The GDPR became active last Friday, bringing with is a wide swathe of changes that impact how personal data is handled in the European Union. EU citizens have to be specifically asked when personal data is collected and they have the right to be forgotten by companies that collect their data. But one of the effects of this is that website operators are changing what they do.
Popular US website site, USA Today is now serving up a GDPR-compliant version of their website.
Researcher Marcel Freinbichler did an analysis using the Chrome developer tool Lighthouse and discovered that about 90% of what was loaded with the site was tracking scripts and ads.
Because of #GDPR, USA Today decided to run a separate version of their website for EU users, which has all the tracking scripts and ads removed. The site seemed very fast, so I did a performance audit. How fast the internet could be without all the junk! ????
5.2MB → 500KB pic.twitter.com/xwSqqsQR3s
— Marcel Freinbichler (@fr3ino) May 26, 2018
Of course, this will only work for people accessing the website from within the EU - there's no easy way for the site to know if you're an EU citizen in a non-EU country. And that's something that compliance needs to consider as the GDPR applies to EU citizens wherever they are.
Interestingly, some US websites such as the Chicago Tribune and LA Times are blocking access to their sites from the EU. Those, and other sites are showing a message when accessed from the EU that says "Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market".
While the bar has been raised when it comes to how PII is handled for EU citizens, I'm not sure how many people expected parts of the Internet to be declared out of bounds as a result of the new rules. One bright spark on Twitter suggested someone needs to creates a plug-in that serves the more efficient EU versions of websites.
We may find, because of the way the GDPR applies to citizens rather than geographical boundaries that the behaviour of websites around the world changes significantly.