back to article GDPR forgive us, it's been one month since you were enforced…

A month after the enforcement date of the General Data Protection Regulation – a law that businesses had two years to prepare for – many websites are still locking out users in the European Union as a method of compliance. To celebrate the milestone, El Reg is casting a vulture's eye over the sites that are giving a new …

  1. Anonymous Coward
    Anonymous Coward

    I think I got sth better

    I stumbled upon a site last night which told me to go forth and (...), so I went into the free opera vpn (damn, free plug for them too!) and chose an "Asian" server. Still no go. And the server IP was Australia.

    Not that it matters, after all, it's THEIR business, not mine...

    1. Voland's right hand Silver badge

      Re: I think I got sth better

      Not that it matters, after all, it's THEIR business, not mine..

      It is their business, but with YOUR data. The only thought you need on the subject is what were they doing with your data prior to that in the first place so they cannot make themselves GDPR compliant. After contemplating on that for long enough, turn around slowly, then proceed at an accelerating pace away from there.

      1. Anonymous Coward
        Anonymous Coward

        Re: I think I got sth better

        "what were they doing with your data prior to that in the first place so they cannot make themselves GDPR compliant" …...

        More likely they have done a risk assessment and concluded your business is not valuable enough to them to mitigate any risk of GDPR penalties. If only 0.1% of your profit comes from EU folks its hard to justify spending much money on compliance and if you do it on the cheap there is always the risk of mistakes leading to costly fines.

        1. Anonymous Coward
          Anonymous Coward

          Why are you complaining?

          The sites you can't access are ones that can't or won't guarantee they will follow the GDPR. If you want the GDPR, then you want such sites to identify themselves. Sure, you can wish they'd simply knuckle under and follow European law, but if an American (or Australian or whatever) site doesn't feel they get enough visitors from the EU to bother with, they made a cost decision that it is easier to cut you off than to risk liability. That's what you wanted, it isn't something you have a right to complain about!

          1. cosmogoblin

            Re: Why are you complaining?

            We ALWAYS have a right to complain.

          2. Anonymous Coward
            Anonymous Coward

            Re: Why are you complaining?

            First of all, this is a crass and inconsiderate response: you can't assume that we "wanted" this and you cannot accuse advocates of internet privacy and consensus-based data control to be responsible for the particularities of a certain legal implementation and/or how companies adhere to it. We absolutely have a right to complaint!

    2. Only me!

      Why is it not>>>

      Opting in....BIG button PRESS HERE for your INSTANT GRATIFICATION!

      Opt out.....here have x pages, links, making it almost impossible. (That is NOT a choice!)

      Make it

      1. Opt in

      2. Opt in to "buy only" (I am sure there are other reasons that apply) and sod off (Option 1 covers buying stuff)

      3. Sod off but I know I have to accept random ads, because you need the money...but no more ads than the ones that opted for option 1.

      4. Down to you as a person....block ads...delete cookies, etc.etc....as it is now

  2. Dan 55 Silver badge
    Meh

    How difficult is it to disable slurp?

    Forbes' nonsense isn't going to work anyway, most people who would opt out would also wipe their cookies at the end of every session.

    1. anothercynic Silver badge

      Re: How difficult is it to disable slurp?

      I had so much fun with that one... Disable ad cookies, POP goes Forbes. Lovely.

      1. Number6

        Re: How difficult is it to disable slurp?

        I'm not sure how I've done it but I have a browser config set up so I don't see ads on Forbes and it still lets me in. Not that I go there that often but occasionally I click on something that turns out to be one of their links.

    2. bombastic bob Silver badge
      Devil

      Re: How difficult is it to disable slurp?

      "most people who would opt out would also wipe their cookies at the end of every session."

      Already being done in my browser, via a nice plugin "cookie whitelist with buttons" and I can enable session-only cookies for most things so they'll at least WORK (but autodumps them if I turn it off and back on again, muahahahaha!). Also running NoScript. that blocks a LOT of it.

      From the article: "How fast the internet could be without all the junk"

      Yes, this was observed when the first TRUE adblockers were being used on phones, how much FASTER it got!

      I was, at first, going to snark a lot about EU being effectively "blocked" by these sites as the side effect of gummint regulation. Then I read the article and realized it was happening from the SAME (kinds of) sites that have kept me from viewing them while I had NoScript running. Thing is, I just avoid them anyway and I think I'm better off because of it. But I blame the web providers, not the people for whom the web site is dedicated. For those web providers, I have a nice cat-5-o-nine tails and a clue-bat I'd like to test out... and maybe a 2nd floor window that tends to flip open when you lean on it.

      So now everyone in EU gets to see the internet in about the same way I've been seeing it for YEARS... except, unfortunately, for those 'once in a while' times where I need to access such sites for truly important reasons, for which I will run the "jailed" browser that runs from a truly non-privileged login and deletes _ALL_ history when it closes. That would be YOU, [well known electronic parts supplier]. Your order forms are unnecessarily NoScript unfriendly. It's from bad web design, as far as I can tell, not sinister around-the-net tracking. Sad.

      GDPR in the USA might be a good thing, too. Imagine the SCREAMS from "Big Intarweb" !!!

  3. S4qFBxkFFg

    One thing that amused me is that according to at least one lawyer, geoblocking the EU won't actually absolve an organisation of legal liability if they don't comply with GDPR and someone in the EU uses their service (e.g. using Tor or a VPN).

    1. kain preacher

      One thing that amused me is that according to at least one lawyer, geoblocking the EU won't actually absolve an organisation of legal liability if they don't comply with GDPR and someone in the EU uses their service (e.g. using Tor or a VPN).

      Would that be computer trespassing if I say I do no not want people from the EU and to lie to hide that you are in the EU

      1. Rob D.

        No EU citizens here

        IANAL but in the case of using Tor, or similar, there should no lie involved because the user has never denied their location. The company may need to introduce a 'We think you are an EU suspect, er, citizen - please confirm or deny' EU-wall for access (or maybe drop anonymous access).

        How the EU (whichever part)) would decide whether a company was operating in the (substantial) EU market and had liability that the EU could enforce because of half-hearted attempts to work around GDPR, will make for an interesting (legally speaking, not like binge watching Suits) spectacle.

    2. Anonymous Coward
      Anonymous Coward

      Good luck with that

      One thing that amused me is that according to at least one lawyer, geoblocking the EU won't actually absolve an organisation of legal liability if they don't comply with GDPR and someone in the EU uses their service (e.g. using Tor or a VPN).

      So, let's say that I set up to provide a service, and for whatever reason decide that I'm not taking customers from the EU. I geoblock all inbound EU IPs. Because I provide such a good service, someone from the EU decides to go around my geoblock with Tor or a VPN. Now, I expect to get paid for my service. If the would-be customer provides me with a credit card or other payment system with an EU address, I know that he's from the EU and tell him to take a hike, and flush all info from him. No GPDR liability. If the would-be customer provides me with a payment system NOT from an EU address, then we move on. The customer has, deliberately, and with malice aforethought, fraudulently claimed to be a resident of somewhere other than his actual address. It may not rise to the level of a criminal offense, depending on exactly whose identity and address the customer appropriated and whether or not he had permission from the owner of the address/account/name/whatever. Fast forwards six months, the customer wants to invoke GPDR... He now has to expose his fraud. I could not possibly have known that he was from the EU, he went to a lot of trouble to hide his actual address. I am not liable under the GPDR; he lied to me, deliberately. If he had told me that he was actually in the EU and was using a VPN to get past my geoblocking, he'd have been tossed; I don't want any EU customers. Under current American law, I can refuse service to anyone I don't want to serve, so long as that person is not a member of a protected category. Being an EU citizen is not a protected category. Most spectacularly this particular bit of American law was used against Sarah Huckabee Sanders https://www.thedailybeast.com/sarah-huckabee-sanders-thrown-out-of-virginia-restaurant . If it can be used against the spokesperson for The Don, it can be used against anyone. Including EU citizens. As soon as I find out that you're an EU citizen, you are no longer a customer. I don't want your business. Keep your money. Go away. Find someone, somewhere else, to sell you the service. Hit the road. Don't let the door hit you on the ass on the way out. If the commissars in the EU attempt to levy a fine on me for non-compliance, well, good luck with that. I have zero assets in the EU. They can't touch me outside of the EU, and in any case the EU citizen will be removed from my database the instant I find out that he's from the EU. I have none of his PII to share with anyone. I don't want it. I don't want him.

      I also don't want customers from the People's Republic of China, from the Democratic People's Republic of Korea, the Kingdom of Saudi Arabia, the Russian Republic, whatever Burma is called nowadays, whatever the Central African Republic/Empire/Hellhole is called, and about a dozen others. They're blocked too, and have been blocked for a long time; the EU just made it to the blocklist thanks to GPDR. I don't want your money. I don't want to have anything to do with you. Go away.

      Let the downvotes commence.

      1. bombastic bob Silver badge
        Devil

        Re: Good luck with that

        I think I'd accept customers from EVERYWHERE, and not bother tracking people with scripty ads or cookies that can be used by 3rd parties through some ad network. Customer is king after all (NOT a commodity).

        Out of curiosity, though, if you perform a financial transaction (which kinda has to be tracked in an accounting system, for audit purposes if for no other reason) then is that affected by 'right to be forgotten' ? You buy something from Amazon. Amazon knows they sold it to you. If GDPR were to force them to (effectively) erase the transaction info, it'd mess up their accounting. However I think it would be perfectly reasonable to require them NOT use the data to recommend products for you, if you want to be forgotten. "Forgotten" for advertising purposes at least (the actual transactions will have to be kept,).

        1. James O'Shea

          Seriously

          Serious question, to all who compain about 'shitty sites'... if the site is so bad, why are you still going there, GDPR or no GDPR? If someone goes to the trouble of geoblocking specifically to avoid having to deal with GDPR, then why on God's green Earth are you going to even more trouble to bypass the geoblocking? Why not just go to a site which complies instead? Why go to the trouble of using a VPN to evade the geoblock when it was clear from the start that your presence was not desired? Is there seriously no other site in the world which can provide the required service? Seriously? There are many sites which have been blocking access to those who run adblockers for a long time now (Forbes, Business Insider, I'm thinking of _you_) and I simply go elsewhere. There are many sites which have asinine cookie policies (Dick's Sporting Goods...) and I simply go elsewhere. I went to the Des Moines Register site for the first and probably the last time just now, thanks to this article, just to see why on Earth someone not in Iowa would want to have a look. Frankly, I don't see any reason to go back. Their site design stinks, their local stories are of no interest to me, their national/international stories are covered better and in more detail elsewhere. So if the decided to geoblock Deepest South Florida I'd not even notice, and would care less. Whyever would someone in Europe care? Why? Seriously?

          1. Claverhouse Silver badge

            Re: Seriously

            @ James O'Shea

            Seriously

            Serious question, to all who compain about 'shitty sites'... if the site is so bad, why are you still going there, GDPR or no GDPR? If someone goes to the trouble of geoblocking specifically to avoid having to deal with GDPR, then why on God's green Earth are you going to even more trouble to bypass the geoblocking? Why not just go to a site which complies instead? Why go to the trouble of using a VPN to evade the geoblock when it was clear from the start that your presence was not desired? Is there seriously no other site in the world which can provide the required service? Seriously? There are many sites which have been blocking access to those who run adblockers for a long time now (Forbes, Business Insider, I'm thinking of _you_) and I simply go elsewhere. There are many sites which have asinine cookie policies (Dick's Sporting Goods...) and I simply go elsewhere. I went to the Des Moines Register site for the first and probably the last time just now, thanks to this article, just to see why on Earth someone not in Iowa would want to have a look. Frankly, I don't see any reason to go back. Their site design stinks, their local stories are of no interest to me, their national/international stories are covered better and in more detail elsewhere. So if the decided to geoblock Deepest South Florida I'd not even notice, and would care less. Whyever would someone in Europe care? Why? Seriously?

            Well. firstly because until you actually access a site for the first time, you are not going to know what barriers to freedom they have put up, what trackers they have to follow you about, what demands they make for permissions.

            It's not like you can discover by word of mouth.

            And then again I don't go beyond the loyalty oath of any American site demanding acceptance for tracking and probing visitors. It just shows there is no reason to visit/buy/examine their crap. They need viewers more than viewers ever need them.

            .

            Incidently, I say American because these seem the only people rolling around wetting themselves whilst screaming at this threat to their beloved economic model. Haven't heard of a Latin American, Russian, Chinese, Arabic reaction of pure capitalist dementia.

            Nor strangely enough have I come across any US hosting company or allied trades, having conniption fits or blocking access to their wares.

        2. rmason

          Re: Good luck with that

          @bombastic bob

          That's fine (it's also what i'd do). It does however assume you've not paid $unreasonable to some company for a flashy website, marketing, advertising, adwords, SEO. You've been totally sold on the need to spend $$$ on this super website with all it's tracking and analytics.

          You can see why some places can't throw this outlay away and "switch it all off for those Europeans".

          The money pumped into the website design and maintenance, and all the related things mentioned above may well outweigh those orders form europe.

          You'd be surprised at the amount of companies being bent over every month/year by a PR firm, a social media company, some marketing bods, a webdesign and SEO firm etc etc. You can't go from agreeing we absolutely need all this stuff, and approving the cost, to admitting it's all either useless or dark arts and turning it all off again. That makes you look silly to your boss/the rest of the board.

    3. pauhit

      I think that lawyer is incorrect.

      1. Anonymous Coward
        Anonymous Coward

        Yeah that lawyer is just an idiot looking for business. That's like saying I'm liable if you break into my garage and steal my car with broken brakes I was halfway through fixing, then crash become paralyzed.

        I look forward to anyone trying that getting laughed out of court. And even if they found a stupidly sympathetic judge in Europe, good luck getting any such court order enforced in whatever part of the world the site resides!

        1. TheVogon

          "That's like saying I'm liable if you break into my garage and steal my car with broken brakes I was halfway through fixing, then crash become paralyzed."

          GDPR is a strict liability based law. It doesn't matter how the data got there. If you store personal data of EU citizens or store personal data of anyone and are located in the EU then you need to comply.

          "good luck getting any such court order enforced in whatever part of the world the site resides!"

          It would be enforced in the EU. As a larger market than the US both in terms of population and in GDP not many international companies are going to want to risk that. If a fine went unpaid then any EU assets, financial transactions, etc. could be seized and the site could be blocked and or cut off from the financial system, domain names could seized, etc. etc.

          1. Anonymous Coward
            Anonymous Coward

            It isn't international companies that are locking out EU users, it is US companies. If they had a significant userbase in the US they would have no choice but to either comply or give up a good chunk of their market.

            The more insistent people are that the GDPR "doesn't matter how the data got there" and enforcing it via extraterroritorial means (doesn't this always piss of EU residents when the US tries this...I guess you guys will stop complaining about that if you think it is OK when the EU tries it?) the more incentive there is for US companies that do limited business in the US (like US news sites) to simply lock out EU users.

            I have to say, judging by the comments here, if I had a web site that might be visited by EU residents and collected data I'd block the EU as well. The potential liability (even through an accidental collection/retention of data) is too great to be worth it unless the EU is a major revenue source.

          2. Anonymous Coward
            Anonymous Coward

            Surely if someone has gone to the trouble of masking their location and other measures to bypass a restriction based on their location that fact could be argued as consent

            1. James O'Shea

              That would also be my opinion.

            2. Anonymous Coward
              Anonymous Coward

              @AC

              Surely if someone has gone to the trouble of masking their location and other measures to bypass a restriction

              This reminds me of the people who think they can evade a shrinkwrap license by having someone else click "accept" when the software is installed. Not that I agree with or support shrinkwrap licenses, but so long as our legal system does it is quite right that they have shot down attempts to evade responsibility for them by deliberately dodging them by having your kid click OK. Using a VPN to evade a geoblock and then try to claim violation of the GDPR is the same sort of shady legal tactic that I can't see any reasonable court agreeing with.

      2. Adam 52 Silver badge

        He might be wrong about the reason, but he might still be right.

        All those sites that accepted EU customers before May 25th? They're likely still storing (and therefore processing) EU citizens data. So still need to be compliant.

      3. cosmogoblin

        Yup, I think the lawyer is incorrect as well.

        Trouble is, until and unless something like this is tested in court, you just can't know for certain. Hence there is always legal risk, albeit low, even if your lawyers confirm you're doing everything right.

  4. Anonymous Coward
    Anonymous Coward

    Don't fret. It is all part of Trumps grand plan

    to isolate the USA from the rest of the world and reality in general.

    Build that Wall and burn that Good Clean Coal.

    He know's best ok!

    1. Dodgy Geezer Silver badge

      Re: Don't fret. It is all part of Trumps grand plan

      ...and burn that Good Clean Coal....

      I might mention in passing that the US is the ONLY country in the world that has fully achieved its CO2 reduction target under Koyoto. It has dropped its CO2 output greatly - almost entirely due to fracking for natural gas.

      All other countries have failed abysmally. But they still shout about how green they are, and how evil Trump is.

      What would you rather, a hypocritical country which shovels vast amounts of taxpayer money into bogus green projects that make the environment worse while polluting everywhere and claiming it's green, or a straight talking country which cuts back on green project spending and manages to pollute much less?

      1. Giovani Tapini

        Re: Don't fret. It is all part of Trumps grand plan

        I thought the USA had not ratified Kyoto, not to mention ground methane leaks associated with fracking contributing back to greenhouse gases (albeit not CO2)

        I agree that there have been a lot of greenwashing projects elsewhere though. Indeed UK based power plants using biomass from USA which is nicely cutting down and grinding up forests for us to claim a bit of coal usage reduction. This activity is a net contributor to CO2 emissions on both sides of the pond.

        I'm not sure I would paint a rosy picture of the USA which, apparently, knows better than the rest of us.

      2. Chairman of the Bored

        Re: Don't fret. It is all part of Trumps grand plan

        I'm not favorably impressed with the environmental side effects associated with our fracking binge. My folks' towns in PA used to breathe the poisoned air from mining operations and comparatively filthy mine power plants. Now they drink poisoned water from the fracking operations. Short lives ending badly.

        Same story around the country but what do we care? Just dump the pollution problems on those ignorant, drug addicted hicks... At least that's the attitude I'm seeing in our cities

      3. Domquark

        Re: Don't fret. It is all part of Trumps grand plan

        But the US isn't a part of Kyoto.

        George W Bush withdrew the US from Kyoto in 2002, labeling it "fatally flawed". This was after the Senate voted 95-0 against adoption.

        And the US is still the second worst [total] CO2 polluter (behind China) and the worst polluter per person on the planet at roughly 16.7 tonnes of CO2/per person/per year. Even China "only" manages 6.7 tonnes/per person/per year.

        1. Rob D.
          Meh

          Re: Don't fret. It is all part of Trumps grand plan

          In the interests of accuracy, you must specifically exclude countries with smaller populations otherwise the US is about 10th in the per capita queue, with a lot of the middle east countries higher up. Qatar in 2014/15 (sorry, last date I have a reference for), was up over 40 tonnes CO2pppy. See https://data.worldbank.org/indicator/EN.ATM.CO2E.PC?year_high_desc=true.

        2. pɹɐʍoɔ snoɯʎuouɐ

          Re: Don't fret. It is all part of Trumps grand plan

          "And the US is still the second worst [total] CO2 polluter (behind China) and the worst polluter per person on the planet at roughly 16.7 tonnes of CO2/per person/per year. Even China "only" manages 6.7 tonnes/per person/per year."

          massaging figures when china has a population of over a 1.4billion (93,800,000,000 tonnes of co2) against usa's 325million (5,427,500,000 tonnes)

          they may be second place, but look at the size of the country... its clearly going to be producing more than most others...

          1. Korev Silver badge

            Re: Don't fret. It is all part of Trumps grand plan

            Which is why the figures you quoted are on a per capita basis

            1. pɹɐʍoɔ snoɯʎuouɐ

              Re: Don't fret. It is all part of Trumps grand plan

              "Which is why the figures you quoted are on a per capita basis"

              there's lies, damn lies and then statistics.

              unless its individual people producing greenhouse gases then you cant really show the numbers per capita.

              the only way to make direct comparisons is to find out how many sq kilometres of land is used for industrial purposes, then compare on like for like.

              1. Anonymous Coward
                Anonymous Coward

                Re: Don't fret. It is all part of Trumps grand plan

                Individual people generate the demand for greenhouse gas producing products and services. If half the people in the US dropped dead tomorrow because of Thanos, a lot of power plants would be shut down, a lot fewer plastic bottles would be needed etc. so the greenhouse gas usage would be cut in half (actually cut in more than half, since it would mostly be the less economic coal plants that were shut down)

                If instead, the population rises, there's increased demand for electricity, increased demand for plastic bottles, and the greenhouse gas output increases as a result. Ironically, Trump's anti-immigration policy (to the extent it prevents immigration either by making it more difficult or by making immigrants fearful to come to the US) would result in less greenhouse gas output by the US since the population will increase by less than it might have otherwise. Of course those potential immigrants who stay in Mexico or central America will do many of the same things there so it won't be a net win for the planet, just for those keeping score nation by nation.

          2. Domquark

            Re: Don't fret. It is all part of Trumps grand plan

            @ pɹɐʍoɔ snoɯʎuouɐ

            No massaging. OK it was a very rough calculation based on figures here:

            https://en.wikipedia.org/wiki/List_of_countries_by_carbon_dioxide_emissions

            China emissions for 2016: 10,432,751 (kilotonnes of CO2)

            USA emissions for 2016: 5,011,687 (kilotonnes of CO2)

            Population China - roughly 1.5 Billion, USA - roughly 300 Million

            Want something more accurate?

            Using https://en.wikipedia.org/wiki/List_of_countries_by_population_(United_Nations)

            Population of China - 1,409,517,397 so CO2/Person/Year = 7.40164755838058 Kg

            Population of US - 324,459,463 so CO2/Person/Year = 15.44626547076545 Kg

            So, even with more accuracy, the US (whose population is a quarter the size of China's) is still way ahead of any other country on the planet for CO2 emissions per person.

            Well done.

            1. Anonymous Coward
              Anonymous Coward

              Re: Don't fret. It is all part of Trumps grand plan

              I didn't see anyone denying that the US had higher per capita emissions, but that's not what Kyoto and Paris were about. They were about slowing and hopefully reversing the trajectory of growth - which the US has done. Granted kind of by accident since a way of extracting oil & natural gas that was previously locked up was discovered and natural gas is much cleaner burning in power plants than either coal or oil.

              But regardless of why it happened, it is a good thing for the world that it did and it looks to continue and nearly all US coal plants are likely to be decommissioned within 20 years at current rates.

        3. bombastic bob Silver badge
          Trollface

          Re: Don't fret. It is all part of Trumps grand plan

          *ahem* - CO2 is **NOT** a pollutant! [if you think it IS then please stop exhaling, you're polluting the environment] [what, you're STILL breathing? hypocrite!]

          1. JulieM Silver badge

            Re: Don't fret. It is all part of Trumps grand plan

            You should have studied the carbon cycle in chemistry, in the third year of secondary school.

            CO2 from carbon that has been out of the cycle for hundreds of thousands of years (i.e., from burning fossil fuels) is a pollutant, because it is adding to the cycle.

            "Fresh" CO2 (i.e. from breath, or from burning recently-deceased organic matter) is not a pollutant.

            1. WolfFan Silver badge

              Re: Don't fret. It is all part of Trumps grand plan

              Bombastic Bob is a pollutant.

          2. anonymous boring coward Silver badge

            Re: Don't fret. It is all part of Trumps grand plan

            Don't act the fool.

            Water isn't a pollutant either, but you can still drown in it.

            Too much CO2 will feck up our planet so much that you will wish you had more pollutants instead of CO2.

      4. Rob D.
        Thumb Down

        Re: Don't fret. It is all part of Trumps grand plan

        Perhaps there's some confusion here between straight talking and straight talking ill-informed bollocks - it is easy with Trump in the Whitehouse for this confusion to arise. For example, from the State of the Union address in Jan, "We have ended the war on American energy, and we have ended the war on beautiful, clean coal. We are now very proudly an exporter of energy to the world."

        It's straight talking and includes the word 'beautiful' but is still unremitting bollocks aimed at a receptive audience: the US is a net energy importer with even the US Dept of Energy saying next decade for that to change; 'clean coal' is about the burning/capture of emissions not the coal; natural gas is cheaper than coal for businesses; US energy production increased during Obama's tenure; etc. References on request but FFS this is obvious stuff easily found.

      5. TheVogon

        Re: Don't fret. It is all part of Trumps grand plan

        "that the US is the ONLY country in the world that has fully achieved its CO2 reduction target under Koyoto"

        The US never ratified Koyoto to have a reduction target.

        "almost entirely due to fracking for natural gas."

        So not because they made any effort whatsoever to reduce CO2 in other words.

      6. HieronymusBloggs

        Re: Don't fret. It is all part of Trumps grand plan

        It has dropped its CO2 output greatly bigly

        FTFY

        1. Anonymous Coward
          Anonymous Coward

          Trump has nothing to do with the US fracking natural gas

          I don't remember him ever even saying anything about natural gas during the campaign. He only "cares" about coal because that's the dying industry he wanted to prop up in a few states where getting coal miners to convert from their traditional democratic votes to him could make a difference. Didn't matter in a red state like West Virginia, but may well have pushed Trump over the line in Pennsylvania and Ohio (Hillary's comments against coal certainly didn't help her cause, either)

          Unfortunately for the coal industry, not only is natural gas cheaper but even unsubsidized wind power is now cheaper than building a new coal plant. The only reason coal is still being burned in the US is because there are a lot of old coal burning power plants still out there, but no new "clean coal" plants are getting built. Over the past five years and through 2020 nearly a quarter of all US coal plants will have been / will be shut down. The rest continue to get older so it will happen to them as soon as they can be replaced with modern natural gas plants and wind / solar (solar isn't as cheap with or without subsidy yet, but as it continues to drop in price someday it will be)

          1. Claverhouse Silver badge

            Re: Trump has nothing to do with the US fracking natural gas

            @DougS

            (Hillary's comments about [INSERT SUBJECT HERE] certainly didn't help her cause, either)

            FTFY

            Bernie all the way !!!

      7. bombastic bob Silver badge
        Trollface

        Re: Don't fret. It is all part of Trumps grand plan

        let's all just burn as much fuel as we want to, and erect windmills to chop migrating birds in half for the lulz.

      8. anonymous boring coward Silver badge

        Re: Don't fret. It is all part of Trumps grand plan

        "It has dropped its CO2 output greatly - almost entirely due to fracking for natural gas."

        Kindly explain how that works? Natural gas creates CO2 when burned, just like any other carbon based fuel.

        1. Justthefacts Silver badge

          Re: Don't fret. It is all part of Trumps grand plan

          Certainly, I will explain how that works for you. Simplified.

          Gas is CH4, oil is C6H14-C8H20, coal is just C

          Note how the ratio of C to H increases as you go along the sequence.

          Both the C and the H generate energy as they oxidise [burn) to CO2 and water respectively.

          Therefore, *per unit energy* gas produces least CO2, and coal produces most, with oil in the middle.

          Unfortunately, that simple picture is almost entirely wrong because:

          1) Nature isn’t kind to us by giving us the option of what comes out the ground. Each oil well produces a mixture, and we further refine it to produce the fractions we want. The refining process itself uses lots of energy. Really a lot, like 20% of the primary energy.

          2) Fracking (or shale oil/gas as it is properly called) uses closer to 50% of the primary energy to power the recovery cycle. So in full-cycle terms, fracking is actually rather CO2 intensive.

          2) The net output of any oil/gas well means that some of it is, for example, heavy very dirty ship diesel and aviation kerosene. It’s no good refusing to burn dirty aviation fuel, because it exists anyway. The only options are - use it for *something*, dump it, burn it/flare it at the refinery because “out of sight, out of mind”.

          Net: Fracking is dirty overall for CO2. So is coal.

          Your CO2 guilt of refusing to burn heavy fractions personally, makes no difference to net CO2 that goes into the atmosphere. So, actually, *you don’t get to choose which is “better for the environment”*. It all goes in, you just get to choose who feels guilty about it.

    2. Anonymous Coward
      Anonymous Coward

      Re: Don't fret. It is all part of Trumps grand plan

      All hail the Republic of Gilead. You know its coming.

      1. TimMaher Silver badge

        Re: Don't fret. It is all part of Trumps grand plan

        Are you sure?

        I thought it was here already.

        Blessed day.

  5. Uncle Slacky Silver badge
    Big Brother

    NPR and Bodhi Linux

    NPR also sends you to a nice quick & minimalist text-only site if you refuse tracking:

    https://text.npr.org/

    Bodhi Linux admins, however, took the rather extreme step of deleting their support forums entirely, just in case:

    https://www.bodhilinux.com/2018/06/03/forums-closed-due-to-gdpr/

    1. Doctor Syntax Silver badge

      Re: NPR and Bodhi Linux

      "Bodhi Linux admins, however, took the rather extreme step of deleting their support forums entirely, just in case"

      It doesn't reflect well on their ability to develop functional S/W. It's a long time since I looked at Bodhi and the memory I took away was style over function so I can't say I'm overwhelmed with amazement to hear it.

      1. Anonymous Coward
        Anonymous Coward

        Re: NPR and Bodhi Linux

        The problem is that they have a valid point. Move the forum to someone else's system and you have 0 risk of being found in violation, even if you put it on Facebook.

        1. Alexander Hanff 1

          Re: NPR and Bodhi Linux

          No this is simply not true. Under Case c-210/16 (European Court) using a third party service makes you a joint controller which comes with joint risk and in fact puts you in a much worse position.

          As a joint controller, you can be sued directly without the data subject ever having to sue other joint controllers. This makes you even more of a target because it is much cheaper to sue some crappy Linux distro than say... Facebook.

          Even worse than that, you can be sued for the processing Facebook does on that page...

  6. Anonymous Coward
    Anonymous Coward

    All of which just proves....

    .....that GDPR is working.

    If the companies behind those websites are asinine enough to block people legally protected from the sort of surveillance the Stasi would have been proud of, then I see that as a positve result.

    1. Voland's right hand Silver badge

      Re: All of which just proves....

      .....that GDPR is working.

      No it is not. At least in the UK where it is deliberately not enforced by ICO

      I have sent them details on UK companies which are in multiple violations of both the old law and GDPR itself and which continue to blatantly market and sell your (out of date) personal data without your personal permission. With company numbers, addresses, the lot.

      They are happily scratching their nether regions instead of enforcing it while waiting for that happy day when UK drops off the cliff without a data equivalence deal so they can stop pretending that they have the intention of enforcing it.

      Similarly, multiple companies have now realized that there is no enforcement in the UK and have gone back to their pre-25th-of-May antics.

      1. Voland's right hand Silver badge

        Re: All of which just proves....

        By the way: when I say personal data means PERSONAL. The violator(s) are recruitment data aggregators so this includes but is not limited to: your job history, address, marital status, skills, education history, certifications - the lot. Personal, identifiable and with your name on it.

        That is for sale and offered without GDPR consent (or prior processing consent wiithin the last 10 years) and the seller has no issues with it (or any issues with using it for their own marcom).

        1. anothercynic Silver badge

          Re: All of which just proves....

          What is interesting about several recruiters (especially those who bought a certain CV site that allowed you to set up *one* CV and then let various recruiters who were signed up at it) is that they emailed me several times *begging* me to update my details because of GDPR and that they'd have to delete my data otherwise. Guess what... they're still emailing me to tell me I *must* update my info to allow them to serve my data. Hang on, didn't you say you were going to delete it? Why haven't you?

      2. Rob D.

        Re: All of which just proves....

        Enforcement is a last resort according to the long-established policy of the ICO, and reiterated multiple times in the run-up to GDPR, e.g. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/04/data-protection-practitioners-conference-2018-ed/. It is even one of their top 'Myths about GDPR', that non-compliance brings immediate, heavy fines.

        Some may disagree with the approach and feel morally obliged to report many companies, but the ICO is being consistent in the practice of guidance before enforcement (which they presumably will continue to do, https://ico.org.uk/action-weve-taken/enforcement/).

      3. TheVogon

        Re: All of which just proves....

        "I have sent them details on UK companies which are in multiple violations of both the old law and GDPR itself "

        The wheels of justice turn slowly. Give it a year.

      4. Robert Carnegie Silver badge

        Re: All of which just proves....

        "I have sent them details on UK companies which are in multiple violations of both the old law and GDPR itself and which continue to blatantly market and sell your (out of date) personal data without your personal permission. With company numbers, addresses, the lot. They are happily scratching their nether regions instead of enforcing it."

        Be sure to register your account with those companies using a tasteful fake nude picture of a randomly selected Member of Parliament. "Calendar Girls" level, with the face Photoshopped on. This either might get something done, possibly to you, or, if not, is at least slightly amusing, especially if it's Facebook and they are facially recognised.

      5. pɹɐʍoɔ snoɯʎuouɐ

        Re: All of which just proves....

        "Re: All of which just proves....

        .....that GDPR is working."

        No it is not. Its showing that a small outfit who has little or no intention of nefarious shenanigans when it comes to private data cant afford to run foul of the ICO.

        so the solution is to move support to a platform where they cannot be held responsible for slurping, a platform where your information will in no doubt be slurped.

        its typical of euro crap, its easy for a large corp to implement and soak up the costs, but your small business or sole trader cant afford it...

  7. DrXym

    Kind of scary

    These blocks have become a form of self censorship. I have to wonder why the legislation in the EU has any bearing or impact on websites operating in other jurisdictions.

    And even if they have reasons to be compliant it makes you wonder what sort of scary crap were they doing before GDPR that means they have to block access afterwards.

    I know that Yahoo! and other Oath properties (Huffington) et al pop up this warning now and there are literally hundreds if not thousands of companies that they sell usage data and deliver ads from.

    1. Doctor Syntax Silver badge

      Re: Kind of scary

      "I have to wonder why the legislation in the EU has any bearing or impact on websites operating in other jurisdictions."

      It bears on anyone handling PII of data subjects resident in the EU by giving those people certain rights. Where the data is held or processed has no bearing; those rights now exist.

      "And even if they have reasons to be compliant it makes you wonder what sort of scary crap were they doing before GDPR that means they have to block access afterwards."

      Indeed. And if they hold problematic data they'd acquired before they started blocking they're still in contravention. If they haven't purged their old data the blocking means nothing. In fact, it raises a flag for someone who has use the site beforehand and fancies taking a poke at them...

      1. Alexander Hanff 1

        Re: Kind of scary

        There is no such thing as PII any more, just personal data and special category personal data.

        Secondly it is not just residents of the EU, it is anyone in the EU. A tourist on vacation in Europe is covered by GDPR...

  8. Halfmad

    I don't think many of the opt-in/out menus are legal

    They make it too difficult to change options. I had one (on mobile) which required me to de-selected 150 different advertisers individually in a tiny menu as there was no "all" option. That was after going through two other buttons to get there.

    It is meant to be clear, transparent and straightforward.

    1. Chris G

      Re: I don't think many of the opt-in/out menus are legal

      I agree, yesterday I was searching for some specific info' on sustainable energy, at least 80% of the non EU sites had gone over to virtually unmanageable opt out pages.

      This was on android, which for some reason seems to be worse, I get the impression if they can't slurp your data and make a penny out of you, you are not welcome to their sites even if it means they have lost you as a potential customer.

      The US has yet to learn it is not the centre of the civilised World and that other options exist.

      1. Anonymous Coward
        Anonymous Coward

        Re: I don't think many of the opt-in/out menus are legal

        I had one website that took me through 8 pages just to opt-out. If you didn't know any better you would clearly click the opt-in just to get rid of it.

        1. pɹɐʍoɔ snoɯʎuouɐ

          Re: I don't think many of the opt-in/out menus are legal

          I had one website that took me through 8 pages just to opt-out

          ugh, there are worse than that... but its got to the point that if I cant opt out with more than a couple of clicks then without confirming anything, i leave the site.

    2. Dodgy Geezer Silver badge

      Re: I don't think many of the opt-in/out menus are legal

      ...It is meant to be clear, transparent and straightforward....

      It IS clear, transparent and straightforward. It's just not EASY.

      No one said that it had to be easy....

      1. just another employee

        Re: I don't think many of the opt-in/out menus are legal

        Yes they did.

        GDPR - Article 7

        3. The data subject shall have the right to withdraw his or her consent at any time. ..... It shall be as easy to withdraw as to give consent

    3. iron Silver badge

      Re: I don't think many of the opt-in/out menus are legal

      Most of these systems I see are not legal because they are opt-out, call the link to the opt-in/out screen "more information", label Google Analytics cookies as "required" and don't offer an option to disable them or just plain don't allow you to opt-out at all.

      My current favourite is www.cycleworld.com (a motorcycle website). They have gone to the trouble of implementing CookieBot which is normally a compliant solution but they have deliberately hidden the button that allows only necessary cookies, wilfully breaking the law. They even illegally state:

      "To continue enjoying the free content made available to you on this website, you must indicate that you understand and accept Bonnier Corp.’s use of cookies by selecting the "Allow all cookies" button below."

      Of course the idiot's have hidden the button using CSS so you can just use browser dev tools to enable it again.

      I think it would be quicker to make a list of websites that are actually compliant with GDPR than one of illegal sites.

      1. VinceH

        Re: I don't think many of the opt-in/out menus are legal

        "My current favourite is www.cycleworld.com (a motorcycle website)."

        Good grief!

        27 cookies they claim are necessary.

        10 labelled as preferences.

        34 labelled as 'statistics'

        84 maked 'unclassified'

        And 251 for marketing!

    4. brym

      Re: I don't think many of the opt-in/out menus are legal

      It frustrates me because it's ridiculously easy to implement from a coding perspective; Has consent been sought and given? Load the all singing, all dancing page. No consent, just load the content into the page - no ads, no social media sharing callbacks, no cookies... it's as easy as a basic if/else.

      And by the way, don't make the default state of a page load as though consent has been given already. That's impossible for first time visitors.

      If I can do it for the comparatively small number of clients I host and manage, and I'm a solo operator, I'm sure dedicated teams can do it in a sinch.

      1. Anonymous Coward
        Anonymous Coward

        Re: I don't think many of the opt-in/out menus are legal

        What's their incentive to do implement what the EU wants though if it is a US based site that doesn't see a lot of traffic from the EU? They go to a lot of expense so they can support page views that generate them significantly less revenue. It makes sense that they'd just block EU views, that's the easiest path, one that guarantees them no liability since they would be liable even if it was an honest mistake, and doesn't impact their overall business too much.

        1. TheVogon

          Re: I don't think many of the opt-in/out menus are legal

          "one that guarantees them no liability since they would be liable even if it was an honest mistake"

          It doesn't guarantee them no liability. At least as above according to a lawyer that is probably better qualified to judge than most of us. However if they had zero business in the EU and no assets there then they could probably choose to ignore GDPR.

  9. 's water music

    disappointed...

    ...that most of those organisations* who fill up my spam folder on a daily basis and 'threatened' that they wouldn't be able to send me 'valued' communications any more if I didn't opt-in seem to have found a way to keep on doing it. A bit like one of those millionaires who threatens to emigrate if someone they don't like wins an election and inevitably doesn't

    *I'm talking about orgs that I have actually had some relationship with at some point, not pure spammers

    1. phuzz Silver badge

      Re: disappointed...

      I was surprised by how many recruitment agencies had picked up my CV from somewhere, and were sheepishly sending me GDPR emails, asking pretty-please could they keep my data. My 'unsubscribe' finger got a lot of work out (not that I subscribed in the first place).

    2. Michael Habel

      Re: disappointed...

      A bit like one of those millionaires who threatens to emigrate if someone they don't like wins an election and inevitably doesn't

      *does.... (TFTFY)

    3. VinceH

      Re: disappointed...

      "*I'm talking about orgs that I have actually had some relationship with at some point, not pure spammers"

      Thankfully, I only have one that's doing that. They are a client's supplier, and I have an email address at that client's domain.

      Having never received any spam from them previously, in the run up to GDPR-day, a sales bod at the company started sending emails along the lines of "GDPR is coming - please tell us we can continue to send you crap, because soon we won't be able to... by the way, we have an offer on x, y, z..."

      i.e. Begging to be able to spam after GDPR day, with spam added to the request.

      I received six emails like that in May, the last being the 24th - then it seemed to stop. Which I thought was because I ignored them; they were asking for consent, and I didn't give it.

      Until 19th June - when I received a marketing missive from them; like the GDPR emails, but without the "GDPR is coming - please tell us we can continue to send you crap, because soon we won't be able to..." bit.

      It puts me in a dilemma. If it was one of my own email addresses, I would make sure they know just how annoyed I am, and make official complaints - but it's an email address at a client (though I host the client's email) and upsetting a regular supplier (and thence my client) is probably not a good plan.

      I think if it happens again, I might go for a gentler approach than I normally would: Add a forward to the server so that any email this person sends to me is sent straight back - without it affecting any other mailbox.

      (There is of course an unsubscribe link - but I've always had a policy of not using them if I shouldn't be receiving the emails in the first place.)

      1. Adam 52 Silver badge

        Re: disappointed...

        " I have an email address at that client's domain"

        Is your client a limited company?

        If so they can still email you under the corporate exemption from PECR. GDPR consent doesn't come into play because it's legitimate interests, not consent.

        "There is of course an unsubscribe link ... shouldn't be receiving the emails ..."

        So if it bothers you, click on the unsubscribe link. Until you do that you haven't got a legal leg to stand on.

        1. VinceH

          Re: disappointed...

          "If so they can still email you under the corporate exemption from PECR."

          PECR was always stupidly flawed in that respect. I said as much when it came in, and I've continued to say it since.

          "GDPR consent doesn't come into play because it's legitimate interests, not consent."

          They themselves have made it quite clear that for marketing, they are operating a consent based approach.

          Firstly, their Privacy Policy states:

          "We may also process your personal data for one or more of the following:

          [...]

          • You have consented to us using your personal data (e.g. for marketing related uses);"

          Secondly, they made that clear in the pre-GDPR emails where they said [digs around in the spam folder]...

          "Very soon, changes to personal data laws mean you'll have to give us permission to stay in touch with you via email to make sure you don't miss out on our special offers.

          As you might know, the law is changing and General Data Protection Regulation (GDPR) will become active on 25th May 2018. We have to make sure that you consent to continue to receive future email special offers and deals.

          Register your interest today so we can send you:

          Special Offers - weekly special offers

          Discounts - notification of Sales

          Prize Draws - chance to WIN various prizes

          Give-Aways - special offers with FREE gifts

          Future offers will only be open to those who opt in to our emails. It's quick & easy to make sure we can stay in touch, simply click the button below to register your interest now.

          Click Here to Opt In"

          I mentioned this in my original post, though I summarised it slightly. They asked for consent using an opt-in button, I chose not to opt in, therefore I have not given consent.

          "So if it bothers you, click on the unsubscribe link."

          I shouldn't have to. I didn't click on the subscribe ("Opt In") link.

          "Until you do that you haven't got a legal leg to stand on."

          As I also pointed out in my original post, my legal legs are irrelevant, because I have to be careful not to annoy a source of some of my income, who use this supplier very regularly.

    4. Jan 0 Silver badge

      Re: disappointed...

      On the subject of spammers, I'm amused that there's been a huge surge in spam sent to my special whois email address. Is anybody else noticing this? It seems that the ICANN/GDPR spat alerted many spammers and spam list suppliers to a free source* of email addresses that many of them were unaware of.

      *Now unavailable, after the horse has bolted.

  10. Detective Emil

    Washington Post

    The Bezos Bugle (motto “Democracy Dies in Darkness”) now tries to sell me a “Premium EU Subscription”, regular price $117, when I attempt to visit. Well, they won’t be losing anything like that just by my not reading Doonesbury every day (which I could do with a VPN anyway, if I could just be arsed). No, I’ve switched my alleigance to block-free GoComics. Hell, I might even buy a subscription.

    By the way, I really hope El Reg is raking it in by showing me ads for BooHoo, Miss Selfridge and and PrettyLittleThing against this page: targetting? What targetting?

    1. Pseu Donyme

      Re: Washington Post

      I saw this too: no 3rd party tracking is promised only as a part of the most expensive subscription. This is in breach of GDPR as giving consent may not be a precondition to providing a service, nor can there be any other disadvantage to those who decline to give consent. (Article 7 point 4, also see recitals 42-43 : https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679, see also: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=623051 )

      It also occurred to me that this sort of thing requires using location information which supposedly required explicit consent even before the GDPR.

      1. Anonymous Coward
        Anonymous Coward

        How can they require consent for location info

        When location info is required for them to even KNOW whether their relationship with you is bound by the GDPR? That's a catch 22.

        Correct me if I'm wrong but isn't the GDPR about storing info, not collecting it emphemerally like an automated script that geolocates you or figures out what browser you are using to determine what content to provide you. Otherwise accepting an IP connection from you would be illegal, because in doing so they learn your IP address!

        1. Adam 52 Silver badge

          Re: How can they require consent for location info

          GDPR is mostly about processing. Where storage is a subset of processing.

          Automated decision making is another subset.

          Accepting an IP address is lawful for a number of reason, necessity and legitimate interest are the two most robust, but it is not the ephemeral nature that makes it legal.

    2. S4qFBxkFFg

      Re: Washington Post

      "By the way, I really hope El Reg is raking it in by showing me ads for BooHoo, Miss Selfridge and and PrettyLittleThing against this page: targetting? What targetting?"

      Treat it as a suggestion for the weekend.

      1. Michael Habel

        Re: Washington Post

        Alas why must Friday be so far away?

  11. Anonymous Coward
    Anonymous Coward

    And once again...

    The EU causes more collateral damage than they probably anticipated. I'm actually hoping that this trend continues: be GDRP compliant and just lock out EU users, simple as that. Then you can continue with your business, no questions asked.

    This reminds me of that brilliant cookie law which the EU just had to push through. And as a result nothing has changed. The only change is that they'll now nicely ask you up front: "Do you accept this cookie?", and if the answer is no you're blocked from the site. SO... no matter what kind of cookie: if you want to use the site you'll have to click yes. And continue clicking yes again and again and again and again for every website. Another one of those awesome EU ideas!

    Now, don't get me wrong here. The motivation behind GDRP is a good one, securing user data. But I also think that, as usual within politics, they're not thinking things through.

    I mean... if you ask a webmaster to remove your data and they say "Ok, done", without actually doing anything. Then what? Would you be the wiser? I doubt it. And even if you can proof this, then what? Call the cops? If you're dealing with a US company and then call the cops on them for an EU law infraction then I'm not too sure that they'll bother to help you. Why should they?

    In the end this will be one of those brilliant ideas which will cause more harm than profit. Like the DCMA takedown requests: that also began as a good idea until people started abusing it left and right because... the consequences for false reports are practically zip as far as I know.

    I fear that this won't be any different. As such: just block the EU and be done with it, easy :)

    (for the record: I am from Europe myself, but not quite a fan of this GDRP intrusion).

    PS:

    We're forced to delete user data. Ok, got it.

    But what about the data retention law, from that very same EU? Never heard of that? Easy: it basically forces companies to store and archive communications passing through their servers (such as e-mails) for up to 3 years. Wouldn't you say that this somehow contradicts with the GDRP? I mean, can it get any more personal than e-mails or forum messages?

    And just so we're clear: the intent of the data retention law is that communications must be stored in such a way that the information can be used to fully trace the users origin. Which is exactly the opposite of GDRP which demands that data needs to be anonymized.

    So what is it? You can't have it both ways, yet that's exactly what they're trying to do.

    1. Dan 55 Silver badge

      Re: And once again...

      It does not contradict in any way with GDPR.

      - Accounting law (other laws are available) obliges companies to retain certain information for a period of time then delete it, so they retain it for a period of time they are required to then delete it.

      - For the rest of the data (e.g. marketing), the user can request that to be deleted at any time.

      What's difficult to understand?

      I imagine GDPR is quite useful. Look at the list of advertising partners there on your screen, all tracking you everywhere you go. Are you happy with that? Many people didn't even know it happened.

      (for the record: I am from Europe myself, but not quite a fan of this GDRP intrusion).

      Er, no. The intrusion's been going on for years, GDPR is an attempt to cut back on that.

      1. Doctor Syntax Silver badge

        Re: And once again...

        "But what about the data retention law, from that very same EU? ... Wouldn't you say that this somehow contradicts with the GDRP?"

        No it doesn't.

        The reasons for this have been explained here numerous times; most recently, at least on my part, with complaints that we have to keep explaining it. So now I won't bother explaining, I'll simply tell you that there are provisions within GDPR for this and similar stuff. If you want a full answer to your question, go and swot it up for yourself. If you're tasked with GDPR compliance in your own company it's the sort of thing you should be doing anyway.

    2. Aladdin Sane
      Headmaster

      Re: And once again...

      What the fuck is GDRP?

      1. Anonymous Coward
        Anonymous Coward

        Re: And once again...

        In general, if you get all the letters in there then you're right in at least one European language.

      2. lafnlab
        Meh

        Re: And once again...

        What the fuck is GDRP?

        General derp.

      3. Rasslin ' in the mud
        Headmaster

        Re: And once again...

        Acronym Dyslexia. It's abundant throughout the post.

      4. Andytug

        Re: And once again...

        Glass Dust Reinforced Plastic?

    3. walatam

      Re: And once again...

      "But what about the data retention law, from that very same EU?"

      If you mean Directive 2006/24/EC, that was annulled in 2014 (see https://en.wikipedia.org/wiki/Data_Retention_Directive)

      With regard to right to be forgotten requests, if the data subjects rights outweigh yours then you have to delete it. If you have a statutory or legal obligation to keep the data, you can keep it (see https://gdpr-info.eu/art-17-gdpr/)

      GDPR is a pita but it is trying to put people back in control of their data and for that, I applaud it.

      1. Doctor Syntax Silver badge

        Re: And once again...

        "GDPR is a pita"

        It depends on how you've been treating personal data in the past.

        If you've not assumed you have rights to spam everyone who ever bought as much as a postage stamp years ago - or even enquired about buying one - you're probably at least well on the way to being compliant.

        If you made a business of buying and selling people's data then not only is it a PITA, it's one you richly deserve and should have got years ago.

    4. RFC822

      Re: And once again...

      (for the record: I am from Europe myself

      Given the this is a UK site, I image that the vast majority of the readers are from Europe!

      1. Ken Hagan Gold badge

        Re: And once again...

        "Given the this is a UK site, I image that the vast majority of the readers are from Europe!"

        Au contraire, mon ami. Since this is an English-language web-site, most of the users are probably from just about anywhere. The vast majority of English native-speakers live outside the EU.

        1. Aladdin Sane

          Re: And once again...

          I do hope you're not including the USA as "English native-speakers".

  12. Anonymous Coward
    Anonymous Coward

    Is this really a surprise? This sort of behaviour has happened for several years in finance as banks "de-risk".

    UK laws against funding terrorists mean many people with family/conacts in the Middle East/West Africa/etc and sometimes send them money have found they have had accouints closed because bank doesn't want to take the risk that one of these payments is found to be going to support terrorism.

    US FACTA rules on declaring infor on accoutns held by US citizens means that many European banks decided that it wasn't worth the risks (multi-miliion dollar fines) to have US citezens as customers.

    If you pass a law that says if you don't compy with it when dealing with a set of people then you can get fined with a percentage of your global turnover then you either have to spend time/money to ensure that every interaction with that group complies to the law or you just decided taht you wioll have no dealings with those people .... and the second method is byh far the simplest

    1. Claverhouse Silver badge

      or you just decided taht you wioll have no dealings with those people .... and the second method is byh far the simplest

      I'll take your word for it.

  13. Peter Galbavy

    There is an implicit assumption that these sites are actually worried about GDPR and are somehow rushing to implement changes. I would however contend that many of them are quite happy to continue abusing the PII of their other readers and have no intention of giving their readership any control over their own data.

  14. Hans 1

    Forbes in Trouble ?

    Once users click the (much less prominent) [...]

    GDPR violation! Did they even read it ?

  15. onefang

    Most of those websites I have never heard of, the rest I never use.

    While I am an Australian, living in Australia, I proxy all my web stuff via Europe. I haven't noticed much of an impact.

  16. Mike Shepherd
    Meh

    "The pace of global regulations is hard to predict"

    Translation: "Our site insists we can sell your details to anyone, anywhere and you get no say in this. Although we knew for years that this was coming, we just hoped it wouldn't happen, so we can't handle it".

    1. John Brown (no body) Silver badge

      Re: "The pace of global regulations is hard to predict"

      Exactly. What's hard about predicting that something enacted into law with an activation date set and specified as two years into the future? You don't need no Gypsy Rose Lee to predict that.

    2. codejunky Silver badge

      Re: "The pace of global regulations is hard to predict"

      @ Mike Shepherd

      Translation: "Our site insists we can sell your details to anyone, anywhere and you get no say in this. Although we knew for years that this was coming, we just hoped it wouldn't happen, so we can't handle it".

      Alternate translation: You people are really not worth this much effort. If you dont want access to our stuff thats fine. If you do then its your governments problem. Sorry.

  17. Mark White

    I have found that for a lot of sites where I just want to read a short news article, I have to spend at least twice as long going through accepting/rejecting tracking than I do reading the article.

    I often think I'd rather have annoying adverts which fill half the screen (but don't track) than go through disabling tracking each time.

    1. Anonymous Coward
      Anonymous Coward

      I've found that using uBblock Orgin's picker tool, to remove the GDPR prompt, is usually faster than having to go through the process in the pop over itself. (I block tracking cookies anyway, and have a host file full of tracking and add related DNS entries).

  18. Chunky Munky
    Facepalm

    So can someone explain to me why Virgin(ontheridiculous)Media are still making you opt OUT of marketing spam, rather that the opt IN (as I understand it) that GDPR is supposed to enforce?

    1. Anonymous Coward
      Anonymous Coward

      Several sites with the mandatory "update your preferences" pop-up have everything set to "on" viz defaulted to "opted in". eg IIRC the BBC and several UK online newspapers.

      1. Doctor Syntax Silver badge

        "several UK online newspapers."

        The entire Trinity Mirror group for a start. The first time I hit that I stopped partway through and emailed the paper telling them they were in breach. They wrote back and assured me that their group expert said they weren't. I wrote back again giving the URL of the ICO's page on the subject, directing their attention to the specific sentence in the specific paragraph. There was no reply and last time I looked nothing had changed.

        Time to start the complaints to the ICO.

    2. Anonymous Coward
      Anonymous Coward

      >So can someone explain to me why Virgin(ontheridiculous)Media are still making you opt OUT of marketing spam, rather that the opt IN (as I understand it) that GDPR is supposed to enforce?

      Report it to the ICO and let them ask Virgin why they are doing that?

      https://ico.org.uk/for-organisations/guide-to-pecr/complaints/

    3. Anonymous Coward
      Anonymous Coward

      "So can someone explain to me why Virgin(ontheridiculous)Media are still making you opt OUT of marketing spam, rather that the opt IN"

      I'm guessing they're claiming "legitimate interests". According to the ICO, that might be fine if there was an "soft opt-in" AND every e-mail has an opt-out link: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/when-can-we-rely-on-legitimate-interests/

  19. Anonymous Coward
    Anonymous Coward

    In the last few days I have been receiving unsolicited emails from apparently legitimate organisations/companies with whom I have never done business - and bear no relationship to my interests.. One via my reserved Amazon buying email address - the other via the web master email address on a hobby site I manage. The latter "Network B2B" also seemed to think I was located several hundred miles away from the town focus of the hobby site. That address would therefore appear to have been picked up by spam facilitators.

    In both cases they have an "opt out" link which I wouldn't touch with the proverbial. It almost seems like people are taking advantage of the GDPR flux to try to net new customers.

  20. steviebuk Silver badge

    Best bit of GDPR is...

    ..finding out all the shitty business' that advertise on small local rag sites. Go to those sites on an Android and you get hit with full screen popup ads, some nasty ones that popup false virus infections "Download our app to clean it" and ones that force you straight to the Play store to install their app or game. Now we can see all those companies.

    I'm hoping (I might try it at some point) someone will note down all the sites/advertisers used. Because when I looked the other day on one local rag that had about 2 clients that use or their site for advertising revenue that have dead domains. So when they say "You can't disable this cookie, you need to go to their site to opt-out and then gives a link to a dead domain that is just being used as holding page for shady adverts. I believe one of them was in Russian as well".

    One local rags to check. The Argus. Most of them up and down the UK appear to all use the same site system so I think all have the same cookies.

    I suspect there are some bad ones amongst them all that would be as bad as the Facebook scandals.

    1. Anonymous Coward
      Anonymous Coward

      Re: Best bit of GDPR is...

      "..finding out all the shitty business' that advertise on small local rag sites. Go to those sites on an Android and you get hit with full screen popup ads, some nasty ones that

      popup false virus infections "Download our app to clean it" and ones that force you straight to the Play store to install their app or game. Now we can see all thosecompanies."

      Yes Indeed!

      Some of us have already been doing just that.

      After reading this article:

      https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/

      I copied a small section of the hex code and did a quick Google search and found that there were a disturbing amount of hits.

      One of which was from a hacked official website for a past US Presidents library.

      I used an online URL scanner that allows you to spoof the user agent and referrer to bypass the checks and got simillar reseults as Sans with one of those nasty pop-ups

      that said "Congratulations!, you've been selected to win a $100.00 gift card from Amazon!".

      I went further by cross-checking domains on a different site and got:

      consumerproductsusa.com

      43,097 25/smtp, 443/https, 443/https_www, 80/http, 80/http_www

      Congratulations! sni185339.cloudflaressl.com, *.americancheddar.com, *.consumerproductsusa.com

      usarewardspot.com

      73,157 443/https, 443/https_www, 80/http, 80/http_www

      Congratulations! sni104900.cloudflaressl.com, *.anchorprojects.co.nz, *.bandaging.bid

      explorereward.com

      95,180 443/https, 443/https_www, 80/http, 80/http_www

      (1) Reward Explorer sni205982.cloudflaressl.com, *.bilgisayarkursubul.com, *.bioltech.tk

      consumersrvycnter.com

      157,649 25/smtp, 443/https, 443/https_www, 80/http, 80/http_www

      Congratulations! ssl385353.cloudflaressl.com, *.consumersrvycnter.com, consumersrvycnter.com

      electronicproductzone.com

      161,337 25/smtp, 443/https, 443/https_www, 80/http, 80/http_www

      Congratulations! sni104900.cloudflaressl.com, *.anchorprojects.co.nz, *.bandaging.bid

      retailproductzone.com

      177,379 25/smtp, 443/https, 443/https_www, 80/http, 80/http_www

      Congratulations! sni80345.cloudflaressl.com, *.4i59zbooks.cf, *.appofthedaygiveaway.com

      nationalconsumercenter.com

      342,185 25/smtp, 443/https, 443/https_www, 80/http, 80/http_www

      Congratulations! ssl385692.cloudflaressl.com, *.nationalconsumercenter.com, nationalconsumercenter.com

      Playing Devils advocate here, the domains listed above may not know that users are being directed to their sites by malicious JavaScript and I in no way make any

      suggestion otherwise.

      @steviebuck: I'm not sure why you got a downvote on your post?

      Oh yes I do, there are a few corporate shills that tend to downvote anything that may reflect badly on their companies.

      Sometimes I use downvotes to judge whether or not I am on the right track when hunting down "bad actors".

      Commence with the downvotes!

      1. steviebuk Silver badge

        Re: Best bit of GDPR is...

        Worthing Herald appears to have to shady cookies it's using.

        One such one is polarb.com

        If you click on the Content Manager and then go to the Polar entry it tells you that Google own them and gives you the address above for PolarB.

        But if you click that link it redirects to random, possibly shady adverts. I'm assuming that's probably where some of the nasty popup ads on Android are coming from when visiting their site on a phone.

    2. TheVogon

      Re: Best bit of GDPR is...

      "Go to those sites on an Android and you get hit with full screen popup ads,"

      Not if you install https://block-this.com/

    3. steviebuk Silver badge

      Re: Best bit of GDPR is...

      The Argus appear to have made the look up of their cookies easy and all seem OK so far.

      But the likes of bristolpost.co.uk make theirs not sure easy to look up. Who are A.Mob for example? accorp sp. z o.o looks suspicious. adrule gmbh from reading their site, and I might be understanding it wrong (some of the site switches to German) I think this is one of the advert companies that use the fullscreen popup ads on mobile and one that forces you to the Play store. I could be wrong, I'm just reading their site and could be understanding their method wrong.

      There are LOADS of them on the BristolPost site. Would take a while to try and work out what all the companies do and which ones are the suspect ones.

  21. Mephistro
    Meh

    In (probably) related news...

    ... a few days ago, Youtube started adding lots and lots of ads at the beginning of their videos. This would happen ~once per ten videos or so, with a three seconds countdown to allow "skip ad". Yesterday they were appending TWO ads at the beginning of each video, providing variable size "skip this ad" countdowns, even with some ads forcing users to watch most/all of the ad. The ads they served where mostly for my locale, but I also had to watch-or-skip ads in French, German and other European languages. The whole thing looks like a punishment for users that don't accept the worst of G's crap.

    I reckon that G is boiling the frog too fast, and that's, imho, a clear symptom of G's desperation.

    Good, good, ...

  22. Anonymous Coward
    Anonymous Coward

    Usual EU fuckup

    My UK based newsquest "news" sites make it a one click opt-in, but 9 clicks to fully opt out.

    If you use safe browsing or clear your cookies, expect to do that every time you want to visit.

    What retards have they got working in the EU department responsible for this crap? We are still suffering the cookie banner fallout years later after they brought that badly thought out nonsense in.

    1. Anonymous Coward
      Anonymous Coward

      Re: Usual EU fuckup

      "What retards have they got working in the EU department responsible for this crap?"

      You realise that the behaviour you mention is probably non-compliant, right? And that they may have deliberately done it like that in an effort to look like they're compliant and make people complain to the point of getting the GDPR regs repealed, because it's injurious to their current business practices?

      1. Anonymous Coward
        Anonymous Coward

        Re: Usual EU fuckup

        It's legally compliant, as the law has too many holes, as it was created by cretins.

    2. Claverhouse Silver badge

      Re: Usual EU fuckup

      Usual EU fuckup

      My UK based newsquest "news" sites make it a one click opt-in, but 9 clicks to fully opt out.

      If you use safe browsing or clear your cookies, expect to do that every time you want to visit.

      What retards have they got working in the EU department responsible for this crap? We are still suffering the cookie banner fallout years later after they brought that badly thought out nonsense in.

      If you don't like it why the fuck don't you simply one click opt-in every time ? Be tracked like a happy American consumer and enjoy life.

  23. Anonymous Coward
    Anonymous Coward

    Entitled whinging

    Being in the EU does not give you a right to a non-EU service. If a non-EU company decides it is easier to lock you out rather than comply with pointless regs, maybe look to your legislators rather than the foreigners.

    1. Doctor Syntax Silver badge

      Re: Entitled whinging

      "If a non-EU company decides it is easier to lock you out rather than comply with pointless regs"

      If they decide EU business isn't worth their while then it's reasonable that they regard the regs as pointless although those of us in Europe don't agree. For a company that does local business in a non-European company that wouldn't damage their business. If, in future, they were to want to expand their business they'll need to reconsider.

      However, for those in media who regard themselves as important opinion leaders it's a very high risk strategy. They can't really afford to drop out of such an influential region. Are they finally getting round to fixing it or are they still sticking their heads in the sand and hoping it all goes away?

    2. John Brown (no body) Silver badge

      Re: Entitled whinging

      "Being in the EU does not give you a right to a non-EU service. If a non-EU company decides it is easier to lock you out rather than comply with pointless regs, maybe look to your legislators rather than the foreigners."

      You do realise this is what the rest of the world has been saying about the US for years, don't you? The question you should really be asking is, is this something that does some good for the people and will other countries start to adopt similar laws? After all, the web worked ok before targeted advertising, so why can't it do so again?

      I can see it being a problem initially for smaller non-EU businesses with only a little EU traffic, but let's not forget the size of the EU market. It's certainly not something to dismiss for any company wanting to go international.

  24. Bavaria Blu
    Holmes

    Never heard of any of those sites

    I live in Europe, but have never heard of any of these websites, ergo they don't have many customers in Europe.

  25. KeithD

    Blocked by the Register ...

    ... Iowa's Des Moines Register that is. The paper behind the RAGBRAI (the Register's Annual Great Bicycle Ride Across Iowa) and associated with USA Today, who have put up the barrier at ragbrai.com

    While it's easy to access via ExpressVPN, I'm wondering how long it'll be before they have a GDPR panic and put their own barrier up!

    1. Anonymous Coward
      Anonymous Coward

      Re: Blocked by the Register ...

      Well, how many people from the EU do they get on that ride each year? Maybe a dozen? Perhaps it isn't worth their time to worry that something they do on their website runs afoul of the GDPR, especially since the GDPR holds one liable even for unintentional violations.

    2. A-nonCoward
      Facepalm

      Re: Blocked by the Register ...

      they use Flash . You still sure you want to be allowed to open their website?

  26. MacroRodent

    Frankly, my dear, I don't give a damn

    So far no site I care about has tried to lock me out for being in the EU.

  27. chivo243 Silver badge
    Trollface

    GDPR! - It's a trap!

    They're just waiting for some big corp to screw up, and then swoop in with the hefty fines.... Hey Zuck, taking notes here...

    Small potatoes don't seem to be the focus.

  28. BinkyTheMagicPaperclip Silver badge

    Nekochan (sgi site) is dead

    The maintainer didn't like the implications of GDPR, so just took the site offline. Hopefully will be back online sometime..

    For the rest of sites it really is a load of old bollocks. Facebook and a load of dating sites are clearly in flagrant breach of GDPR (using the minimum amount of data and offering choices about it), but no-one is going to enforce it.

    Counting down the days here until we clear down a load of historic customer data on their request, and then several months later they say they've made a mistake on the retention period, and did we really irreversibly delete it? (yes, yes we did).

    1. TheVogon

      Re: Nekochan (sgi site) is dead

      "but no-one is going to enforce it."

      Oh I think they will. Give them time. The largest culprits with an obvious EU presence are likely to be first.

  29. Lee D Silver badge

    Has Apple issued a statement to say they are GDPR compliant yet?

    They have put a lot of rhetoric that SUGGESTS so but they don't seem to have any definitive statement of conformance.

    But then, they never had one for the DPA either and even a month ago their policy still said "we could store your data anywhere at any time".

  30. Chairman of the Bored

    Dicks sporting goods misbehaving?

    Surprise, surprise.

    For various OT reasons I had to visit their web services portal at least weekly. I went in using a fully armored Linux box and a standalone instance of Firefox plus NoScript that got blown away after every session when dealing with those dicks. NoScript would be absolutely slammed; never seen a site light it up like Dick's.

    Moral of the story? Don't be a ...

    1. Doctor Syntax Silver badge

      Re: Dicks sporting goods misbehaving?

      "Don't be a ..."

      Nominative determinism?

      1. Chairman of the Bored

        Re: Dicks sporting goods misbehaving?

        Nominative determinism... I think so! Thank you, sir, you've expanded my vocabulary with a useful phrase. Upvote!

    2. Claverhouse Silver badge

      Re: Dicks sporting goods misbehaving?

      @ Chairman of the Bored

      Dicks Sporting Goods shop sounds like one of those jocular expressions of old world ribaldry such as, As Queer as Dick's Hatband to indicate one who was not as other men are...

      1. Chairman of the Bored

        Re: Dicks sporting goods misbehaving?

        @Claverhouse,

        Now .that. is an interesting turn of phrase. If I understand correctly it means one who is very odd indeed, or someone who is exceptionally tight with their money. If you go in their shops it appears Dick's is very proud of their name. If we change it to "Cheap, Very Strange Sporting Goods" I think that would work. Drink up! We're going in.

        I wonder how on earth the word went from a diminutive form of Richard (Rick) to a reproductive organ, then to an epithet...

        As an aside I served with a man named Richard Holden. NCOs loved shouting at every opportunity, "Holden, Dick! Stand at attention!" Etc. Poor guy.

        1. onefang
          WTF?

          Re: Dicks sporting goods misbehaving?

          'As an aside I served with a man named Richard Holden. NCOs loved shouting at every opportunity, "Holden, Dick! Stand at attention!" Etc. Poor guy.'

          I went to school with a guy named Wayne Kerr, his parents must have hated him from childbirth.

          1. Chairman of the Bored
            FAIL

            Re: Dicks sporting goods misbehaving?

            Oi! Must have been rough in school for W. Kerr. Or American race car driver Richard Trickle.

            Worst one I've seen from an IT end is a Korean gentleman I worked with who transliterated his surname simply as a capital O. Broke an awful lot of software and wetware "Mister you need to fill out your full name. If you just put in an initial..." Ended up changing to Oh

            In my other life I work with kids. Recently had one upset I struggled with her first name. Spelled: L-u. Confused? Its pronounced "Lee Dash Uh". How the hell what I supposed to figure that out?

  31. J27

    I think it's cute that the author of this piece actually believes that American media corporations are going to try to support GDPR. If totally blocking all EU IPs works of them and is even slightly easier, they're not going to bother allowing all their visitors to opt out of tracking cookies. That would risk all their income for the possibility of serving people they don't care about serving.

    It's beside the point that blocking EU IPs doesn't actually prevent EU residents from accessing your website using proxies or say, just by being in a non-EU country when they access your site. Heck, it's written so that it may well apply to non-resident citizens of the EU too, which even includes me.

    1. Anonymous Coward
      Anonymous Coward

      Even if the EU thinks it should apply to EU citizens living in the US, good luck getting any enforcement of such a ruling by an EU court against a US company that has taken pains to block EU visitors rather than try to comply. How is a US website supposed to know that you are covered under the GDPR if you are accessing it from the US? That would be like a Muslim expecting Google to block images of Mohammad from searches by somehow magically knowing his religion (well, maybe that's a bad example, Google probably does know his religion...)

      Speaking of Google, what are they doing to comply with the GDPR? They are probably the biggest potential violator there is.

  32. Anonymous Coward
    Anonymous Coward

    our customer had a huge GDPR message completely obscuring their home page, injected by javascript by a third party supplier of theirs, without their consent.

    it's delicious watching all the organisations flail around tearing away at each other.

    serves 'em right.

  33. Anonymous Coward
    Anonymous Coward

    'Whole host of local media outlets that are shying away from dealing with the matter'

    Well so far most firms are earning a flat out fail! Starting with telco Three and my bank. Both failed to even reply. The local electricity / gas firms require you to submit a copy of government issued ID with your email or they will do nothing. Nice ID-Theft vector there!

    A quick email to the local DPC (Helen Dixon) to ask if this is ID requirement is legal confirms more bad news. The Irish DPC has added their own bloc or fresh new barrier to processing queries... A PDF form to fill out before anything gets looked at and yet another barrier to slow down and bury GDPR....

    Vodafone unbelievably has a data-deletion request button on their site. But it will it work? 30 days and we'll see.

    Overall though, really tired of firms uploading their CRM databases to Facebook / Instagram to feed the Shadow Profile monster. But if they don't ever reply, how the hell can you stop this.

  34. Florida1920

    NY Daily News, FWIW

    I use uBlock Origin and ScriptBlock, in Chrome. My laptop has two mouse buttons and a touchpad, so I installed a middle-click simulator. Pressing both buttons simultaneously simulates the middle button on a mouse.

    The New York Daily News was recently bought by the same outfit that owns the Chicago Tribune and the LA Times. After the acquisition, whenever I middle-clicked on a link from the Daily News home page to an article, the middle-click simulator stopped working, on any site. The only solution was to reboot the laptop. This problem has never appeared anywhere else. I stopped reading the Daily News, and the quality of my life has not been diminished.

  35. jonfr

    What works and what doesn't

    From Iceland (country, EEA, GDPR law apply) this works.

    * Los Angeles Times

    * New York Daily News

    What doesn't.

    * Chicago Tribune

    I guess some people in the U.S don't know how complicated Europe really is. I don't blame them.

  36. Anonymous Coward
    Anonymous Coward

    Another cheap tactic used is to literally force you to resubmit your choices every single time on site / page load / refresh. Many websites require you to untick each individual ad tracker/provider manually, only to request you to do it all over again once the page is refreshed. It is sinister and quite possibly illegal. But as long as we persevere and / or avoid using websites that do no respect our right to privacy, these companies will eventually "get it" and comply. GDPR, if anything, has at least opened my eyes as to the scale of the issue of privacy and just how many different companies with shady credentials get access to our (meta-)data.

    1. Anonymous Coward
      Anonymous Coward

      Also, if you accidentally or intentionally opt-in, its actually harder to opt out afterwards as relevant options disappear. So, if you opt out you are constantly harassed to opt back in - but if you opt in it becomes difficult to opt out. Shady tricks by companies that have truly revealed their shady side to consumers ever since the GDPR.

  37. Phil 54

    Firefox reading view

    I've found that when I can get around some blocks or incredibly annoying multi-click consent prompts by using the Firefox Reading mode. Using Google mobilizer on my Android rss reader works as well.

    1. Mephistro

      Re: Firefox reading view

      Blocks can also be removed using the Tor network.

  38. Richard Jones 1
    Go

    C0 Alarms Anyone

    I guess those 'wonderful' C0 alarms recently withdrawn on Amazon and e-bay for giving you a good nights sleep followed by an everlasting deep sleep as you failed to wake up in the presence of C0 would be a prime candidate for such action. They did not explode, they just did nothing.

  39. Uberior

    Photo ID for GDPR queries?

    I'm on a data-trail at the moment.

    I was sent a marketing email about Company A's product. Upon querying the point of consent:-

    Company A blamed Company B

    Company B blamed Company C

    Company C blamed Companies E, F, G, H & I for providing data under warranty.

    Company C claims that their owners, Company D (with whom I have a relationship and hold a "no marketing record) do not share data whereas Company D explicitly state on their data protection statement that they do.

    Company E claim to neither hold nor have supplied data to Company C

    Company F refuse to engage with me until I post them clear copies of my passport, drivers licence and a bank statement!

    Company G, H, I & J have stll to respond.

    It's all a bally mess, there's no way any reasonable person is going to send copies of photo ID and financial records to an organisation they are suspicious of poor data handling and there is absolutely no responsibility or ownership.

    1. onefang

      Re: Photo ID for GDPR queries?

      Report 'em all and let GDPR sort 'em out!

  40. Jamie Jones Silver badge

    Oh, why do you DEFY us so?

    This site works with a US IP, but in the UK...:

    http://www.smosh.com/articles/best-botched-ecce-homo-painting-meme :

    Due to certain regulatory changes, we are unable to connect you with the requested DEFY Media website.

    We invite you to visit DEFY’s programming channels, including those listed below:

    SMOSH YouTube Channel

    CLEVVER YouTube Channel

    AWEME YouTube Channel

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like