GDPR forgive us, it's been one month since you were enforced… A month after the enforcement date of the General Data Protection Regulation – a law that businesses had two years to prepare for – many websites are still locking out users in the European Union as a method of compliance. To celebrate the milestone, El Reg is casting a vulture's eye over the sites that are giving a new …
I stumbled upon a site last night which told me to go forth and (...), so I went into the free opera vpn (damn, free plug for them too!) and chose an "Asian" server. Still no go. And the server IP was Australia.
Not that it matters, after all, it's THEIR business, not mine...
Not that it matters, after all, it's THEIR business, not mine..
It is their business, but with YOUR data. The only thought you need on the subject is what were they doing with your data prior to that in the first place so they cannot make themselves GDPR compliant. After contemplating on that for long enough, turn around slowly, then proceed at an accelerating pace away from there.
"what were they doing with your data prior to that in the first place so they cannot make themselves GDPR compliant" …...
More likely they have done a risk assessment and concluded your business is not valuable enough to them to mitigate any risk of GDPR penalties. If only 0.1% of your profit comes from EU folks its hard to justify spending much money on compliance and if you do it on the cheap there is always the risk of mistakes leading to costly fines.
The sites you can't access are ones that can't or won't guarantee they will follow the GDPR. If you want the GDPR, then you want such sites to identify themselves. Sure, you can wish they'd simply knuckle under and follow European law, but if an American (or Australian or whatever) site doesn't feel they get enough visitors from the EU to bother with, they made a cost decision that it is easier to cut you off than to risk liability. That's what you wanted, it isn't something you have a right to complain about!
First of all, this is a crass and inconsiderate response: you can't assume that we "wanted" this and you cannot accuse advocates of internet privacy and consensus-based data control to be responsible for the particularities of a certain legal implementation and/or how companies adhere to it. We absolutely have a right to complaint!
Opting in....BIG button PRESS HERE for your INSTANT GRATIFICATION!
Opt out.....here have x pages, links, making it almost impossible. (That is NOT a choice!)
Make it
1. Opt in
2. Opt in to "buy only" (I am sure there are other reasons that apply) and sod off (Option 1 covers buying stuff)
3. Sod off but I know I have to accept random ads, because you need the money...but no more ads than the ones that opted for option 1.
4. Down to you as a person....block ads...delete cookies, etc.etc....as it is now
"most people who would opt out would also wipe their cookies at the end of every session."
Already being done in my browser, via a nice plugin "cookie whitelist with buttons" and I can enable session-only cookies for most things so they'll at least WORK (but autodumps them if I turn it off and back on again, muahahahaha!). Also running NoScript. that blocks a LOT of it.
From the article: "How fast the internet could be without all the junk"
Yes, this was observed when the first TRUE adblockers were being used on phones, how much FASTER it got!
I was, at first, going to snark a lot about EU being effectively "blocked" by these sites as the side effect of gummint regulation. Then I read the article and realized it was happening from the SAME (kinds of) sites that have kept me from viewing them while I had NoScript running. Thing is, I just avoid them anyway and I think I'm better off because of it. But I blame the web providers, not the people for whom the web site is dedicated. For those web providers, I have a nice cat-5-o-nine tails and a clue-bat I'd like to test out... and maybe a 2nd floor window that tends to flip open when you lean on it.
So now everyone in EU gets to see the internet in about the same way I've been seeing it for YEARS... except, unfortunately, for those 'once in a while' times where I need to access such sites for truly important reasons, for which I will run the "jailed" browser that runs from a truly non-privileged login and deletes _ALL_ history when it closes. That would be YOU, [well known electronic parts supplier]. Your order forms are unnecessarily NoScript unfriendly. It's from bad web design, as far as I can tell, not sinister around-the-net tracking. Sad.
GDPR in the USA might be a good thing, too. Imagine the SCREAMS from "Big Intarweb" !!!
One thing that amused me is that according to at least one lawyer, geoblocking the EU won't actually absolve an organisation of legal liability if they don't comply with GDPR and someone in the EU uses their service (e.g. using Tor or a VPN).
Would that be computer trespassing if I say I do no not want people from the EU and to lie to hide that you are in the EU
IANAL but in the case of using Tor, or similar, there should no lie involved because the user has never denied their location. The company may need to introduce a 'We think you are an EU suspect, er, citizen - please confirm or deny' EU-wall for access (or maybe drop anonymous access).
How the EU (whichever part)) would decide whether a company was operating in the (substantial) EU market and had liability that the EU could enforce because of half-hearted attempts to work around GDPR, will make for an interesting (legally speaking, not like binge watching Suits) spectacle.
One thing that amused me is that according to at least one lawyer, geoblocking the EU won't actually absolve an organisation of legal liability if they don't comply with GDPR and someone in the EU uses their service (e.g. using Tor or a VPN).
So, let's say that I set up to provide a service, and for whatever reason decide that I'm not taking customers from the EU. I geoblock all inbound EU IPs. Because I provide such a good service, someone from the EU decides to go around my geoblock with Tor or a VPN. Now, I expect to get paid for my service. If the would-be customer provides me with a credit card or other payment system with an EU address, I know that he's from the EU and tell him to take a hike, and flush all info from him. No GPDR liability. If the would-be customer provides me with a payment system NOT from an EU address, then we move on. The customer has, deliberately, and with malice aforethought, fraudulently claimed to be a resident of somewhere other than his actual address. It may not rise to the level of a criminal offense, depending on exactly whose identity and address the customer appropriated and whether or not he had permission from the owner of the address/account/name/whatever. Fast forwards six months, the customer wants to invoke GPDR... He now has to expose his fraud. I could not possibly have known that he was from the EU, he went to a lot of trouble to hide his actual address. I am not liable under the GPDR; he lied to me, deliberately. If he had told me that he was actually in the EU and was using a VPN to get past my geoblocking, he'd have been tossed; I don't want any EU customers. Under current American law, I can refuse service to anyone I don't want to serve, so long as that person is not a member of a protected category. Being an EU citizen is not a protected category. Most spectacularly this particular bit of American law was used against Sarah Huckabee Sanders https://www.thedailybeast.com/sarah-huckabee-sanders-thrown-out-of-virginia-restaurant . If it can be used against the spokesperson for The Don, it can be used against anyone. Including EU citizens. As soon as I find out that you're an EU citizen, you are no longer a customer. I don't want your business. Keep your money. Go away. Find someone, somewhere else, to sell you the service. Hit the road. Don't let the door hit you on the ass on the way out. If the commissars in the EU attempt to levy a fine on me for non-compliance, well, good luck with that. I have zero assets in the EU. They can't touch me outside of the EU, and in any case the EU citizen will be removed from my database the instant I find out that he's from the EU. I have none of his PII to share with anyone. I don't want it. I don't want him.
I also don't want customers from the People's Republic of China, from the Democratic People's Republic of Korea, the Kingdom of Saudi Arabia, the Russian Republic, whatever Burma is called nowadays, whatever the Central African Republic/Empire/Hellhole is called, and about a dozen others. They're blocked too, and have been blocked for a long time; the EU just made it to the blocklist thanks to GPDR. I don't want your money. I don't want to have anything to do with you. Go away.
Let the downvotes commence.
I think I'd accept customers from EVERYWHERE, and not bother tracking people with scripty ads or cookies that can be used by 3rd parties through some ad network. Customer is king after all (NOT a commodity).
Out of curiosity, though, if you perform a financial transaction (which kinda has to be tracked in an accounting system, for audit purposes if for no other reason) then is that affected by 'right to be forgotten' ? You buy something from Amazon. Amazon knows they sold it to you. If GDPR were to force them to (effectively) erase the transaction info, it'd mess up their accounting. However I think it would be perfectly reasonable to require them NOT use the data to recommend products for you, if you want to be forgotten. "Forgotten" for advertising purposes at least (the actual transactions will have to be kept,).
Serious question, to all who compain about 'shitty sites'... if the site is so bad, why are you still going there, GDPR or no GDPR? If someone goes to the trouble of geoblocking specifically to avoid having to deal with GDPR, then why on God's green Earth are you going to even more trouble to bypass the geoblocking? Why not just go to a site which complies instead? Why go to the trouble of using a VPN to evade the geoblock when it was clear from the start that your presence was not desired? Is there seriously no other site in the world which can provide the required service? Seriously? There are many sites which have been blocking access to those who run adblockers for a long time now (Forbes, Business Insider, I'm thinking of _you_) and I simply go elsewhere. There are many sites which have asinine cookie policies (Dick's Sporting Goods...) and I simply go elsewhere. I went to the Des Moines Register site for the first and probably the last time just now, thanks to this article, just to see why on Earth someone not in Iowa would want to have a look. Frankly, I don't see any reason to go back. Their site design stinks, their local stories are of no interest to me, their national/international stories are covered better and in more detail elsewhere. So if the decided to geoblock Deepest South Florida I'd not even notice, and would care less. Whyever would someone in Europe care? Why? Seriously?
@ James O'Shea
Seriously
Serious question, to all who compain about 'shitty sites'... if the site is so bad, why are you still going there, GDPR or no GDPR? If someone goes to the trouble of geoblocking specifically to avoid having to deal with GDPR, then why on God's green Earth are you going to even more trouble to bypass the geoblocking? Why not just go to a site which complies instead? Why go to the trouble of using a VPN to evade the geoblock when it was clear from the start that your presence was not desired? Is there seriously no other site in the world which can provide the required service? Seriously? There are many sites which have been blocking access to those who run adblockers for a long time now (Forbes, Business Insider, I'm thinking of _you_) and I simply go elsewhere. There are many sites which have asinine cookie policies (Dick's Sporting Goods...) and I simply go elsewhere. I went to the Des Moines Register site for the first and probably the last time just now, thanks to this article, just to see why on Earth someone not in Iowa would want to have a look. Frankly, I don't see any reason to go back. Their site design stinks, their local stories are of no interest to me, their national/international stories are covered better and in more detail elsewhere. So if the decided to geoblock Deepest South Florida I'd not even notice, and would care less. Whyever would someone in Europe care? Why? Seriously?
Well. firstly because until you actually access a site for the first time, you are not going to know what barriers to freedom they have put up, what trackers they have to follow you about, what demands they make for permissions.
It's not like you can discover by word of mouth.
And then again I don't go beyond the loyalty oath of any American site demanding acceptance for tracking and probing visitors. It just shows there is no reason to visit/buy/examine their crap. They need viewers more than viewers ever need them.
.
Incidently, I say American because these seem the only people rolling around wetting themselves whilst screaming at this threat to their beloved economic model. Haven't heard of a Latin American, Russian, Chinese, Arabic reaction of pure capitalist dementia.
Nor strangely enough have I come across any US hosting company or allied trades, having conniption fits or blocking access to their wares.
@bombastic bob
That's fine (it's also what i'd do). It does however assume you've not paid $unreasonable to some company for a flashy website, marketing, advertising, adwords, SEO. You've been totally sold on the need to spend $$$ on this super website with all it's tracking and analytics.
You can see why some places can't throw this outlay away and "switch it all off for those Europeans".
The money pumped into the website design and maintenance, and all the related things mentioned above may well outweigh those orders form europe.
You'd be surprised at the amount of companies being bent over every month/year by a PR firm, a social media company, some marketing bods, a webdesign and SEO firm etc etc. You can't go from agreeing we absolutely need all this stuff, and approving the cost, to admitting it's all either useless or dark arts and turning it all off again. That makes you look silly to your boss/the rest of the board.
Yeah that lawyer is just an idiot looking for business. That's like saying I'm liable if you break into my garage and steal my car with broken brakes I was halfway through fixing, then crash become paralyzed.
I look forward to anyone trying that getting laughed out of court. And even if they found a stupidly sympathetic judge in Europe, good luck getting any such court order enforced in whatever part of the world the site resides!
"That's like saying I'm liable if you break into my garage and steal my car with broken brakes I was halfway through fixing, then crash become paralyzed."
GDPR is a strict liability based law. It doesn't matter how the data got there. If you store personal data of EU citizens or store personal data of anyone and are located in the EU then you need to comply.
"good luck getting any such court order enforced in whatever part of the world the site resides!"
It would be enforced in the EU. As a larger market than the US both in terms of population and in GDP not many international companies are going to want to risk that. If a fine went unpaid then any EU assets, financial transactions, etc. could be seized and the site could be blocked and or cut off from the financial system, domain names could seized, etc. etc.
It isn't international companies that are locking out EU users, it is US companies. If they had a significant userbase in the US they would have no choice but to either comply or give up a good chunk of their market.
The more insistent people are that the GDPR "doesn't matter how the data got there" and enforcing it via extraterroritorial means (doesn't this always piss of EU residents when the US tries this...I guess you guys will stop complaining about that if you think it is OK when the EU tries it?) the more incentive there is for US companies that do limited business in the US (like US news sites) to simply lock out EU users.
I have to say, judging by the comments here, if I had a web site that might be visited by EU residents and collected data I'd block the EU as well. The potential liability (even through an accidental collection/retention of data) is too great to be worth it unless the EU is a major revenue source.
Surely if someone has gone to the trouble of masking their location and other measures to bypass a restriction
This reminds me of the people who think they can evade a shrinkwrap license by having someone else click "accept" when the software is installed. Not that I agree with or support shrinkwrap licenses, but so long as our legal system does it is quite right that they have shot down attempts to evade responsibility for them by deliberately dodging them by having your kid click OK. Using a VPN to evade a geoblock and then try to claim violation of the GDPR is the same sort of shady legal tactic that I can't see any reasonable court agreeing with.
...and burn that Good Clean Coal....
I might mention in passing that the US is the ONLY country in the world that has fully achieved its CO2 reduction target under Koyoto. It has dropped its CO2 output greatly - almost entirely due to fracking for natural gas.
All other countries have failed abysmally. But they still shout about how green they are, and how evil Trump is.
What would you rather, a hypocritical country which shovels vast amounts of taxpayer money into bogus green projects that make the environment worse while polluting everywhere and claiming it's green, or a straight talking country which cuts back on green project spending and manages to pollute much less?
I thought the USA had not ratified Kyoto, not to mention ground methane leaks associated with fracking contributing back to greenhouse gases (albeit not CO2)
I agree that there have been a lot of greenwashing projects elsewhere though. Indeed UK based power plants using biomass from USA which is nicely cutting down and grinding up forests for us to claim a bit of coal usage reduction. This activity is a net contributor to CO2 emissions on both sides of the pond.
I'm not sure I would paint a rosy picture of the USA which, apparently, knows better than the rest of us.
I'm not favorably impressed with the environmental side effects associated with our fracking binge. My folks' towns in PA used to breathe the poisoned air from mining operations and comparatively filthy mine power plants. Now they drink poisoned water from the fracking operations. Short lives ending badly.
Same story around the country but what do we care? Just dump the pollution problems on those ignorant, drug addicted hicks... At least that's the attitude I'm seeing in our cities
But the US isn't a part of Kyoto.
George W Bush withdrew the US from Kyoto in 2002, labeling it "fatally flawed". This was after the Senate voted 95-0 against adoption.
And the US is still the second worst [total] CO2 polluter (behind China) and the worst polluter per person on the planet at roughly 16.7 tonnes of CO2/per person/per year. Even China "only" manages 6.7 tonnes/per person/per year.
In the interests of accuracy, you must specifically exclude countries with smaller populations otherwise the US is about 10th in the per capita queue, with a lot of the middle east countries higher up. Qatar in 2014/15 (sorry, last date I have a reference for), was up over 40 tonnes CO2pppy. See https://data.worldbank.org/indicator/EN.ATM.CO2E.PC?year_high_desc=true.
"And the US is still the second worst [total] CO2 polluter (behind China) and the worst polluter per person on the planet at roughly 16.7 tonnes of CO2/per person/per year. Even China "only" manages 6.7 tonnes/per person/per year."
massaging figures when china has a population of over a 1.4billion (93,800,000,000 tonnes of co2) against usa's 325million (5,427,500,000 tonnes)
they may be second place, but look at the size of the country... its clearly going to be producing more than most others...
"Which is why the figures you quoted are on a per capita basis"
there's lies, damn lies and then statistics.
unless its individual people producing greenhouse gases then you cant really show the numbers per capita.
the only way to make direct comparisons is to find out how many sq kilometres of land is used for industrial purposes, then compare on like for like.
Individual people generate the demand for greenhouse gas producing products and services. If half the people in the US dropped dead tomorrow because of Thanos, a lot of power plants would be shut down, a lot fewer plastic bottles would be needed etc. so the greenhouse gas usage would be cut in half (actually cut in more than half, since it would mostly be the less economic coal plants that were shut down)
If instead, the population rises, there's increased demand for electricity, increased demand for plastic bottles, and the greenhouse gas output increases as a result. Ironically, Trump's anti-immigration policy (to the extent it prevents immigration either by making it more difficult or by making immigrants fearful to come to the US) would result in less greenhouse gas output by the US since the population will increase by less than it might have otherwise. Of course those potential immigrants who stay in Mexico or central America will do many of the same things there so it won't be a net win for the planet, just for those keeping score nation by nation.
@ pɹÉÊoÉ” snoɯʎuouÉ
No massaging. OK it was a very rough calculation based on figures here:
https://en.wikipedia.org/wiki/List_of_countries_by_carbon_dioxide_emissions
China emissions for 2016: 10,432,751 (kilotonnes of CO2)
USA emissions for 2016: 5,011,687 (kilotonnes of CO2)
Population China - roughly 1.5 Billion, USA - roughly 300 Million
Want something more accurate?
Using https://en.wikipedia.org/wiki/List_of_countries_by_population_(United_Nations)
Population of China - 1,409,517,397 so CO2/Person/Year = 7.40164755838058 Kg
Population of US - 324,459,463 so CO2/Person/Year = 15.44626547076545 Kg
So, even with more accuracy, the US (whose population is a quarter the size of China's) is still way ahead of any other country on the planet for CO2 emissions per person.
Well done.
I didn't see anyone denying that the US had higher per capita emissions, but that's not what Kyoto and Paris were about. They were about slowing and hopefully reversing the trajectory of growth - which the US has done. Granted kind of by accident since a way of extracting oil & natural gas that was previously locked up was discovered and natural gas is much cleaner burning in power plants than either coal or oil.
But regardless of why it happened, it is a good thing for the world that it did and it looks to continue and nearly all US coal plants are likely to be decommissioned within 20 years at current rates.
You should have studied the carbon cycle in chemistry, in the third year of secondary school.
CO2 from carbon that has been out of the cycle for hundreds of thousands of years (i.e., from burning fossil fuels) is a pollutant, because it is adding to the cycle.
"Fresh" CO2 (i.e. from breath, or from burning recently-deceased organic matter) is not a pollutant.
Perhaps there's some confusion here between straight talking and straight talking ill-informed bollocks - it is easy with Trump in the Whitehouse for this confusion to arise. For example, from the State of the Union address in Jan, "We have ended the war on American energy, and we have ended the war on beautiful, clean coal. We are now very proudly an exporter of energy to the world."
It's straight talking and includes the word 'beautiful' but is still unremitting bollocks aimed at a receptive audience: the US is a net energy importer with even the US Dept of Energy saying next decade for that to change; 'clean coal' is about the burning/capture of emissions not the coal; natural gas is cheaper than coal for businesses; US energy production increased during Obama's tenure; etc. References on request but FFS this is obvious stuff easily found.
"that the US is the ONLY country in the world that has fully achieved its CO2 reduction target under Koyoto"
The US never ratified Koyoto to have a reduction target.
"almost entirely due to fracking for natural gas."
So not because they made any effort whatsoever to reduce CO2 in other words.
I don't remember him ever even saying anything about natural gas during the campaign. He only "cares" about coal because that's the dying industry he wanted to prop up in a few states where getting coal miners to convert from their traditional democratic votes to him could make a difference. Didn't matter in a red state like West Virginia, but may well have pushed Trump over the line in Pennsylvania and Ohio (Hillary's comments against coal certainly didn't help her cause, either)
Unfortunately for the coal industry, not only is natural gas cheaper but even unsubsidized wind power is now cheaper than building a new coal plant. The only reason coal is still being burned in the US is because there are a lot of old coal burning power plants still out there, but no new "clean coal" plants are getting built. Over the past five years and through 2020 nearly a quarter of all US coal plants will have been / will be shut down. The rest continue to get older so it will happen to them as soon as they can be replaced with modern natural gas plants and wind / solar (solar isn't as cheap with or without subsidy yet, but as it continues to drop in price someday it will be)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
