News sites fall foul of EU data protection rules
People in the European Union have been unable to access major online news sites based in the United States for the past month because the companies are not compliant with the EU’s new rules on data protection.
The blocked websites, including those of the Los Angeles Times and the New York Daily News, have been unavailable throughout the EU since the General Data Protection Regulation, or GDPR came into force on May 25.
The regulation gives citizens of EU member states control over how companies use their personal information. The BBC reported that news sites operated by media giant Tronc, which was previously known as Tribune Publishing, and by Lee Enterprises are among those that have fallen foul of the new law.
In order to comply with the GDPR, companies providing a service within the EU must show they have a lawful basis for processing personal data, or they could face a fine of up to 20 million euros ($25.6 million), or 4 percent of their annual global turnover, whichever is greater. Companies must also get the consent of online users before retaining personal information.
Tronc, which owns websites for the Chicago Tribune, Orlando Sentinel, and Baltimore Sun, said in a statement: “Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market.”
Lee Enterprises runs 46 daily newspapers in the US and hundreds of weekly and specialist titles. It has posted an online message saying its sites are “temporarily unavailable”.
Other US-based news sites, including those of The Washington Post and Time magazine, are available in the EU because the companies have taken steps to comply with GDPR including requiring EU users to agree to new online terms and conditions.
According to TechRadar, an online publication that focuses on technology issues, companies wanting to be GDPR-compliant must, in addition to gaining permission from users before storing information and justifying the collection of data, also have a privacy policy that includes clear information about how customer data is used, and they must say whether they share data with other entities. Customers must also be able to require the removal of their details from a website and from its database.