Europe’s strict new privacy regulations took effect on Friday, but even with the two-year grace period to become compliant, not everyone was ready.
Several American newspapers on Friday, including the Chicago Tribune, Los Angeles Times, New York Daily News and Orlando Sentinel cut off access to most European internet traffic on Friday.
The newspapers, which are owned by media company Tronc, displayed a message telling European visitors: “Unfortunately, our website is currently unavailable in most European countries. We are engaged in the issue and committed to looking at options that support our full range of digital offerings to the EU market.”
The General Data Protection Regulation — GDPR — requires any company processing or storing the data of a European Union resident to obtain a user’s explicit consent to use their data. The regulation also extends additional rights to consumers, including the right of deletion and the ability to request their data from a company and take it to another digital service.
Companies were given two years to become compliant before the new regulation took effect. Beginning Friday, companies that are not compliant risk fines as steep as 4 percent of their annual revenue.
Tronc wasn’t the only media company to hit the pause button in Europe. History.com and FYI, popular websites run by A+E Networks, greeted European Union visitors with the message: “This content is not available in your area.”
Instapaper, the Pinterest-owned site that allows users to bookmark content around the internet to read in one place, paused its European operations on Thursday as the company continues “to make changes in light of the General Data Protection Regulation.” The message added that Instapaper hopes to be available in Europe “in the very near future.”
Unroll.me, a tool to help cut email clutter, was one of the first casualties of GDPR. The company announced earlier this month it could not comply with the regulations and would delete its existing EU user accounts before the deadline.
Some of the lingering questions for companies dealing with GDPR compliance include figuring out what types of data that customers could potentially request and how to retrieve the data and package it. A lack of compliance means regulators can hit companies with steep fines and force them to compensate users for their data.
While the regulation is enforced in Europe, some of the protections could be extended to Americans. In the event of a future data breach, American users could also be entitled to legal remedies against companies that are established in the European Union and process user data there if the case was brought in a European court, according to experts.
Some American companies, including Facebook and LinkedIn, have already taken steps to move their non-E.U. users outside of the reach of European regulators.