Tech Firms Battle With GDPR Privacy Rules

Several tech firms have opted to block EU residents from using their services because of concerns they are not compliant with a shake-up to the 28-nation bloc's data privacy laws.

The General Data Protection Regulation (GDPR) comes into force on Friday.

It gives the public more rights over how personal information is used and raises the amount firms can be fined.

The UK's privacy watchdog has stressed that it accepts that some firms will have more work to do.

"It's an evolutionary process for organisations," blogged Information Commissioner Elizabeth Denham.

"Organisations must continue to identify and address emerging privacy and security risks in the weeks, months and years beyond 2018."

Media playback is unsupported on your device

'Short notice'

Even so, Pinterest's news-clipping service Instapaper is one of the most high-profile services to announce that it will bar EU users from accessing its platform from Friday.

It has emailed users to say that this is a temporary measure and that it intends to "restore access as soon as possible".

"I know that it was too short notice," tweeted the service's chief Brian Donohue, who has not detailed in what ways the service would have been non-compliant.

"I underestimated the scope of work and it was not possible to complete by the deadline, this was the required alternative."

The movie and TV review app Stardust has gone even further.

It has removed its product from EU versions of Google Play and Apple's App Store, and deleted all EU residents' records.

"Without deleting EU accounts entirely, we would be storing data about EU residents and therefore would be required to adhere to GDPR laws," it explained.

"So unfortunately, we cannot simply block access or freeze EU accounts for the time being."

Unroll.me - a service that promises to declutter users' email inboxes of unwanted messages - is another product to have temporarily halted its service to EU customers and deleted accounts.

Some start-ups have signalled that they are pulling out of the EU and do not intend to return.

They include Payver - a San Francisco-based dashcam app that pays users for video footage, which it uses to keep maps up to date.

Several video games companies are also blocking EU citizens' access to older products rather than update them, and in some cases have pulled titles offline altogether.

They include the multiplayer shooter Loadout.

"We don't have the resources to update Loadout to GDPR compliance, and a big portion of Loadout players come from the EU," it explained via the Steam store's website.

"Sadly, while big companies have the resources to comply with the GDPR, that's not always the case for small businesses."

Other examples include:

• Super Monday Night Combat - the arena shooter closed down earlier this week blaming GDPR for the move
• Ragnarok Online - the role-playing game says it will block all visitors from Europe on Friday, apart from Russia and the eight other members of the Commonwealth of Independent States
• Tunngle - a service that allowed gamers to connect their PCs together to play titles within a local network - closed last month saying it lacked the funds to make necessary changes

For some, however, the situation has presented an opportunity.

Several services have cropped up offering a way for website administrators to block EU-based visitors rather than check their pages meet the new requirements

Forbes lock-out

Elsewhere, several of the larger tech firms have taken steps to overhaul their privacy measures.

Yahoo has rolled out new consent forms that allow users to pick which third-parties they want to allow the service to share data about them, in order to serve personalised ads "and understand your interactions".

Some users who failed to set their preferences before midnight on 23 May will have found that third-party software - including their smartphone's native email app - will have stopped logging into the service until this was done and their password re-entered.

Apple's privacy management tools also went live earlier this week, as did Spotify's.

Some users have, however, been surprised by the measures taken by the Forbes news site.

If users opt out of accepting "functional cookies" within its new privacy settings, they are blocked from viewing any content on its site until they change their minds.

Meanwhile, many internet users are receiving a last flurry of emails asking them to opt into marketing communications.

Organisations do not need to obtain fresh consent if their customers opted in to such adverts in the past or they can cite other "legitimate interests" for writing to them in the future.

But if the sole basis for emailing them would be that they had not unticked a box in the past, then they should be removed from their contact lists.