The GDPR Is Changing The Internet In Unexpected Ways

The GDPR Is Changing The Internet In Unexpected Ways
Image: iStock

The GDPR became active last Friday, bringing with is a wide swathe of changes that impact how personal data is handled in the European Union. EU citizens have to be specifically asked when personal data is collected and they have the right to be forgotten by companies that collect their data. But one of the effects of this is that website operators are changing what they do.

Popular US website site, USA Today is now serving up a GDPR-compliant version of their website.

Researcher Marcel Freinbichler did an analysis using the Chrome developer tool Lighthouse and discovered that about 90% of what was loaded with the site was tracking scripts and ads.

Of course, this will only work for people accessing the website from within the EU – there’s no easy way for the site to know if you’re an EU citizen in a non-EU country. And that’s something that compliance needs to consider as the GDPR applies to EU citizens wherever they are.

Interestingly, some US websites such as the Chicago Tribune and LA Times are blocking access to their sites from the EU. Those, and other sites are showing a message when accessed from the EU that says “Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market”.

While the bar has been raised when it comes to how PII is handled for EU citizens, I’m not sure how many people expected parts of the Internet to be declared out of bounds as a result of the new rules. One bright spark on Twitter suggested someone needs to creates a plug-in that serves the more efficient EU versions of websites.

We may find, because of the way the GDPR applies to citizens rather than geographical boundaries that the behaviour of websites around the world changes significantly.


  • If you use a VPN from the EU bounced via a US address, wouldn’t they still be in breach. since the law applied to EU Citizen, not EU IP addreses.

    • It would give the business grounds for reasonable doubt.
      As the IP address resided in the US the company on face value has no reason to doubt its ligetimacy.
      Saying that though a lot of VPN addresses are know and several sites already actively block them in general.
      Sites like whirlpool pop up a message saying my address is a known spam address and block my access.
      In the future you could see sign up forms for websites asking for your current citizenship status as well as the country you reside in.

  • I tried nordVPN to change my Estonian IP address to American and I easily access restricted news portals. So all good, we have the solution 🙂

Show more comments

Log in to comment on this story!