A Week after GDPR

By Angela Polania

So, May 25th, 2018 came and went, but a lot has happened since then.

Let’s take a quick look at some of the items that made it in the news:

Some companies closed their businesses to EU residents. For instance:

Instapaper, a service owned by the US firm Pinterest, which enables users to save articles to read at a later date, became the latest to disconnect European customers on Thursday. It said the cutoff was temporary while it made the required changes, and apologized to its users for any inconvenience, and they intended to restore access as soon as possible.

Other companies have taken a more permanent approach. Unroll.me, an inbox management firm, announced it was completely withdrawing services for EU companies due to an inability to offer its product – which is monetized by selling insights gleaned from reading users’ emails – in a way that was compatible with EU law. “We are truly sorry that we are unable to offer our service to you,” the company told EU users.

American media network A+E has blocked EU visitors from all its websites, including History.com, and some multiplayer online games, including Ragnarok Online, have switched off their EU servers.

Other firms have not gone so far as to blame the new regulation, but have closed EU operations with convenient timing. Crowdpac, a political fundraising organization, announced it was closing its UK wing “for business reasons” until further notice. The company, which was still raising funds in the UK as recently as Sunday, now says it “hopes one day to be back”.

Klout, a social media analytics service, and Super Monday Night Combat, an online game, will shut down on Friday. Lithium, the owner of Klout, said: “Klout no longer made sense as a standalone service. The upcoming deadline for GDPR implementation simply expedited our plans to sunset Klout.”

Facebook and Google hit with $8.8 billion of potential lawsuits

The Verge newspaper, citing the lawsuits, reported they are seeking to hit Facebook and Google with fines that collectively amount to around $8.8 billion. The lawsuits were filed by Max Schrems, an Australian activist, who has long criticized how the companies collect data on their users.

Under the new regulation, companies have to provide clear consent and justify why they are collecting data on their users, as well as clarify what they intend to do with it. They are also required to overhaul their privacy and data collection policies to better protect consumers.

Google and Facebook have been addressing GDPR before it was law, rolling out new policies and products to better protect the data, but Schrems said in the lawsuit that those steps aren’t enough. In its four complaints, these companies are in breach of GDPR because they have adopted a “take it or leave it approach”. Elevate has noticed MANY websites have the same approach and wonders what will happen to this.

Per our review of the news, it appears that the lawsuits are broken down based on the product, with one being lodged against Facebook and two against Instagram and WhatsApp (which Facebook owns). A lawsuit against Google’s Android operating system has also been filed.

Both companies argue that their measures comply with the GDPR requirements and are built in their products. We will see what will come out of this.

Also, a lot of commentary has taken place for the possible loss of review of online advertisers as they seek to comply and/or even be able to comply with all provisions (for instance, Article 8 dealing with minors under 13 years of age).

As time passes we will see how all of this turns out and who will be the first company to pay 2-4% of its global revenue. Elevate will watch this closely.