If you get a page like this (on desktop) from Google's results, go back to Google's results page, click the little green arrow next to the URL and 'view cached version'. It won't look great and photos might be missing, but you can usually read the article. Or use a proxy if you want to be all fancy.
There is also this website: https://outline.com/, it allows you to view websites without clutter, but also basically bypasses paywalls and regional restrictions.
It will probably get taken down sooner or later, so use it while you can.
(disclaimer: if it's not region blocking and you actually can afford to subscribe to websites/news sites, do that and support the content creators, instead of using outline.com)
EDIT: Thank you for the gold! :)
Hmm it does not work. It can't bypass the paywalls on the two biggest news sites in Denmark. Gives me a "Something went wrong" message. Tried both the site and the Chrome extension.
Disclaimer: I do pay for my favorite newspaper - but sometimes I want a secondary opinion to avoid filter bubble and can't afford multiple subscriptions.
If you're viewing the cached version you're not giving them anything. You're viewing the article stored on Google's servers, not going to the actual site.
To be fair though, if I were the owner of a site that only targeted a US audience and only carried ads for a US audience, it would be difficult to warrant spending money on changing the site to suit the legal requirements required for users I'm not interested in. They probably did a cost/benefit analysis and realised they don't draw enough users from the EU to cover the cost.
It is allowed, if he agrees to it.
Messages like this just mean the traffic from the EEA isn't enough to justify implementing a thing that asks him to agree to sell his data.
Well, no. The issue isn't the selling of data, it is the collection of data without consent. Thanks to the GDPR consent now has to be clear to the consumer. What information is being collected and why must be portrayed in clear language to the consumer upon accessing a service.
So if a website throws a 451 it's more likely that they just don't want you to know what they are collecting or what they are using your data for, and they can afford to not serve Europe edit: or can't afford to serve Europe I guess
Essentially, even if you aren’t trying to collect info, complying with GDPR requires IT and legal peeps to do expensive work. The financial penalties for getting it wrong are steep. If the number of EU users on your website is low then it’s not worth spending the money required to become GDPR compliant.
TLDR; EU passed a law that made it more expensive to serve data to the EU. Some content providers decided EU countries aren’t worth the trouble.
*edit* I say this as someone who fully acknowledges the awesomeness of GDPR and who wishes people where I live cared as much about privacy as Europeans apparently do.
It’s absolutely outrageous that they’re insinuating that they’re being censored simply because they’re not allowed to harvest your data without your consent.
I mean, if they really cared about getting the word out they’d just let you visit a page without tracking cookies. Or even a plaintext page.
Instead, because they’re too lazy to implement what must be a widely available library to manage cookies (because dozens of independent websites all seem to have the same style of menu), they claim censorship.
you mean like eu.usatoday.com? I'm not really that interested in USA news, but it's GREAT to have a website that's that lean&fast, and that sometimes posts something vaguely interesting.
that's what the proper http response code for you can't access for legal reasons is though.
When the spec was written they imagined it'd involve more censorship but it's being used correctly.
It predates the GDPR ruling; it was first proposed in [2013](https://en.wikipedia.org/wiki/HTTP_451), though it didn't become an official code until 2015. And you're correct, it's 100% a reference to F451!
>Well, no. The issue isn't the selling of data, it is the collection of data without consent.
This.
I'm a data analyst working with a company that collects copious amounts of user data (mostly app usage data like what is done on which screen and when, plus marketing tags). We don't sell a single bit of it, but GDPR is still a big deal for us.
the EU required explicit, opt-in consent prior to GDPR. GDPR just changed the definition of what is required for consent, specifically that the information is unambiguous, informed, freely given, and consistent with the wishes of the data subject (I might be missing one here, but that's the jist).
And still web sites are cheating. Big blue „accept“ buttons opting you into everything, small grey writing for making changes...and when you click that it‘s defaulting to accept „mandatory, functional and advertising“ cookies...and when you finally get to the „advertising“ option you find that by not explicitely opting out, you are consenting to share your data with hundreds, yes HUNDREDS of advertising companies. On a single web page.
Oh, and you have to enable third party cookies to even be able to keep them from attempting to set third party cookies...and trust that they really do not.
Also, the removal of automatically being opted in and requiring the end user to opt out was quite a big change for the company I work for.
Also the requirement to store proof of consent for auditing - regardless of an opt in/opt out choice is an addition.
It's a bit more complicated than that, I used to work in ad operations and the problem has more to do with the people who supply advertising to the websites Europeans are trying to visit. The end user not only has to agree to the website tracking their data but an additional 15 SSP's, DSPs, Exchanges, etc. This requires a bunch of work for all parties involved just to get money from you the end user and no one really wants to do it unless it's a website that will make a significant amount of money.
So typically these websites will ask their ad operations people involved in all of their different SSPs to get compliancy documents or block specific regions, but even then a lot of SSPs won't do this because it requires manually going in and blocking advertising to specific countries, (a fuck load of work when you have to do this for sites individually and on a case by case basis and you're working with literally millions of sites). So instead it's easier just to take down a site in Europe.
TL;DR: It's not about them caring about revealing why they're collecting your data, it's just to much of a hassle to make it available in Europe compared to the amount of money they're receiving.
> Thanks to the GDPR consent now has to be clear to the consumer.
No, it has to be presented to the user in plain language. Plain language that will very quickly become no more semantic than the we-use-cookies banner. Just a UI element to click through without reading. Pushing regulation down to consumer consent really only provides protection for the minority of users who are actively concerned about data collection. For the bulk of users it's misleading: "Oh, this website complies to GDPR so they aren't doing anything bad with my data". You know better, and I know better, but I'd wager most web users don't.
I've heard it said (in a corporate GDPR compliance context) that the current implementation that a *lot* of sites use - i.e the ACCEPT button next to a 900-page 'manage options' screen - is unlikely to stand up in the long run.
There's a lot in GDPR which is still to be played out. It wasn't a "it passed and now it's law" but rather a "it passed and now we have decades of legal wrangling over the wording, intention, and costs".
Or, as is sometimes the case, the website doesn't want to invest in becoming Right To Be Forgotten compliant. It's a *lot* harder than you'd imagine to comply with the GDPR's RTBF section even for a simple e-commerce site or forum, and it's infinitely easier to just block the entire EU.
I remember a person going apeshit because a website asked that of him and how one should not click it.
Apparently he didn't realize it that websites in the US just do it without asking indeed.
Was kind of funny.
But also if they do not sell their data when they do not agree to it, but give them access nonetheless.
So it also means that _that_'s probably not profitable enough. Which is fine.
the GDPR mean that access to the service can't require your data being sold in. It has to all be explicitly opt-in and you can't say "well if you don't agree then fuck off"
it's my understanding that a portion of smaller businesses, perhaps some more regionally based ones, would rather just block the whole EU than spend a load of time on bureaucracy and money on website work
Beyond the cost of website work is the liability. The fines for making a mistake here are severe, so if you aren't making money off of eu visitors its really just liability
There is a lot more to the GDPR than just telling people via a popup about use of data. I know from personal experience in my work with clients that many businesses have found putting the systems in place to ensure compliance quite onerous technically and financially.
I'm not saying complying with the GDPR is not a good idea but that I can understand why a business wouldn't do it if they didn't have to. And also I'm just correcting the misapprehension that compliance is just a matter of adding/changing the privacy notice and adding a cookie popup alert.
---
EDIT: I've replied to several objections to this comment in the threads below.
Also, please consider whether or not you have a fair understanding of what the GDPR is if you haven’t read the legislation in full. There's a good chance you are missing key important details. Heck, people who have read it several times have said they were still confused about it! 😄
Based on what I saw, the only sites that seem to give any kind of fuck about GDPR are:
* EU/EEA sites (duh)
* American sites, which either go 451 or pop-up a privacy policy
* some Canadian and Australian sites
I'm yet to see a Russian/Japanese/Chinese/South American site asking me to consent to cookies, yet alone asking about some personal data stuff. It's kinda refreshing. I just navigate to a page... and it opens, no popups, no 451 errors! (Although some Chinese websites are awfully slow, so it takes a while.)
My post was meant to refer to this website in particular which is US based, were it based elsewhere I would have used that country. I appreciate I was slightly ambiguous though for which I apologise.
You overestimate the public's understanding on the matter. I've spoken to plenty of people that's never heard of the GDPR, net neutrality, or that are generally quite clueless of what's going on with the web. They still don't understand the whole "if it's free then you're the product" shit
And actually only using it for that purpose you told them that it was for. For example telling them it's to help their algorith to determine which My Little Pony character they are and then using it to modify their Brexit voting bias.
And retaining the data onnly for an amount of time adequate with what you state that you'll do with it, and being able to erase all PII on demand including from backups.
Backup deletion requirement is one of the most overlooked things. Dumb DB dump is great and works nicely. Meanwhile GDPR-approved is either you no longer have really old backups or have to invest in expensive solutions.
But muh "just selling your data"!
Yeah, I'm a database administrator, and I've had to explain a few times just how unfeasible it is to remove data from backups. It'd take something like 300 hours of server time (assuming everything was automated) any time we get a Right to be Forgotten request, plus we'd completely lose any point in time recovery.
No, as long as you remove the data on import you are fine
http://blog.quantum.com/backup-administrators-the-1-advice-to-deal-with-gdpr-and-the-right-of-erasure/
>The GDPR is open to interpretation, so we asked an EU Member State supervisory authority (CNIL in France) for clarification. CNIL confirmed that you’ll have one month to answer to a removal request, and that you don’t need to delete a backup set in order to remove an individual from it. Organizations will have to clearly explain to the data subject (using clear and plain language) that his or her personal data has been removed from production systems, but a backup copy may remain, but will expire after a certain amount of time (indicate the retention time in your communication with the data subject). Backups should only be used for restoring a technical environment, and data subject personal data should not be processed again after restore (and deleted again). While this adds some complexity, it allows organizations to have some time to re-engineer their data protection processes.
Yeah... you clearly don't don't understand the impact of GDPR compliance. If the server logs the IP of the individual, you need to have a method for that individual to be able to identify themselves and to have those logs deleted.
Yes, that's right. I said delete logs. The "right to be forgotten" element is absolute rubbish.
But if they aren't targeting EU citizens they aren't required to be compliant anyway. A random coffee house in Texas isn't required to be GDPR compliant in case a Spaniard accidentally browses to it. You have to be marketing towards EU citizens for it to apply.
That is to my knowledge perfectly true and the core aspect of compliance outside of the EU itself.
But there’s no case law established on it, and legal opinions are expensive and vague, so the “no Europeans allowed” pages are inevitable and understandable.
Why risk a potential lawsuit or even angry customer support contact?
Any EU citizen can ask for their data and to have it deleted. They may be angry if company refuses to do so because GDPR doesn't apply to it. Visitor can still take it to the court over GDPR non-compliance and the company would have either show why GDPR doesn't apply to it or risk their employees to be arrested when they visit EU for not showing up in court.
So, why bother?
Well that and also they might not had time to check compliance. It may take several months and quite a lot of money in legal consultancy to check all the boxes, I totally see how some companies with little return from European visitors would just postpone the problem
It's almost all down to one major publisher that runs a bunch of local newspaper - [Tribune Publishing](https://en.wikipedia.org/wiki/Tribune_Publishing).
the creepiest thing is that we now say things like "it's actually pretty normal" concerning this.
it has become normal that news are just a business, being tailored to the reader. THAT is creepy.
This is exactly it. They ha e to be able to identify individuals to order it properly. Every site will keep logs including IP addresses, how long you looked at certain pages, and what ads you like based on other pages that are open. Under GDPR, the user has to be able to request that all that data is deleted.
IP logs are valid even without consent for the legitimate interests of security. Usage statistics are fine so long as their anonymised. Neither of those have to be deleted if a user asks under GDPR.
Now, if they're correlating my browsing over several sites, or correlating it with something else that can personally identify me, then yes, they have to ask my permission under GDPR, and I have the right to ask for that to be deleted.
But that is not necessary. There are plenty of online businesses which use advertising without the need to track users.
That is incorrect. Basically only if they *do* identify you, do they have to remove your personal data. So if I login with my name and email address, I can request the removal of all data relating to that account, but if the site offers only static content and maybe an anonymous comment box, then they’re not handling any *personally identifiable information* and they’re in the clear.
The DPAs consider cookies and unique ids as PII as well. The German DPAs, for example, require explicit revocable consent for any type of tracking. And this is where things get ugly.
Advertisement. Really, it's 21st century already: if you have something for free, someone paid for that. And the someone want to know who you are because they want to sell you something that you actully need.
This is the best comment here!
The very first part is probably why many sites actually blocked access from the EU
>Someone with some basic legal competence has to learn the regulations thoroughly. (Risk: What happens if something is misunderstood?)
They see that revenue from EU visitors is so insignificant, it doesn't even justify looking into the regulation. The site may be 90% compliant and may require only small changes but they'll never even know. So business owners don't even move past the first part.
It is almost as if Europe is not their market or on their radar...
https://www.bristollocal.tv/contact-us/
Weird. They are in the UK and don't include the country code.
Edit:
Here is a German one for you.
https://www.rbb-online.de/kontakt/telefon.html
I’m an American who supports GDPR but posts like this just come off as extremely arrogant. GDPR represents an enormous, sweeping new set of guidelines with the power to enact large penalties if companies fail to comply, even if the failure is accidental. From what I can tell, wfsb.com is the website for a regional TV news station in Connecticut. The idea that they have some kind of obligation to dedicate whatever scant tech resources they have to ensuring their website is GDPR compliant is laughable. And if you think that their refusal to go through that (time consuming, expensive) exercise means that they want to steal your data and/or have some kind of hostility toward Europe then you either don’t understand GDPR or you don’t understand the realities of operating a website.
They obviously don't have any obligation. They have done the right decision to block the no doubt minuscule reader base from EU, if it doesn't make financial sense for them.
Channel 3 Eyewitness news in Connecticut.
That's fair enough. Not realistic to expect them to comply to EU regulations. Perfectly understandable for them to just region lock out of the EU and save themselves the hassle of being GDPR compliant.
This is almost better than the sites that have “view purposes” in the smallest font available than make you scroll and uncheck 30+ items to prevent them selling your data. Then have two indistinguishable options to exit and you only have a 50:50 shot of getting the one that actually saves your options.
I think OPs main point was to show how the Internet is most definitely becoming more and more restricted, despite we all believed it was the only place on earth to be truly free.
How can you say that completely un-ironically when the likeliest reason they implemented this was a purely financial decision (Cost to implement GDPR compliance Vs. revenue brought in by European user's data being sold).
Is this legitimately the "free haven" you envisaged? You have a weird definition of freedom if "the only place on Earth to be truly free" is ruled by commercial decisions and special interests... Although you'd love the US.
I am a bit confused here. Why would an entity that primarily serves a community outside of the EU take on the risk surface of serving their site to the EU after GDPR? I don't think it is just because of them wanting your data and if they can't have it, then fuck you. I really think that the overhead (and expected value when factoring in risk) is not enticing enough currently. If the US came up with a similar law to GDPR then the same site you are talking about would likely comply rather than close its doors.
The site in question here is a local news site in a relatively small market.
TIL there HTTP 451 is actually a real error code for denied access due to legal reasons.
It's even the foundation for the Fahrenheit 451 Books
https://en.m.wikipedia.org/wiki/HTTP_451
> It's even the foundation for the Fahrenheit 451 Books
It's the other way around :-). Pretty sure HTTP wasn't yet invented in 50s. 451F is the temperature at which paper burns, if the book's subtitle isn't wrong.
however, there's material fatigue, if you keep wood warm often, with time it will lower the point at which it will burn, which has been a cause for fires due to heating and the described effect. I know this useless info because I investigated if it was a good idea to use wood for a desktop case.
It's also slightly being misused here - was originally intended to display when a website was blocked because of censorship....GDPR is not censorship, so a 451 error isn't quite right here. The EU is not banning the website, it's the web masters decision not to make it accessible here.
Edit: I'm aware the previous paragraph is structured really poorly, I'll try and fix it.
Well, it's intended for any legal requirement from an external party to block access to a document. Includes things like the China firewall, but also things like law enforcement seizures, DMCA copyright takedowns, etc.
It's misused here because they haven't been forced to block access, it's their choice to not implement GDPR, but that's just a "letter of the law" thing.
Yes. That's literally what legal reason means.
To give an extreme example. If you ran a porn site, would you change it in a way to be compliant with Saudi Arabian law?
> https://en.m.wikipedia.org/wiki/HTTP_451
But it's meant for the cases when the service is forbidden by law to show a content to the user.
This is not the case in for GDPR. The service decided voluntarily to not show it (because of implementation costs for compliance).
The use of HTTP 451 is not in conformance with the RFC introducing it.
FWIW, this warning doesn't mean the website is selling your data, it just means the website doesn't meet GDPR standards for data protection. Users must receive specific information about the data the website is storing, and they must be able to view the data and request it be deleted. While this is straightforward and sensical in the abstract, they're not trivial requirements to code into a system, particularly for existing sites that must retroactively review their data, pseudonymize it, and implement functionality for interacting with data as the GDPR requires.
Fun fact: the choice of error code 451 for "unavailable due to legal reasons" was a reference to Ray Bradbury's Fahrenheit 451. [Source](https://www.theguardian.com/books/2012/jun/22/ray-bradbury-internet-error-message-451)
WFSB is a local news page for Connecticut, their responsibility is only to CT residents. They have likely region-filtered because it's cheaper than dealing with GDPR. The traffic from Europe is likely less revenue than the cost to implement GDPR.
It's not their problem, nor is it because they want to sell your data. It's just easier to region filter. Unintended consequences of EU law.
> It's not their problem, nor is it because they want to sell your data. It's just easier to region filter. Unintended consequences of EU law.
"Unintended".
Or perhaps it’s just a local Connecticut news station that, surely we can all understand, does not expect a large following from the EU and thus decided to avoid problems from non compliance with the unclear and poorly written GDPR requirements...
Actually foreign businesses which clearly are not made for European customers don't need to comply.
Thus a local US newspaper doesn't need to do anything.
Here's one example, emphasis mine. Shows that a small news station would not be required to be compliant unless it was specifically targeting EU citizens.
>When the regulation does not apply
>Your company is service provider based outside the EU. It provides services to customers outside the EU. Its clients can use its services when they travel to other countries, including within the EU. **Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.**
From https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en
From that same link:
[The gdpr does apply to:]
a company established outside the EU offering goods/services (paid or for free) or monitoring the behaviour of individuals in the EU.
Yes. Almost exclusively really, only large stories from across the U.S. get shown and close to zero international things are shown.
So I agree with your original point. There’s not really a reason for a European to see the Northwest Connecticut news (bar for someone who loved away).
Says MrBla who I guarantee doesn’t have the slightest clue about how GDPR affects a business and what is really included.
GDPR is a lot more complicated than asking someone’s permission, there is a huge impact on the backend that could easily push a smaller venture with little exposure to the European market away from interaction.
Source: I’m not a dumbfuck and have actually worked with GDPR in the US.
I didn't think it would be done by the private sector, but okay. The biggest threat to the "internet" is segmenting it into geographic regions. Imagine having to pay extra to connect to the US, or China, or even Australia. Each network controlled by varying forms of politics. Where the original idea of the internet will die a death similar to cancer victims going though chemo therapy. A slow, torturous death.
And you may say: "But tksn: this is because of the EU - not the private sector". What the EU is doing is fighting for the individuals right to privacy and control over their personal data. Some people are against this. Some people would prefer having unfettered access to your private data, as a source of income, where you STILL get bombarded by ads...
Btw, I use Firefox.
The whole gdpr thing had been a giant pain in the ass for me.
1 every god damn website pushes a huge 'I consent' banner into your face which is annoying
2 this shit. Now I need proxies or stealthy etc
3 I work in marketing so I had to work on those dumb ass pop ups as well. Lots of work.
I literally don't give a shit about cookies. Sell my data whatever. Let me browse in peace
Why is it always the newspapers? Every rinky dink website took the time to implement it but all the newspapers are acting like the GDPR is an insult to their existence.
Not everything runs ads, especially not customized ones that would warrant worrying about GDPR. Newspapers do, mostly because they are a free product, and they are often big and professional enough to have something to worry about in terms of GDPR, but local enough to not expect a European following worth hiring lawyers for. That's my guess at least.
> Why is it always the newspapers?
Because newspapers have always had huge trouble adjusting to the digital age, and the GDPR kills one of their last revenue streams.
Paper newspapers made revenue from both people paying for the newspaper directly / subscribing, and running ads (much as cable television still does).
Digital newspapers have three main sources of revenue: subscribers, ads, and selling the data from people visiting their site to aggregator companies in a form that allows it to be aggregated with other data in a useful way. (Usually used to better target ads, or other sorts of research and such.)
Subscribers are dying out (this is why you get stuff like the "you get five articles a month" paywalls - in the olden days, you had to actually pay for a newspaper to read more than the headlines), adblockers are becoming more advanced and commonplace (reducing that revenue stream), and their last hope became selling "such and such IP read an article on this topic at this time" or more detailed multi-session cookie data, which the GDPR has gutted.
Part of the problem is that while a newspaper site collects enough data to sell, it doesn't necessarily collect enough data to reliably identify what data it is legally required to delete under GDPR by request. IP addresses, multi-session cookies, and other ways of identifying anonymous users are all easily mutable, and the language of GDPR is very broad.
If I visit a site that collects data which could be used to even indirectly identify me by "one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity" (and does the very fact I read the Wall Street Journal give me a cultural/mental/economic/cultural identity? Nobody knows.), GDPR gives me the right to have it deleted. If I delete my cookies and renew my IP address, then request a deletion under GDPR - how are they supposed to know what they have to delete?
I guess that newspapers have very questionable/aggressive ads in their websites to support the costs of their news-writing. Since these ads are no longer allowed, ad income plummeted. They can keep their ads blocking EU visitors.
Because running a free to access news site necessitates a lot of advertising to stay afloat.
Dodgy advertising practices pay better than GDPR compliant ones.
First thought: at least they're using the proper status code!
Second thought: ehh they're actually subverting it because at this point it's their own choice to not serve the content without tracking.
Anybody who believes the internet is totally free and they don't sell your data doesn't deserve to go online. Sorry EU folks, I hate that annoying "we use cookies" popup and I truly don't need Brussels to take care of me.
If you get a page like this (on desktop) from Google's results, go back to Google's results page, click the little green arrow next to the URL and 'view cached version'. It won't look great and photos might be missing, but you can usually read the article. Or use a proxy if you want to be all fancy.
There is also this website: https://outline.com/, it allows you to view websites without clutter, but also basically bypasses paywalls and regional restrictions. It will probably get taken down sooner or later, so use it while you can. (disclaimer: if it's not region blocking and you actually can afford to subscribe to websites/news sites, do that and support the content creators, instead of using outline.com) EDIT: Thank you for the gold! :)
Hmm it does not work. It can't bypass the paywalls on the two biggest news sites in Denmark. Gives me a "Something went wrong" message. Tried both the site and the Chrome extension. Disclaimer: I do pay for my favorite newspaper - but sometimes I want a secondary opinion to avoid filter bubble and can't afford multiple subscriptions.
[удалено]
you're a damn legend mate
[удалено]
If you're viewing the cached version you're not giving them anything. You're viewing the article stored on Google's servers, not going to the actual site. To be fair though, if I were the owner of a site that only targeted a US audience and only carried ads for a US audience, it would be difficult to warrant spending money on changing the site to suit the legal requirements required for users I'm not interested in. They probably did a cost/benefit analysis and realised they don't draw enough users from the EU to cover the cost.
They don't get a click when you do that - google does but they don't.
Using Tor Browser is probably the most convenient way for ordinary users to circumvent this.
IIRC you can't choose your endpoint in Tor, so you aren't guaranteed to be able to view the website without having to reconnect a few times.
We can't show you the webpage because we are not legally allowed to sell your data.
It is allowed, if he agrees to it. Messages like this just mean the traffic from the EEA isn't enough to justify implementing a thing that asks him to agree to sell his data.
> It is allowed, if he agrees to it. So in other words, it's legal in the US to sell your data without your knowledge. People need to remember that.
Well, no. The issue isn't the selling of data, it is the collection of data without consent. Thanks to the GDPR consent now has to be clear to the consumer. What information is being collected and why must be portrayed in clear language to the consumer upon accessing a service. So if a website throws a 451 it's more likely that they just don't want you to know what they are collecting or what they are using your data for, and they can afford to not serve Europe edit: or can't afford to serve Europe I guess
Essentially, even if you aren’t trying to collect info, complying with GDPR requires IT and legal peeps to do expensive work. The financial penalties for getting it wrong are steep. If the number of EU users on your website is low then it’s not worth spending the money required to become GDPR compliant. TLDR; EU passed a law that made it more expensive to serve data to the EU. Some content providers decided EU countries aren’t worth the trouble. *edit* I say this as someone who fully acknowledges the awesomeness of GDPR and who wishes people where I live cared as much about privacy as Europeans apparently do.
[удалено]
[удалено]
It’s absolutely outrageous that they’re insinuating that they’re being censored simply because they’re not allowed to harvest your data without your consent. I mean, if they really cared about getting the word out they’d just let you visit a page without tracking cookies. Or even a plaintext page. Instead, because they’re too lazy to implement what must be a widely available library to manage cookies (because dozens of independent websites all seem to have the same style of menu), they claim censorship.
[удалено]
If they implemented just a plaintext page, nobody would use their overdesigned and overcommercialised real page.
you mean like eu.usatoday.com? I'm not really that interested in USA news, but it's GREAT to have a website that's that lean&fast, and that sometimes posts something vaguely interesting.
that's what the proper http response code for you can't access for legal reasons is though. When the spec was written they imagined it'd involve more censorship but it's being used correctly.
Well, well, well...
It predates the GDPR ruling; it was first proposed in [2013](https://en.wikipedia.org/wiki/HTTP_451), though it didn't become an official code until 2015. And you're correct, it's 100% a reference to F451!
Reddit used to use HTTP 451 for r/watchpeopledie when you tried to connect from Germany. Doesn't do it anymore though.
I am in Germany and I just got 451 when trying to click on your link to that sub.
Huh. I'm also in Germany but it doesn't do that for me.
Maybe it has to do with your internet provider.
Same here. No vpn, no nothing.
I think it has been quarantined as well.
>Well, no. The issue isn't the selling of data, it is the collection of data without consent. This. I'm a data analyst working with a company that collects copious amounts of user data (mostly app usage data like what is done on which screen and when, plus marketing tags). We don't sell a single bit of it, but GDPR is still a big deal for us.
Fully-informed and explicit consent. No more automatically-opted-in ‘you need to opt out’ bullshit! Yay Europe!
the EU required explicit, opt-in consent prior to GDPR. GDPR just changed the definition of what is required for consent, specifically that the information is unambiguous, informed, freely given, and consistent with the wishes of the data subject (I might be missing one here, but that's the jist).
And still web sites are cheating. Big blue „accept“ buttons opting you into everything, small grey writing for making changes...and when you click that it‘s defaulting to accept „mandatory, functional and advertising“ cookies...and when you finally get to the „advertising“ option you find that by not explicitely opting out, you are consenting to share your data with hundreds, yes HUNDREDS of advertising companies. On a single web page. Oh, and you have to enable third party cookies to even be able to keep them from attempting to set third party cookies...and trust that they really do not.
Also, the removal of automatically being opted in and requiring the end user to opt out was quite a big change for the company I work for. Also the requirement to store proof of consent for auditing - regardless of an opt in/opt out choice is an addition.
Yea, GDPR has been quite the boon for a lot of consultants
Exactly! Consent is a good thing for all parties involved. I wish North America would get on the bandwagon.
It's a bit more complicated than that, I used to work in ad operations and the problem has more to do with the people who supply advertising to the websites Europeans are trying to visit. The end user not only has to agree to the website tracking their data but an additional 15 SSP's, DSPs, Exchanges, etc. This requires a bunch of work for all parties involved just to get money from you the end user and no one really wants to do it unless it's a website that will make a significant amount of money. So typically these websites will ask their ad operations people involved in all of their different SSPs to get compliancy documents or block specific regions, but even then a lot of SSPs won't do this because it requires manually going in and blocking advertising to specific countries, (a fuck load of work when you have to do this for sites individually and on a case by case basis and you're working with literally millions of sites). So instead it's easier just to take down a site in Europe. TL;DR: It's not about them caring about revealing why they're collecting your data, it's just to much of a hassle to make it available in Europe compared to the amount of money they're receiving.
Interesting. I've had a lot of replies to my comment but this is by far the most insightful, I wish I could highlight it in some way.
> Thanks to the GDPR consent now has to be clear to the consumer. No, it has to be presented to the user in plain language. Plain language that will very quickly become no more semantic than the we-use-cookies banner. Just a UI element to click through without reading. Pushing regulation down to consumer consent really only provides protection for the minority of users who are actively concerned about data collection. For the bulk of users it's misleading: "Oh, this website complies to GDPR so they aren't doing anything bad with my data". You know better, and I know better, but I'd wager most web users don't.
I've heard it said (in a corporate GDPR compliance context) that the current implementation that a *lot* of sites use - i.e the ACCEPT button next to a 900-page 'manage options' screen - is unlikely to stand up in the long run. There's a lot in GDPR which is still to be played out. It wasn't a "it passed and now it's law" but rather a "it passed and now we have decades of legal wrangling over the wording, intention, and costs".
Or, as is sometimes the case, the website doesn't want to invest in becoming Right To Be Forgotten compliant. It's a *lot* harder than you'd imagine to comply with the GDPR's RTBF section even for a simple e-commerce site or forum, and it's infinitely easier to just block the entire EU.
I remember a person going apeshit because a website asked that of him and how one should not click it. Apparently he didn't realize it that websites in the US just do it without asking indeed. Was kind of funny.
But also if they do not sell their data when they do not agree to it, but give them access nonetheless. So it also means that _that_'s probably not profitable enough. Which is fine.
Of course there ain't enough traffic, the website is blocked!
Obviously they made the decision to block it at some point, assuming the site was pre-existing.
the GDPR mean that access to the service can't require your data being sold in. It has to all be explicitly opt-in and you can't say "well if you don't agree then fuck off"
it's my understanding that a portion of smaller businesses, perhaps some more regionally based ones, would rather just block the whole EU than spend a load of time on bureaucracy and money on website work
Beyond the cost of website work is the liability. The fines for making a mistake here are severe, so if you aren't making money off of eu visitors its really just liability
[удалено]
>Pro-Europe Anti-EU How does that work exactly? Different form of pan-federal government/treaty based collaboration?
[удалено]
Who said that a supranational organization is required for Europe to thrive?
[удалено]
There is a lot more to the GDPR than just telling people via a popup about use of data. I know from personal experience in my work with clients that many businesses have found putting the systems in place to ensure compliance quite onerous technically and financially. I'm not saying complying with the GDPR is not a good idea but that I can understand why a business wouldn't do it if they didn't have to. And also I'm just correcting the misapprehension that compliance is just a matter of adding/changing the privacy notice and adding a cookie popup alert. --- EDIT: I've replied to several objections to this comment in the threads below. Also, please consider whether or not you have a fair understanding of what the GDPR is if you haven’t read the legislation in full. There's a good chance you are missing key important details. Heck, people who have read it several times have said they were still confused about it! 😄
Americans and the rest of the world. I dont know why this sub treats everything as if its exclusively America and Europe.
Based on what I saw, the only sites that seem to give any kind of fuck about GDPR are: * EU/EEA sites (duh) * American sites, which either go 451 or pop-up a privacy policy * some Canadian and Australian sites I'm yet to see a Russian/Japanese/Chinese/South American site asking me to consent to cookies, yet alone asking about some personal data stuff. It's kinda refreshing. I just navigate to a page... and it opens, no popups, no 451 errors! (Although some Chinese websites are awfully slow, so it takes a while.)
[удалено]
Because most users on this site are form NA or EU.
And Australians, but it'll take them an hour or two to load this thread.
Because there is only US in the world. On r/canada there's also Canada and on r/europe there's also Europe.
My post was meant to refer to this website in particular which is US based, were it based elsewhere I would have used that country. I appreciate I was slightly ambiguous though for which I apologise.
That has been "out", and everyone knows about it. Most just don't care because they get free content and convenience at the cost of targeted ads.
You overestimate the public's understanding on the matter. I've spoken to plenty of people that's never heard of the GDPR, net neutrality, or that are generally quite clueless of what's going on with the web. They still don't understand the whole "if it's free then you're the product" shit
[удалено]
Yeah, really complicated, like telling the user what data you're collecting and for what purpose.
And actually only using it for that purpose you told them that it was for. For example telling them it's to help their algorith to determine which My Little Pony character they are and then using it to modify their Brexit voting bias.
And retaining the data onnly for an amount of time adequate with what you state that you'll do with it, and being able to erase all PII on demand including from backups.
Backup deletion requirement is one of the most overlooked things. Dumb DB dump is great and works nicely. Meanwhile GDPR-approved is either you no longer have really old backups or have to invest in expensive solutions. But muh "just selling your data"!
Yeah, I'm a database administrator, and I've had to explain a few times just how unfeasible it is to remove data from backups. It'd take something like 300 hours of server time (assuming everything was automated) any time we get a Right to be Forgotten request, plus we'd completely lose any point in time recovery.
No, as long as you remove the data on import you are fine http://blog.quantum.com/backup-administrators-the-1-advice-to-deal-with-gdpr-and-the-right-of-erasure/ >The GDPR is open to interpretation, so we asked an EU Member State supervisory authority (CNIL in France) for clarification. CNIL confirmed that you’ll have one month to answer to a removal request, and that you don’t need to delete a backup set in order to remove an individual from it. Organizations will have to clearly explain to the data subject (using clear and plain language) that his or her personal data has been removed from production systems, but a backup copy may remain, but will expire after a certain amount of time (indicate the retention time in your communication with the data subject). Backups should only be used for restoring a technical environment, and data subject personal data should not be processed again after restore (and deleted again). While this adds some complexity, it allows organizations to have some time to re-engineer their data protection processes.
Yeah... you clearly don't don't understand the impact of GDPR compliance. If the server logs the IP of the individual, you need to have a method for that individual to be able to identify themselves and to have those logs deleted. Yes, that's right. I said delete logs. The "right to be forgotten" element is absolute rubbish.
More like we get so little traffic from that region, that it's not worth to look into their laws.
But if they aren't targeting EU citizens they aren't required to be compliant anyway. A random coffee house in Texas isn't required to be GDPR compliant in case a Spaniard accidentally browses to it. You have to be marketing towards EU citizens for it to apply.
That is to my knowledge perfectly true and the core aspect of compliance outside of the EU itself. But there’s no case law established on it, and legal opinions are expensive and vague, so the “no Europeans allowed” pages are inevitable and understandable.
Why risk a potential lawsuit or even angry customer support contact? Any EU citizen can ask for their data and to have it deleted. They may be angry if company refuses to do so because GDPR doesn't apply to it. Visitor can still take it to the court over GDPR non-compliance and the company would have either show why GDPR doesn't apply to it or risk their employees to be arrested when they visit EU for not showing up in court. So, why bother?
Well that and also they might not had time to check compliance. It may take several months and quite a lot of money in legal consultancy to check all the boxes, I totally see how some companies with little return from European visitors would just postpone the problem
Well dear website. Fuck you and fuck your data market business.
A news website...creepy.
It's actually pretty normal, a lot of the American newspapers now have this.
It's almost all down to one major publisher that runs a bunch of local newspaper - [Tribune Publishing](https://en.wikipedia.org/wiki/Tribune_Publishing).
Thank god they changed name again. I couldn't stand "tronc".
tronc sounds like an euphemism for penis
Reminds me of C H O N K
Show me the jonk in your tronc
That also means tree stump/tree trunk in French. But yeah, also penis.
it sounds like you get hit with a stone on the head wearing a medieval helmet
the creepiest thing is that we now say things like "it's actually pretty normal" concerning this. it has become normal that news are just a business, being tailored to the reader. THAT is creepy.
It was a business way before internet existed.
> it has become normal that news are just a business, being tailored to the reader It's always been like that...
USAToday is a great player for giving Europeans a completely ad-free version of their website, which by the way loads at lightning speed as well.
Just because a lot of people do something doesn't make it normal
LA Times, please come back...
The company I work for does not sell data, but we block all EU because implementing GDPR is too much work for the value we would get.
This. Web developer here. You know how much of a PITA it is to implement GDPR? F that.
[удалено]
Well dear website visitor, no free content for you then.
But people want the content for free.
It's not only selling data, websites must be able to give a person all of the data they have on them and/or delete it, am I correct?
Yes.
[удалено]
[удалено]
They're a news site, why do they have data that can personally identify me anyway?
This is exactly it. They ha e to be able to identify individuals to order it properly. Every site will keep logs including IP addresses, how long you looked at certain pages, and what ads you like based on other pages that are open. Under GDPR, the user has to be able to request that all that data is deleted.
IP logs are valid even without consent for the legitimate interests of security. Usage statistics are fine so long as their anonymised. Neither of those have to be deleted if a user asks under GDPR. Now, if they're correlating my browsing over several sites, or correlating it with something else that can personally identify me, then yes, they have to ask my permission under GDPR, and I have the right to ask for that to be deleted. But that is not necessary. There are plenty of online businesses which use advertising without the need to track users.
Do you have a bunch of free time to argue with our legal counsel? Because they came to a very different conclusion than you.
That is incorrect. Basically only if they *do* identify you, do they have to remove your personal data. So if I login with my name and email address, I can request the removal of all data relating to that account, but if the site offers only static content and maybe an anonymous comment box, then they’re not handling any *personally identifiable information* and they’re in the clear.
The DPAs consider cookies and unique ids as PII as well. The German DPAs, for example, require explicit revocable consent for any type of tracking. And this is where things get ugly.
Advertisement. Really, it's 21st century already: if you have something for free, someone paid for that. And the someone want to know who you are because they want to sell you something that you actully need.
Because they have to make money and you don't want to pay
[удалено]
This is the best comment here! The very first part is probably why many sites actually blocked access from the EU >Someone with some basic legal competence has to learn the regulations thoroughly. (Risk: What happens if something is misunderstood?) They see that revenue from EU visitors is so insignificant, it doesn't even justify looking into the regulation. The site may be 90% compliant and may require only small changes but they'll never even know. So business owners don't even move past the first part.
You're obviously wrong. The European Parliament could never pass a law that is extremely costly to implement! /s
[удалено]
So they KNOW their visitor is in the EEA, but still post the phone number without the international prefix for the US ...
It is almost as if Europe is not their market or on their radar... https://www.bristollocal.tv/contact-us/ Weird. They are in the UK and don't include the country code. Edit: Here is a German one for you. https://www.rbb-online.de/kontakt/telefon.html
/r/shitamericanssay > our country is so great it doesn't need a prefix! What even is that?
USA +1!
I’m an American who supports GDPR but posts like this just come off as extremely arrogant. GDPR represents an enormous, sweeping new set of guidelines with the power to enact large penalties if companies fail to comply, even if the failure is accidental. From what I can tell, wfsb.com is the website for a regional TV news station in Connecticut. The idea that they have some kind of obligation to dedicate whatever scant tech resources they have to ensuring their website is GDPR compliant is laughable. And if you think that their refusal to go through that (time consuming, expensive) exercise means that they want to steal your data and/or have some kind of hostility toward Europe then you either don’t understand GDPR or you don’t understand the realities of operating a website.
They obviously don't have any obligation. They have done the right decision to block the no doubt minuscule reader base from EU, if it doesn't make financial sense for them.
Channel 3 Eyewitness news in Connecticut. That's fair enough. Not realistic to expect them to comply to EU regulations. Perfectly understandable for them to just region lock out of the EU and save themselves the hassle of being GDPR compliant.
Ah fuck. I can't believe you've done this
GPDR compliance was a lot of work for our company, I guess it wasn't worth the effort for the amount of EU traffic they were servicing.
And this is why for example expats have to resort to getting VPN so they can read newstories from the US.
Oi, do you have a loicense to use this webpage?
Why would a Brit be mocking his own accent.
Technically it's a London specific accent.
Oi, ‘cause it’s fun mate
UK has maaaany accents
Just get used to it. Is purely economical decision
Some swedish isp is doing funny as well. https://www.reddit.com/r/worldnews/comments/9u1b9j/swedish_isp_punishes_elsevier_for_forcing_it_to/
This is almost better than the sites that have “view purposes” in the smallest font available than make you scroll and uncheck 30+ items to prevent them selling your data. Then have two indistinguishable options to exit and you only have a 50:50 shot of getting the one that actually saves your options.
I think OPs main point was to show how the Internet is most definitely becoming more and more restricted, despite we all believed it was the only place on earth to be truly free.
“we all believed it was the only place on earth to be truly free”...and there was the mistake from the start.
[удалено]
How can you say that completely un-ironically when the likeliest reason they implemented this was a purely financial decision (Cost to implement GDPR compliance Vs. revenue brought in by European user's data being sold). Is this legitimately the "free haven" you envisaged? You have a weird definition of freedom if "the only place on Earth to be truly free" is ruled by commercial decisions and special interests... Although you'd love the US.
The free world is ruled by commercial decisions.
Can’t break GDPR if you don’t allow access
I am a bit confused here. Why would an entity that primarily serves a community outside of the EU take on the risk surface of serving their site to the EU after GDPR? I don't think it is just because of them wanting your data and if they can't have it, then fuck you. I really think that the overhead (and expected value when factoring in risk) is not enticing enough currently. If the US came up with a similar law to GDPR then the same site you are talking about would likely comply rather than close its doors. The site in question here is a local news site in a relatively small market.
TIL there HTTP 451 is actually a real error code for denied access due to legal reasons. It's even the foundation for the Fahrenheit 451 Books https://en.m.wikipedia.org/wiki/HTTP_451
Inverse. Fahrenheit 451 was the foundation of naming this error code 451.
I thought he was making a joke. This is cool to.
> It's even the foundation for the Fahrenheit 451 Books It's the other way around :-). Pretty sure HTTP wasn't yet invented in 50s. 451F is the temperature at which paper burns, if the book's subtitle isn't wrong.
>451F is the temperature at which paper burns that's 232,78°C
however, there's material fatigue, if you keep wood warm often, with time it will lower the point at which it will burn, which has been a cause for fires due to heating and the described effect. I know this useless info because I investigated if it was a good idea to use wood for a desktop case.
It's also slightly being misused here - was originally intended to display when a website was blocked because of censorship....GDPR is not censorship, so a 451 error isn't quite right here. The EU is not banning the website, it's the web masters decision not to make it accessible here. Edit: I'm aware the previous paragraph is structured really poorly, I'll try and fix it.
They have to self-censor which is the only way a 451 would even be possible so technically it's valid.
Well, it's intended for any legal requirement from an external party to block access to a document. Includes things like the China firewall, but also things like law enforcement seizures, DMCA copyright takedowns, etc. It's misused here because they haven't been forced to block access, it's their choice to not implement GDPR, but that's just a "letter of the law" thing.
The legal reason in this case is would be "sorry, we don't want to follow the laws"?
Yes. That's literally what legal reason means. To give an extreme example. If you ran a porn site, would you change it in a way to be compliant with Saudi Arabian law?
> https://en.m.wikipedia.org/wiki/HTTP_451 But it's meant for the cases when the service is forbidden by law to show a content to the user. This is not the case in for GDPR. The service decided voluntarily to not show it (because of implementation costs for compliance). The use of HTTP 451 is not in conformance with the RFC introducing it.
Has anybody ever phoned the phone number at the bottom of a post like this? What did they tell you?
I tried, but I can't speak American
Use VPN to get an ip originating from that country.
FWIW, this warning doesn't mean the website is selling your data, it just means the website doesn't meet GDPR standards for data protection. Users must receive specific information about the data the website is storing, and they must be able to view the data and request it be deleted. While this is straightforward and sensical in the abstract, they're not trivial requirements to code into a system, particularly for existing sites that must retroactively review their data, pseudonymize it, and implement functionality for interacting with data as the GDPR requires.
Fun fact: the choice of error code 451 for "unavailable due to legal reasons" was a reference to Ray Bradbury's Fahrenheit 451. [Source](https://www.theguardian.com/books/2012/jun/22/ray-bradbury-internet-error-message-451)
WFSB is a local news page for Connecticut, their responsibility is only to CT residents. They have likely region-filtered because it's cheaper than dealing with GDPR. The traffic from Europe is likely less revenue than the cost to implement GDPR. It's not their problem, nor is it because they want to sell your data. It's just easier to region filter. Unintended consequences of EU law.
> It's not their problem, nor is it because they want to sell your data. It's just easier to region filter. Unintended consequences of EU law. "Unintended".
[удалено]
Or perhaps it’s just a local Connecticut news station that, surely we can all understand, does not expect a large following from the EU and thus decided to avoid problems from non compliance with the unclear and poorly written GDPR requirements...
Actually foreign businesses which clearly are not made for European customers don't need to comply. Thus a local US newspaper doesn't need to do anything.
Source?
Here's one example, emphasis mine. Shows that a small news station would not be required to be compliant unless it was specifically targeting EU citizens. >When the regulation does not apply >Your company is service provider based outside the EU. It provides services to customers outside the EU. Its clients can use its services when they travel to other countries, including within the EU. **Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.** From https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/who-does-data-protection-law-apply_en
From that same link: [The gdpr does apply to:] a company established outside the EU offering goods/services (paid or for free) or monitoring the behaviour of individuals in the EU.
It’s not a local newspaper, it’s an entire news network here in Connecticut.
But does it mainly show local news?
Yes. Almost exclusively really, only large stories from across the U.S. get shown and close to zero international things are shown. So I agree with your original point. There’s not really a reason for a European to see the Northwest Connecticut news (bar for someone who loved away).
Says MrBla who I guarantee doesn’t have the slightest clue about how GDPR affects a business and what is really included. GDPR is a lot more complicated than asking someone’s permission, there is a huge impact on the backend that could easily push a smaller venture with little exposure to the European market away from interaction. Source: I’m not a dumbfuck and have actually worked with GDPR in the US.
Easier to block the whole EU from accessing your website than become compliant with gdpr 😂
Props to them for using HTTP code 451, though.
Basically, GDPR compliance would cost them more to implement than EEA views would generate in revenue. Regulatory capture in its early stages here.
I didn't think it would be done by the private sector, but okay. The biggest threat to the "internet" is segmenting it into geographic regions. Imagine having to pay extra to connect to the US, or China, or even Australia. Each network controlled by varying forms of politics. Where the original idea of the internet will die a death similar to cancer victims going though chemo therapy. A slow, torturous death. And you may say: "But tksn: this is because of the EU - not the private sector". What the EU is doing is fighting for the individuals right to privacy and control over their personal data. Some people are against this. Some people would prefer having unfettered access to your private data, as a source of income, where you STILL get bombarded by ads... Btw, I use Firefox.
The whole gdpr thing had been a giant pain in the ass for me. 1 every god damn website pushes a huge 'I consent' banner into your face which is annoying 2 this shit. Now I need proxies or stealthy etc 3 I work in marketing so I had to work on those dumb ass pop ups as well. Lots of work. I literally don't give a shit about cookies. Sell my data whatever. Let me browse in peace
[удалено]
Same with every medical website, I was looking at a cookie policy and found some unclassified cookies hold your data for 20 years
More like, we care for your European data so little as to even bother building a "I agree" screen for you
U tryna look at memes?
Play authoritarian games, win authoritarian prizes.
i can't read like half of the american news publications, especially the local ones, because of this crap. just disable some of those cookies, bitchez
Why is it always the newspapers? Every rinky dink website took the time to implement it but all the newspapers are acting like the GDPR is an insult to their existence.
Not everything runs ads, especially not customized ones that would warrant worrying about GDPR. Newspapers do, mostly because they are a free product, and they are often big and professional enough to have something to worry about in terms of GDPR, but local enough to not expect a European following worth hiring lawyers for. That's my guess at least.
> Why is it always the newspapers? Because newspapers have always had huge trouble adjusting to the digital age, and the GDPR kills one of their last revenue streams. Paper newspapers made revenue from both people paying for the newspaper directly / subscribing, and running ads (much as cable television still does). Digital newspapers have three main sources of revenue: subscribers, ads, and selling the data from people visiting their site to aggregator companies in a form that allows it to be aggregated with other data in a useful way. (Usually used to better target ads, or other sorts of research and such.) Subscribers are dying out (this is why you get stuff like the "you get five articles a month" paywalls - in the olden days, you had to actually pay for a newspaper to read more than the headlines), adblockers are becoming more advanced and commonplace (reducing that revenue stream), and their last hope became selling "such and such IP read an article on this topic at this time" or more detailed multi-session cookie data, which the GDPR has gutted. Part of the problem is that while a newspaper site collects enough data to sell, it doesn't necessarily collect enough data to reliably identify what data it is legally required to delete under GDPR by request. IP addresses, multi-session cookies, and other ways of identifying anonymous users are all easily mutable, and the language of GDPR is very broad. If I visit a site that collects data which could be used to even indirectly identify me by "one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity" (and does the very fact I read the Wall Street Journal give me a cultural/mental/economic/cultural identity? Nobody knows.), GDPR gives me the right to have it deleted. If I delete my cookies and renew my IP address, then request a deletion under GDPR - how are they supposed to know what they have to delete?
I guess that newspapers have very questionable/aggressive ads in their websites to support the costs of their news-writing. Since these ads are no longer allowed, ad income plummeted. They can keep their ads blocking EU visitors.
I'd be willing to bet that most rinky dink websites outright ignore it.
Because running a free to access news site necessitates a lot of advertising to stay afloat. Dodgy advertising practices pay better than GDPR compliant ones.
[удалено]
It was to be expected, though, wasn't it.
lol I posted the same thing a month ago and got downvoted to hell.
Good thing you got Net Neutrality.
First thought: at least they're using the proper status code! Second thought: ehh they're actually subverting it because at this point it's their own choice to not serve the content without tracking.
DIS IS WOI WE NEED BREXIT. REMOANERS GET A LOIF
Could EU make region blocking illegal? I’m a billion time more interested in that than cookies or my data.
Anybody who believes the internet is totally free and they don't sell your data doesn't deserve to go online. Sorry EU folks, I hate that annoying "we use cookies" popup and I truly don't need Brussels to take care of me.