They are not blocked. They have chosen to take their services offline because they don’t think changing their business model such that it no longer depends on aggressively tracking their users is worthwhile or cost-effective. Which is fine by me imho.
Self blocking in response to a law to avoid the penalties under the law is being blocked by the law.
There's just one large company that decided to block EU visitors: Tribune Publishing[0]. Yes, them blocking Europe is bad. Them owning so many local newspapers that this decision even makes an impact is a bigger problem.
I'm not saying that they're the only ones blocking Europe, but I am saying that we wouldn't think of it to be as wide spread if it weren't for Chicago Tribune, Baltimore Sun, and LA Times (among others).
Examples:
* Tribune have troncked Europe because their data control is jazzy.
* Google should really tronc China - fight the Firewall!
If anything, major players deciding not to compete in a market is good to my mind, as a means of increasing a diversity of business styles. Laws like this make businesses pay for the actual cost of thier hidden externalities.
More seriously, GDPR should not extend beyond its jurisdiction. It does though, and there are consequences. Blocking european IPs cost (loss of revenue) must be balanced against compliance costs.
Claims that "they've had N years to prepare" are specicious, if for no other reason than they aren't bound by the specific law. Meanwhile the law introduces a new, potentially large, liability. Which results in companies self censoring by geolocation.
This is what you call an unintended consequence. Remote access to quite a few resources outside of Europe is likely to be restricted should this pass into EU law. As we like to say here, elections have consequences.
FWIW, I support the aims of GDPR, and wish we would get a sane law on this here in the US as well. But I don't want our law extending to others. That would be unfair to them.
The US is probably the biggest "exporter" of laws that are forced down the throaths of all other countries.
The information is requested by the national GDPR enforcer so it bypasses the prevention written in the GDPR about news leaks.
Now there's a trial going around with this which blocked any further spread of that information until it's solved. It can be easily seen how the GDPR can be weaponized.
So the pretext they're using is that they want to see the information to make sure that the news organisation is not selling it or mishandling it to other third parties. In the process, they'll be able to get the information and maybe it will go to the people involved in the corruption charges (which is the head of one part of the Parliament).
It's like a factory that dumped toxic waste into a river complaining that, because of a ban on dumping toxic waste into rivers, they now "have to" dump them to nearby meadows instead, and that makes local customers unhappy.
"Detrimental effect on user experience" is an intended effect that clearly signals the company doesn't want to stop abusing its users.
Every business: "Stuff in here causes cancer."
Every customer: "Okay."
GPDR:
Every business: "Hey, we use cookies to provide a better experience. That okay?"
Every customer: "OK."
Romania has already deployed GDPR as a weapon against its press [1]. I also have a short list of anecdotes of economic activity (start-ups and other new market entrants) that would have happened in the EU but, in large part due to compliance costs–including GDPR–wound up happening outside the EU.
Giving people in power broad discretion with the law and then counting on them being nice is a delicate strategy. It counts on every administration being benevolent.
> Romania could just have used another law or just made a new one to harass the press
There is a big difference between using the authority of the EU, through an EU regulation, and passing a domestic law to go after people you don't like.
More broadly, this argument can be made against any over-reaching law. Just because some hypothetical law could be bad doesn't make an ambiguous law granting widespread power to select bureaucrats okay.
AFAIK, no independent lawyer can sue you for violating the GDPR. Only the German regulatory body could sue them.
Now I don't know German law, as I'm not German, but it felt like they were really afraid that it could happen.
law need to be tested trough time, because it will be used by the next party in power for hundreds years, whether you like the party in power or not.
the only reasonable way to reason about law is full on pessimism.
it's like we already forgot the tyranny that was going on less than a century ago and was acquired through escalating legal abuse.
I don't get it. How is GDPR an attack on general purpose computing?
As an American who spends a lot of time in Europe, what I have noticed is that a majority of local news sites in the US block me from accessing them using IP geolocation.
The problem comes when a nation decides to use those rules in a way that is detrimental to the populace or a service they see as troublesome.
