U.S. News Outlets Block European Readers Over New Privacy Rules

https://www.nytimes.com/2018/05/25/business/media/europe-privacy-gdpr-us.html

Version 0 of 1.

LONDON — American news outlets including The Chicago Tribune, The Los Angeles Times and The Arizona Daily Star abruptly blocked access to their websites from Europe on Friday, choosing to black out readers rather than comply with a strict new data privacy law in the European Union that limits what information can be collected about people online.

The new rules, known as the General Data Protection Regulation, strike at a core element of businesses that offer free content online but that make money by collecting and sharing user data to sell targeted advertising. The shutdowns came as a surprise to readers of the publications, because companies had two years to prepare for the new regulations.

The most notable blackouts were by news organizations tied to the American media company Tronc. In addition to The Chicago Tribune and Los Angeles Times, newspapers including The New York Daily News, The Orlando Sentinel and The Baltimore Sun were also unavailable to readers in Europe. (Tronc announced in February that it was selling The Los Angeles Times.)

“We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the E.U. market,” the Tronc-owned newspapers said on their websites. “We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.”

The decision illustrated that some companies would prefer to lose European customers than risk being hit with the stiff penalties allowed under the new law: Fines can reach 4 percent of global revenue.

[Read more about what the new European privacy rules mean for you.]

A Tronc spokeswoman was not immediately available to comment Friday morning.

Several other outlets chose to restrict access for readers in Europe, including newspapers belonging to Lee Enterprises, like The Arizona Daily Star and The St. Louis Post Dispatch.

The websites of many other American news organizations, including The New York Times, USA Today and The Washington Post, were accessible from Europe. Some acknowledged the new privacy rules with large disclaimers and other information to explain what information was being gathered when a reader visits the site.

“Welcome to USA Today Network’s European Union Experience,” the news organization posted at the top of its website, explaining that the company would not collect personally identifiable information or other data commonly used to sell online advertising.

Andrea Jelinek, chairwoman of the new European Data Protection Board, which will coordinate enforcement of the new law, criticized the blackout and said that companies had been given a long time to prepare. For weeks, businesses as varied as Uber, bike shops and restaurants have been sending notes to alert people to updated privacy policies as a result of the law, known as G.D.P.R.

“It didn’t just fall from heaven,” Ms. Jelinek said in a statement. “Everyone has had plenty of time to prepare.”

News organizations were not alone in erecting barriers for European users. The American television broadcaster A&E Networks cut off the websites of its A&E, History and Lifetime channels. The digital advertising company Drawbridge, the social media tracker Klout and the save-it-for-later reading app Instapaper also stepped back.

Europe’s new privacy measures allow people to limit the information they leave behind when browsing social media, reading the news or shopping online. Businesses must detail how someone’s data is being handled, and clear a higher bar to target advertising using personal information.

[Here’s how to parse the flood of G.D.P.R.-related privacy notices in your inbox.]

The law had been seen as focusing on Silicon Valley tech giants like Facebook and Google, but publishers and advertising companies have warned that it will harm their businesses in particular because it restricts how information is packaged and shared to sell advertising. It is common for websites to use tracking software to gather information about visitors in order to better target ads.

Digital advertising is an important source of income for many news organizations, particularly as print readership and advertising fall, but policymakers in Europe argue the practices have become intrusive and ripe for abuse, with personal information shared far beyond what most people realize.

Julia Shullman, the chief privacy counsel for the digital advertising firm AppNexus, said an “unintended consequence” of G.D.P.R. was that Google would become more powerful. To compete with the online search giant, publishers and advertisers have bought, sold and traded data with different sources, a bespoke approach that is now severely restricted under the European Union’s new rules. Many companies will now partner with the bigger company, Ms. Shullman said.

“At least in the short term, it pushes publishers to these large platforms that dominate the market already,” Ms. Shullman said in an interview.

Many groups in Europe, however, are not ready to cede power to behemoths like Google and Facebook. On Friday, the privacy lawyer Max Schrems filed some of the first legal complaints using G.D.P.R., alleging the two companiesare violating the law with their terms of service.

The law requires “informed” consent from users, but Mr. Schrems, who has successfully sued Facebook in the past and leads the nonprofit group None Of Your Business, said the companies were using “forced” consent because users must accept a blanket privacy policy in order to continue using the service.

The complaints were filed in Austria, Belgium, France and Germany, and will now be reviewed by the European data protection authorities.