With the General Data Protection Regulation (GDPR) set to go into effect on May 25th, 2018, many organizations are scrambling to ensure their compliance with the law, while many are unlikely to have compliance sorted out in time.
SEE: Getting ready for the GDPR: An IT leader’s guide (Tech Pro Research)
In a series of tweets, F-Secure CRO Mikko Hypponen catalogued a number of services that are limiting operations in Europe or shutting down completely in response to the GDPR. Mobile marketing firm Verve, as well as cross-device advertising platform Drawbridge, has shuttered European operations, while SQL how-to training firm Brent Ozar Unlimited stopped selling training products to EU-based customers. Ozar noted that: “As a consumer, I love a lot of things about the GDPR,” though pointed out that the penalties for noncompliance–€20 million or 4% of annual worldwide revenue–“are terribad.”
Similarly, TechCrunch reported that Unroll.me–an organization that offers the “service” of unsubscribing users from unwanted mailing lists while using the access to mine inboxes for marketing data–has declared the end of services for users in the EU. This particular announcement is probably somewhat more natural, as there is seemingly no way to make harvesting and selling data to third parties GDPR compliant. (If you were unaware of Unroll.me’s practices, CNET has a handy guide on how to remove Unroll.me from your Gmail account.)
Steel Root, a Boston-based IT services company was cited by Hypponen as blocking users from the EU due to the GDPR, though the company claims to have been blocking users from outside of the US since 2015, as the company does not have any business outside the United States to begin with. The company stressed that the move is “to design for privacy in our business practices,” rather than rely on the move as a shortcut to GDPR compliance.
Hypponen notes that reactions from users in the EU echo sentiments such as “Our freedom is more important than their business,” and “This weeds out trashy websites,” while users in the US are voicing opinions such as “This should teach those smug EU regulators a lesson.”
The big takeaways for tech leaders:
- Many companies have announced that services for users in the EU will stop when GDPR comes into effect on May 25, 2018.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays