GDPR: Tech firms struggle with EU's new privacy rules

  • Published
Instapaper
Image caption,

Instapaper will temporarily stop EU residents from using its service

Several tech firms have opted to block EU residents from using their services because of concerns they are not compliant with a shake-up to the 28-nation bloc's data privacy laws.

The General Data Protection Regulation (GDPR) comes into force on Friday.

It gives the public more rights over how personal information is used and raises the amount firms can be fined.

The UK's privacy watchdog has stressed that it accepts that some firms will have more work to do.

"It's an evolutionary process for organisations," blogged Information Commissioner Elizabeth Denham, external.

"Organisations must continue to identify and address emerging privacy and security risks in the weeks, months and years beyond 2018."

Media caption,

WATCH: What is GDPR?

'Short notice'

Even so, Pinterest's news-clipping service Instapaper is one of the most high-profile services to announce that it will bar EU users from accessing its platform from Friday.

It has emailed users to say that this is a temporary measure and that it intends to "restore access as soon as possible".

"I know that it was too short notice," tweeted the service's chief Brian Donohue, external, who has not detailed in what ways the service would have been non-compliant.

"I underestimated the scope of work and it was not possible to complete by the deadline, this was the required alternative."

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Brian Donohue

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post by Brian Donohue

The movie and TV review app Stardust has gone even further.

It has removed its product from EU versions of Google Play and Apple's App Store, and deleted all EU residents' records.

"Without deleting EU accounts entirely, we would be storing data about EU residents and therefore would be required to adhere to GDPR laws," it explained, external.

"So unfortunately, we cannot simply block access or freeze EU accounts for the time being."

Unroll.me - a service that promises to declutter users' email inboxes of unwanted messages - is another product to have temporarily halted its service to EU customers and deleted accounts.

Some start-ups have signalled that they are pulling out of the EU and do not intend to return.

They include Payver - a San Francisco-based dashcam app that pays users for video footage, which it uses to keep maps up to date.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post 2 by Payver

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post 2 by Payver

Several video games companies are also blocking EU citizens' access to older products rather than update them, and in some cases have pulled titles offline altogether.

They include the multiplayer shooter Loadout.

"We don't have the resources to update Loadout to GDPR compliance, and a big portion of Loadout players come from the EU," it explained via the Steam store's website, external.

"Sadly, while big companies have the resources to comply with the GDPR, that's not always the case for small businesses."

Image source, Gravity
Image caption,

Europeans inside and outside the EU will lose access to Ragnarok Online

Other examples include:

For some, however, the situation has presented an opportunity.

Several services have cropped up offering a way for website administrators to block EU-based visitors rather than check their pages meet the new requirements

Image source, GDPR Shield
Image caption,

Website owners are being offered ways to block EU residents

Forbes lock-out

Elsewhere, several of the larger tech firms have taken steps to overhaul their privacy measures.

Yahoo has rolled out new consent forms that allow users to pick which third-parties they want to allow the service to share data about them, in order to serve personalised ads "and understand your interactions".

Some users who failed to set their preferences before midnight on 23 May will have found that third-party software - including their smartphone's native email app - will have stopped logging into the service, external until this was done and their password re-entered.

Image source, Yahoo
Image caption,

Yahoo is allowing users to specify which third-parties should be able to send them personalised ads

Apple's privacy management tools also went live earlier this week, as did Spotify's.

Some users have, however, been surprised by the measures taken by the Forbes news site.

If users opt out of accepting "functional cookies" within its new privacy settings, they are blocked from viewing any content on its site until they change their minds.

Image source, Forbes
Image caption,

Forbes users are presented with this notice if they opt out of receiving cookies within its new settings

Meanwhile, many internet users are receiving a last flurry of emails asking them to opt into marketing communications.

Organisations do not need to obtain fresh consent if their customers opted in to such adverts in the past or they can cite other "legitimate interests" for writing to them in the future.

But if the sole basis for emailing them would be that they had not unticked a box in the past, then they should be removed from their contact lists.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post 3 by Jane Merrick

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post 3 by Jane Merrick

Related internet links

The BBC is not responsible for the content of external sites.