Sites go dark under EU law
Many U.S. websites block users in Europe as stricter standards on privacy take effect.
The European Union’s new data privacy regimen, the bloc’s first major overhaul of rules governing people’s data since 2005, took effect Friday after months of sometimes frantic preparations by virtually any company that operates a website accessible there.
While some European users complained about being blocked from accessing their social media accounts or certain U.S. sites Friday, others heralded the changes as a milestone for internet privacy in Europe and around the world.
What has changed for users?
People in the European Union have a right to know what data are collected about them and why, how long it will be stored and how it will be processed.
Users also have a right to have their personal data deleted in certain circumstances. They also need to have the ability to appeal to the human decision makers behind algorithms.
Organizations need to obtain active consent from individuals before collecting data in many circumstances and are obligated to report data security breaches to authorities within 72 hours.
What if companies don’t abide?
Governments can fine organizations up to 4% of their global revenue for noncompliance, including for failure to process data lawfully, for not having a data protection officer and for security breaches.
Is anyone risking legal consequences?
Yes. None of Your Business, a privacy watchdog in Vienna, filed complaints Friday against Google, Facebook, Instagram and WhatsApp.
The group believes that those four social networks or messaging services essentially force users to agree to their privacy standards or not use the services at all, rather than modifying their standards to ensure more privacy and data protection. What downsides do consumers face?
Some companies have chosen to go blank in Europe instead of having to comply with the expansive privacy regulations, including websites such as Unroll.me and Klout.
More widely accessed U.S. media outlets similarly blocked some of their European users starting Friday. It is uncertain when or if those websites will become accessible again.
Before the law took effect, consumers also complained about bureaucratic challenges, such as an influx of consent-seeking emails from companies trying to distribute their newsletters, or doctors making their patients sign long forms about how to store their data.
Why did Europe take this approach?
European Union regulators have always been much tougher on the tech companies than their U.S. counterparts have; for instance, the EU forced the companies to give users more control, imposing fines for noncompliance and requiring platforms to spot and delete illegal content.
Depending on the EU country, there is generally also more public backing there than in the U.S. for the sort of expansive regulations that took effect Friday.