BRUSSELS • The European Union’s flagship new data protection laws came into effect yesterday but hit an early hitch as several major American news websites were blocked to European users.
The Los Angeles Times and Chicago Tribune newspapers were among those inaccessible on the other side of the Atlantic following the entry into force of the General Data Protection Regulation (GDPR).
Separately, Facebook and Google already face their first legal cases under the new law after an Austrian privacy campaigner accused them of effectively forcing users to give their consent to the use of their personal information.
The EU has billed the GDPR as the biggest shake-up of data privacy regulations since the birth of the Web, saying it sets new standards in the wake of the recent Facebook data-harvesting scandal.
But it has also been blamed for a flood of e-mails and messages in recent weeks as worried firms rush to request the explicit consent of users. This led to the hashtag #HappyGDPRDay taking off on social media as people sarcastically celebrated the end of the deluge of spam.
Even though the rules were officially adopted two years ago, with a grace period until now to adapt to them, companies have been slow to act, resulting in a last-minute scramble this week.
Companies can be fined up to €20 million (S$32 million), or 4 per cent of their annual global turnover, for breaching the strict new data rules for the EU, a market of 500 million people.
Several firms experienced realworld problems over complying with the EU laws, with newspapers owned by the Tronc group, formerly known as Tribune Publishing, saying that they were blocked to Europeans for now.
“Unfortunately, our website is currently unavailable in most European countries,” said the message carried by the LA Times, Chicago Tribune, New York Daily News, The Baltimore Sun and Orlando Sentinel.
Newspapers owned by Lee Enterprises, including the St Louis Post- Dispatch and Arizona Daily Sun, were also out of reach, and the publishing group explicitly blamed the GDPR.
The European Commission insisted it was not responsible for the blackout of some United States sites, saying it was “proud to set high data-protection standards” for the bloc’s 500 million citizens.
“We have seen the press reports, but it is not for the Commission to comment on individual companies’ policies in terms of offering services in the EU,” a spokesman said.
“We expect all companies to fully comply with the GDPR as of today. With the new rules in place, EU data-protection authorities will watch over their correct application across the EU and ensure full compliance.”
Meanwhile, campaigner Max Schrems said he had launched four court cases yesterday under the new law. They target Google in France, Instagram in Belgium, WhatsApp in Germany and Facebook in Austria.
A previous case brought by Mr Schrems against Facebook triggered the collapse of a previous EUUS data-sharing agreement.
Brussels says the new laws put Europeans “back in control” of their data. Parents will decide for children until they reach the age of consent, which member states will set at anywhere between 13 and 16 years old.
The case for the new rules has been boosted by the recent scandal over the harvesting of Facebook users’ data by political research firm Cambridge Analytica for the 2016 US presidential election. As he apologised to the European Parliament on Tuesday over the scandal, Facebook chief Mark Zuckerberg said his firm will be “fully compliant” with the EU law.