The European Union’s General Data Protection Regulation (GDPR) came into force today. Terrified by the threat of non-compliance fines of €20 million or 4% of annual turnover, many websites and online service have taken the nuclear option.
A number of high-profile websites have started to block access to all EU users, including popular bookmarking service Instapaper, email unsubscription service unroll.me and the LA Times. Several online games have been shut down and ProPrivacy.com has received reports that even a number of popular podcasts have been blocked for EU subscribers.
The GDPR introduces strict new rules about what information companies can collect and store about their customers. The rules only apply to data belonging to those within the EU, but organizations based outside the EU must still comply if they hold data on EU citizens. Many companies have revised their Terms of Service (ToS) and privacy policies for all customers on the basis that having different rules for different customers based on where they live is a logistical nightmare.
Judging by the chaos we are seeing on the internet today, many firms have simply buried their heads in the sand until too late. European visitors to the Instapaper website, for example, are now greeted by the message:
“Instapaper is temporarily unavailable for residents in Europe as we continue to make changes in light of the General Data Protection Regulation (GDPR), which goes into effect May 25, 2018. We apologize for any inconvenience, and we intend to restore access as soon as possible.”
While those to the Unroll.me website are told that:
“We will temporarily stop providing our service to EU customers, and we will stop providing service to all EU residents on May 23.”
At least these websites say the blocks are temporary and appear to intend that normal service will resume for EU customers once they have updated their policies to be compliant with the GDPR.
WaprPortal, the company that runs online roleplaying game (MMORPG) Ragnarok Online, however, has gone a step further. It has closed down all of its European servers and blocked all EU users:
“Due to the changes of our company’s service policy for the European regions, we are saddened to bring you news that, all games and WarpPortal services to the European regions listed below will be terminated on May 25th, 2018.
The following European countries will be affected by the termination of service: All the European countries except for Russian Federation and the CIS countries. All WarpPortal game access and account access will be blocked by regional IP.”
WarpPortal has promised all affected customers will receive a full refund.
Use a VPN to access websites and services blocked due to the GDPR
Websites and services are blocking access to European visitors based on their unique internet (IP) addresses. They can be accessed by anyone outside the EU without any disruption of service.
If you live in the EU and want to access one of these sites then it is easy to so with a VPN - just connect to a VPN server located outside the EU, and as far as websites you visit are concerned you will appear to be outside the EU.
In most cases these blocks on European visitors will be removed as companies bring their privacy policies in line with GDPR rules. Indeed, a big part of the current panic is more to do with confusion over what is required than the rules themselves.
The UK’s Information Commissioner’s Office (ICO), for example, has advised that the majority of GDPR-compliance emails that have flooded all of our inboxes of late are simply not necessary. As Steve Wood, the deputy information commissioner, wrote on the organization’s website earlier this month:
“Some of the myths we’ve heard are, ‘GDPR means I won’t be able to send my newsletter out anymore’ or ‘GDPR says I’ll need to get fresh consent for everything I do’. I can say categorically that these are wrong … You do not need to automatically refresh all existing consents in preparation for the new law.”
This did not, however, prevent a deluge of panicked inquiries crashing the ICO website for several hours this morning.
ProPrivacy.com | Expert Analysis
In most cases, Europeans just need to sit tight, as normal service will resume soon. If you are impatient (aren’t we all?), or if your favorite website decides to take a more permanent nuclear approach, then a VPN will unblock it for you.
To find out which VPN providers are compliant with GDPR, take a look at our GDPR industry report.
Image credit: By Vector Plus Image/Shutterstock.