New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

New Service Blocks EU Users So Companies Can Save Thousands on GDPR Compliance (bleepingcomputer.com)

Posted by msmash on Monday May 7, 2018 @02:40AM from the how-about-that dept.

Catalin Cimpanu, reporting for BleepingComputer: A new service called GDPR Shield made the rounds last week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with GDPR compliance. GDPR, or General Data Protection Regulation, is a new user and data privacy regulation slated to come into effect in the EU three weeks from now, on May 25, 2018.

The new regulation brings a wealth of protections to user privacy but is a nightmare for companies doing business in Europe. The reasons are plenty, but the humongous fines for failing to meet GDPR standards are at the top of the list for most companies ($24 million or 4% of a company's annual worldwide revenue -- whichever is higher). There's also the 72-hour deadline to reveal data breaches and the necessity of hiring a so-called "Data Protection Officer." Plus, GDPR also mandates that companies must inform users on what data they collected about them, allow them to review the data, and even let users delete the data from the company's servers if they so wish.

23 of 553 comments (clear)

Min score:

Reason:

Sort:

Nothing "new" here by Dorianny · 2018-05-07 02:45 · Score: 5, Insightful

geofencing is not exactly a new concept. At least it finally is being used for good (privacy protection) rather then for evil (arbitrary geographical media blocking)
1. Re:Nothing "new" here by OzPeter · 2018-05-07 03:01 · Score: 5, Insightful
  
  for good (privacy protection)
  Good is rather relative here: it's purpose here is evading privacy protection.
  It's not so much as evading privacy restrictions as locking out users for which privacy protections have been mandated.
  If anything you could use it as an indication to ether do or refuse to do business with a company based on what side of the GDPR fence you want to be.
  
  --
  I am Slashdot. Are you Slashdot as well?
2. Re:Nothing "new" here by Anonymous Coward · 2018-05-07 03:07 · Score: 3, Insightful
  
  It is definitely good. A Mom and Pop shop in the states selling homemade soap can't afford to have a DPO or respond to GDPR letters from hell. As per the GDPR law, even if a place doesn't do business in the EU, if an EU resident visits a site, the site has to comply.
  Not every website is a multi-billion dollar operation that can spend the cash on this stuff.
  So, they get blocked. $9 a month is cheap insurance compared to running afoul of the EU.
3. Re:Nothing "new" here by Anonymous Coward · 2018-05-07 03:12 · Score: 2, Insightful
  
  It's also totally unnecessary. Either:
  1. You do business in the EU, therefore you fall under EU jurisdiction and have to follow EU laws. This service will not help because you still need to follow GDPR to do business there.
  2. You do not do business in the EU, therefore you do not fall under EU jurisdiction and do not have to follow EU laws. This service will not help you because the EU can't touch you in order to enforce GDPR.
  They're selling snake oil.
4. Re:Nothing "new" here by mvdwege · 2018-05-07 03:20 · Score: 4, Insightful
  
  Tell me, what of my personal data beyond billing and shipping data for my most recent order would a Mom and Pop shop need?
  This is the usual right-wing talking point about 'onerous regulation' and it is bullshit. It is not about the small businesses, unless they are merely a bait-and-switch operation trying to gain my data to sell it on to unscrupulous marketeers. It is about massive corporations that want to be free to pillage my life for their profits, and there is always an idiot falling for their 'but think of the poor small businessmen' shtick.
  
  --
  "I know I will be modded down for this": where's the option '-1, Asking for it'?
5. Re:Nothing "new" here by Mascot · 2018-05-07 03:27 · Score: 3, Insightful
  
  It is definitely good. A Mom and Pop shop in the states selling homemade soap can't afford to have a DPO
  Good thing they wouldn't need one, then. There are criteria for when you'd need one (e.g. your business is mass storage or processing of personal data), and the odds of a tiny shop meeting any of them would be extremely slim. Heck, we're a multinational company and we don't need one. For that matter, there's no requirement to _hire_ someone, it's a role that could be assigned to any employee with sufficient knowledge of privacy laws and best practice.
  
  if an EU resident visits a site, the site has to comply.
  Not quite. If your site collects personal data about a EU resident, the site has to comply. If your site does not collect personal data, GDPR does not apply.
6. Re:Nothing "new" here by BronsCon · 2018-05-07 03:27 · Score: 3, Insightful
  
  even if a place doesn't do business in the EU, if an EU resident visits a site, the site has to comply.
  And they can kiss my ass as far as enforcement.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
7. Re:Nothing "new" here by Anonymous Coward · 2018-05-07 03:48 · Score: 0, Insightful
  
  Tell me, what of my personal data beyond billing and shipping data for my most recent order would a Mom and Pop shop need?
  Don't know and your question misses the point. It isn't about whether they "need" any data. Compliance is a cost whether they sell your data or not. You're just not worth the cost.
  
  This is the usual right-wing talking point about 'onerous regulation' and it is bullshit.
  Yeah, whatever. Regulations have consequences. This is the kind of thing that makes it difficult for you to pretend otherwise.
  Anyone with two firing brain cells can anticipate that GPDR trolls will appear on day 1 to sue whomever has deep enough pockets to be worth suing. I suspect this sort of block will be very popular. Enjoy.
8. Re:Nothing "new" here by WoodstockJeff · 2018-05-07 03:49 · Score: 2, Insightful
  
  > Tell me, what of my personal data beyond billing and shipping data for my most recent order would a Mom and Pop shop need?
  What about storing information on the products you purchased, so you can be notified if there are any recalls? What about storing information to prove that certain taxes have been paid? That's two items that fall under government requirements that also fall under GDPR, along with your billing and shipping information. "Giant evil corporation" and "Mom and Pop shop" both have to deal with them.
9. Re:Nothing "new" here by Anonymous Coward · 2018-05-07 04:08 · Score: 3, Insightful
  
  and there is always an idiot falling for their 'but think of the poor small businessmen' shtick
  With any luck Slashdot will adopt this service and you will be cut off.
10. Re:Nothing "new" here by rsborg · 2018-05-07 04:13 · Score: 3, Insightful
  
  Tell me, what of my personal data beyond billing and shipping data for my most recent order would a Mom and Pop shop need?
  This is the usual right-wing talking point about 'onerous regulation' and it is bullshit. It is not about the small businesses, unless they are merely a bait-and-switch operation trying to gain my data to sell it on to unscrupulous marketeers. It is about massive corporations that want to be free to pillage my life for their profits, and there is always an idiot falling for their 'but think of the poor small businessmen' shtick.
  I think it was a pipe dream to think that GDPR would cause big corps to change how they do business in the US. It's clearly too profitable to let go of that sweet precious data.
  However, if there were such a small shop that inadervtently took customers (and their personal info for shipping or order fulfillment) from EU and then got a GDPR request (perhaps automated by some legal-bot), they might be best positioned to just avoid those customers in the first place.
  
  --
  Make sure everyone's vote counts: Verified Voting
11. Re:Nothing "new" here by ScentCone · 2018-05-07 04:20 · Score: 2, Insightful
  
  Tell me, what of my personal data beyond billing and shipping data for my most recent order would a Mom and Pop shop need?
  So, a smaller company shouldn't be able to retain any information about which of their modest advertising expenditures resulted in which sales, and which search engine terms produced the traffic that led to the specific transactions that allow them to actually stay in business? The company's got no interest in retaining information when a customer or prospective customer uses a contact form to ask a question, or a chat tool to provide some guidance on a product? A business could easily do a million dollars worth of sales as year and still have nowhere near the budget to build all of tools the EU insists that the web site provide to anyone who's visited the web site.
  
  This is the usual right-wing talking point about 'onerous regulation' and it is bullshit.
  No, this is another person who's clearly never actually run a business spouting off out of ignorance, and deciding to throw a little bit of the usual vitriolic, unhinged politics in just because they can't say or do anything without dishing out some of that poison no matter what they're talking about.
  
  It is about massive corporations
  If it were, it would only apply to them. But it doesn't, which you know. So stop lying.
  
  This is about yet more leftist muscle-flexing from the land of we-still-haven't-figured-out-that-the-Nanny-State-crushes-people seeking to make every small business give up and turn all of their operations over to giant corporations that can be better micromanaged by EU bureaucrats who specialize in nest-feathering and empire building to preserve their non-productive careers.
  
  there is always an idiot falling for their 'but think of the poor small businessmen' shtick
  Yup, definitely someone who has exactly zero experience running a business. Even a mid-size one with dozens of employees. Please take your ignorance and spite into account and make you don't do anything dangerous to other people. Like, say, voting. You're not equipped for it by knowledge or disposition.
  
  --
  Don't disappoint your bird dog. Go to the range.
12. Re: Nothing "new" here by Anonymous Coward · 2018-05-07 04:25 · Score: 2, Insightful
  
  Simple as this, then. If I don't do business with Europe right now, I don't want to spend even a microsecond caring what their regulations say. Since the EU has announced that I must spend a microSD slot or more thinking about it or I could literally be sued into usury, I will find the cheapest and easiest way to deal with that.
  I will block the EU entirely. Seems cheaper and easier than even reading their document. After all, I need to be paid 15 dollars an hour to survive. And I bet their documents cost more than 30 minutes of my time.
  See, simple as that.
  Enjoy your circle jerk.
Seems like the right reasons to me by ranton · 2018-05-07 02:48 · Score: 2, Insightful

A new service called GDPR Shield made the rounds last week and for all the wrong reasons. The service, advertised as a piece of JavaScript that webmasters embed on their sites, blocks EU-based users from accessing a website, just so the parent company won't have to deal with GDPR compliance.

This is just the type of service you would hope exists to make sure citizens can decide what levels of privacy they want and companies can decide what level of privacy they are willing to provide. For some time now we will see many stories of companies improving their privacy, companies pulling out of the EU market, and companies being fined by the EU. All are good and expected outcomes of rules such as the GDPR.

--
-- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
1. Re:Seems like the right reasons to me by Archangel+Michael · 2018-05-07 03:24 · Score: 2, Insightful
  
  They aren't all "good and expected outcomes". Good being subjective. Being fined into oblivion for being on the web by an entity that you have never had interaction with, should be problematic for everyone.
  Compliance within tyranny is always "expected", and rarely all that "good".
  I run a website with worldwide audience. I've also never been to Europe. Tell me why I should comply or face fines to a jurisdiction I've never been to?
  No, there is nothing good about any of this, even if the goal is admirable.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
2. Re:Seems like the right reasons to me by ranton · 2018-05-07 03:35 · Score: 3, Insightful
  
  I run a website with worldwide audience. I've also never been to Europe. Tell me why I should comply or face fines to a jurisdiction I've never been to?
  You are servicing their citizens while they reside in their country, so you should follow their laws. Just because the Internet makes it so easy to reach those customers doesn't mean you should be able to ignore their laws.
  
  --
  -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
3. Re:Seems like the right reasons to me by DarkOx · 2018-05-07 03:49 · Score: 1, Insightful
  
  yea keep telling yourself that story. Lets say you do decided hey I don't have any EU presence, I'll just ignore this issue. Some EU citizen access your site and complains you violated some GDPR provision. Now the EU fines you. You decided to tell them to politely stick their judgement where the sun don't shine.
  All is well until you realize your bank does business in the EU and they demand they freeze your accounts etc. No this BS and our government needs to step up to plate and take steps to protect US citizens and US companies from EU bullying. I would suggest enacting harsh trade penalties on EU companies and travel sanctions against EU leadership if they attempt to enforce digital legislation over seas.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
4. Re:Seems like the right reasons to me by Archangel+Michael · 2018-05-07 04:10 · Score: 3, Insightful
  
  Okay, so what you're saying is that in a world wide economics, I have to comply with often mutually excusive rules and laws. I must do this in this jurisdiction, and I am forbidden to do the same thing in another. Good one.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Re:EU needs to be careful... by religionofpeas · 2018-05-07 03:00 · Score: 5, Insightful

As a EU resident, I don't mind if companies are choosing to block EU if they can't comply with privacy rules. I'd rather not do business with those companies.
Re:GDPR will fragment the internet by JaredOfEuropa · 2018-05-07 03:05 · Score: 3, Insightful

It depends on how onerous the GDPR really is. The biggest one is the requirement to have a Data Protection Officer, but this is required "only for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences." For the rest it is pretty basic stuff: you need to be aware of the rules, and prepared to take action e.g. in case of a data leak. A lot of it really is common sense stuff, that is if you're a conscientious operator.

The big companies will have no trouble complying, paying lip service or working around the rules. The smaller companies might at first decide to forget about Europe. This happened with a couple of smaller service providers when the EU VAT rules were changed: I got a few notices that such-and-such company was no longer able to provide their service in Europe. However they probably looked at the amount of business they were getting from Europe, had another look at the rules and found them not that hard to comply with, and removed the block.

--
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Brilliant idea by gurps_npc · 2018-05-07 03:17 · Score: 4, Insightful

If you don't want to have to deal with the laws of a certain country, should have the right to not do business inside that country.
Of course, that leaves a big underserved market. In less than 4 years someone will come along and serve them, while abiding by the laws they hate.
Which could very well lead to those companies losing world wide market share as those new, privacy conscience companies expand out of their underserved market into the general world wide marketplace.
As for the laws they are trying to avoid? We need them in our country.

--
excitingthingstodo.blogspot.com
Re:EU needs to be careful... by Immerman · 2018-05-07 03:30 · Score: 3, Insightful

If the short-bus version actually respects people's privacy instead of spying on visitors, then maybe we need more short buses.

--
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Re:Let me correct some details on the GDPR by HornWumpus · 2018-05-07 03:50 · Score: 1, Insightful

What would you say to an American cop that wanted to search your EU located servers based on American laws?
That's the same answer the EUcrats will get.

--
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'