consumers?
Definitely, says the Which? consumer rights group.
“GDPR will strengthen your personal data rights, including the way companies handle your data and redress for misuse of that data,” says Which? consumer rights expert Adam French.
“Companies will need to tell you exactly what you’re signing up for and you will have more control when it comes to opting out of future communications.
“You will also have more opportunities to make a claim for damage caused by the misuse of your data,” he says.
Ailidh Callander, legal officer for campaign group Privacy International, says the new rules have “been a long time coming”.
“GDPR is an important step in the right direction,” she says.
Why are companies concerned?
The penalties for wrongdoing could be quite hefty, especially for big companies.
The new rules give the Information Commissioner’s Office (ICO) powers to fine firms up to €20m (£17.5m) or 4% of global annual turnover for serious breaches.
Many smaller firms may not be prepared for the regulations coming into force, business body the Federation of Small Businesses (FSB) says.
“GDPR is here and the likelihood is that many of the UK’s 5.7 million smaller businesses will not be compliant,” chairman Mike Cherry said.
He says the “burden and scale” of the reforms have proven too much to handle for some.
And he says many small firms fear the ICO will be heavy handed in dealing with non-compliance, “slapping” them with fines.
What does the watchdog say?
Elizabeth Denham, the Information Commissioner, told BBC Radio 4’s Today programme that small businesses which did not make extensive use of customer data would not come under close scrutiny.
Instead, the focus would be on big companies – particularly those in the technology sector – that “deliberately, persistently or negligently misuse data”, she said.
While small businesses “should not panic” if they suffer a data breach, Ms Denham said there were some basic steps that companies should take to protect data.
As well as individuals being able to bring a complaint to the ICO, she said it could take action as it did in the case of Cambridge Analytica and Facebook.
She acknowledges there will be no grace period for businesses – the rules will be fully enforced from 25 May.
However, she says firms have had two years to prepare.
Are all businesses worried?
Business body the CBI believes many firms are ready for the new rules.
“You only need to look at your inbox to see businesses up and down the country are stepping up to make sure people are aware of their privacy policies,” a CBI spokeswoman said.
But firms that aren’t compliant “need to get their action plan sorted quickly”, she said.
The ICO is ready to help, and businesses should also consider getting external legal advice, she said.
“GDPR marks a watershed moment in how businesses deal with people’s data… How firms act with personal data goes right to the very core of trust in business.”
A data headache
By Kevin Connolly, BBC Europe correspondent
Millions of email inboxes all over Europe filled in recent weeks with messages from anxious companies seeking explicit permission to continue sending marketing material to and collecting personal data from their customers and contacts.
The new rules govern not just the collection and storage but its sale and exploitation for marketing – some companies based in the United States have decided to stop trading in the European Union at least temporarily rather than risk falling foul of the new law.
Members of the European Parliament (MEPs) see themselves as global leaders in a battle to reduce the power of giant internet technology companies and restore a degree of control to citizens and their elected representatives.