In the absence of a meaningful U.S. protections to Internet users’ privacy, the European Union has stepped in, and companies are scrambling to make sure their website management practices comply.
The G.D.P.R., which regulates how companies can collect and used user data is much more stringent than anything in the U.S. According to The New Yorker:
The G.D.P.R. was initiated, in 2012, by the European parliamentarian Viviane Reding, then the vice-president of the European Commission. Speaking to me from Brussels, she explained that she had been concerned about “the big companies, like the American gafa”—the French coinage for Google, Amazon, Facebook, and Apple. “They just ignored the old law,” Reding said. “The Facebook Cambridge Analytica scandal, if it had happened on May 26th, this year, would have cost billions of euros to Facebook, among others. You cannot hand over the personal data of citizens without having asked if the citizens agree that you hand it over. And you cannot steal it and just tell them after. That is not possible anymore, according to the new law. If you do, then the penalties will be very, very severe.”
Not everyone kept up with the website management requirements of the new European rules. Some American newspapers, including the Los Angeles Times and Chicago Tribune, owned by Tronc, went dark in Europe.
While Tronc deemed its European readership disposable, at least in the short-term, most major national U.S. outlets took a different approach, serving a cleaned-up version of their website or asking users for opt-in consent to use their data. NPR even pointed delighted users toward a plaintext version of their site.