Following the implementation of the EU’s General Data Protection Regulation (GDPR) on May 25th, 2018, some major US-based, Tronc-owned online publications became inaccessible in the EU. These websites include the Chicago Tribune and Los Angeles Times, among others. Briefly, GDPR requires organizations to get explicit consent from customers in order to use their data, and organizations that violate the regulation risk a fine of up to 20 million euros, or 4 percent of gross annual turnover, whichever is more.
The Tronc-owned websites that have been blocked in the UK display the following message if you try to access them from within the EU:
Other major publications that have been blocked in the region include the Star and Arizona Daily Sun papers, which are owned by Lee Enterprises. A slight variation of the message above is displayed on the Lee Enterprises website, and others owned by its subsidiaries: "We recognize you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore cannot grant you access at the time."
Websites managed by A+E Networks, such as FYI and History.com, have also been blocked and display the message, “This content is not available in your area.” However, other major websites, including the New York Times and Washington Post, have not been affected while others (e.g., Engadget, the Huffington Post, and TechCrunch) display a message asking visitors to the website to provide consent.
At this point, you might still be wondering what exactly GDPR is and how it affects your online business, or you as an individual. In this article, we take a closer look at the regulation and its impact on businesses and individuals. We also tell you what action you need to take to not only unblock the US-based media websites if you live in the EU, but also how to get GDPR-level data protection if you live outside the EU.
Here’s what you need to know about the new regulation
A brief background
The European Commission put in place planned to implement data protection reforms in the EU in 2012 and agreed on the strategy nearly four years later.
Among the main aspects of the strategy was enforcing the General Data Protection Regulation, which applies to organizations in the EU. However, the regulation has important implications for individuals and organizations outside the region.
The primary purpose of GDPR is to provide people in the EU with better control over their personal data. Under pre-GDPR laws, the definition of personal data was limited to name, email address, and photos. The new regulation extended the definition to include IP addresses and sensitive information, such as biometric and genetic data, which are unique to individuals.
At its core, the regulation seeks to create a digital economy in which individuals and organizations find it easy to operate in a way that reflects respect for private customer data. The online business environment has changed. And, as a result, the regulation is aimed at creating new obligations and laws around privacy and consent with respect to personal data.
In the Internet-connected world we currently live in, personal data affects nearly all aspects of our day-to-day lives. Nearly every product or service we use—from governments, retailers, banks, social media, etc.—involves our personal data (name, address, email, financial information, etc.) being gathered, stored, and analyzed by the organizations that offer the service.
Private data gets stolen, lost, or finds its way into the hands of the wrong people. With GDPR, organizations are required to collect data under strict legal conditions, ensure it is not exploited, and respect the rights of those who own the data. Failure to do so would attract heavy penalties.
People and organizations affected by GDPR
The regulation applies to EU-based organizations and non-EU-based organizations that offer products and services to EU-based customers. That means that nearly all global corporations are affected and therefore need to come up with a strategy for complying with the regulation.
More specifically, the regulation applies to two types of data-handlers: processors and controllers. According to an Article of GDPR, controllers are entities that determine the “purpose and means of processing of personal data” whereas processors are entities that process personal data “on behalf of the controller.” Organizations subject to the UK Data Protection Act are likely required to comply with GDPR.
In the event of a breach, the brunt of the legal liability is on processors because they are responsible for maintaining and processing personal data. Controllers are only required to ensure that all their contracts with processors are GDPR-compliant.
What GDPR means for EU-based customers
Your personal data has probably been exposed online as a result of the numerous hacks and data breaches that have happened throughout the years. That data includes your email addresses, login details, confidential health records, social security numbers, etc.
GDPR requires organizations to inform their customers and relevant national bodies as soon as there’s been a breach of the customers’ private data so that appropriate measures can be taken to ensure the data is not abused. The regulation also requires organizations to give customers access to their data and to clearly detail how the information is used.
Some organizations have already taken the appropriate steps to comply with GDPR by sending customers emails detailing how their data is used and giving them the option of easily opting out by not consenting to be part of the organization’s database. Meanwhile, in some sectors, GDPR will involve a lot more than sending out these emails to customers.
Be wary of scam emails
You’ve probably received emails from all manners of organizations asking you to opt into their data to keep receiving marketing material and other messages. In most cases, if you want to keep receiving emails from the organization, you need only click the part of their email that asks you if you want to stay in touch.
However, with people receiving so many emails from organizations right now, scammers and criminals can take advantage of the situation and send out phishing emails. For that reason, cybersecurity experts advise people to take caution when interacting with such emails.
Unblocking US-based media websites if you live in the EU
Here are a few easy steps to unblock the Chicago Tribune, Los Angeles Times, Arizona Daily Sun and other blocked US-based media websites if you’re an EU citizen.
- Subscribe to a VPN service. To identify the best VPN websites, read our reviews of the best VPN services to use in 2018.
- After subscribing, download the appropriate VPN app or client for the device you are using. All the VPNs in our reviews of the best VPN services allow you to use the service on three or more devices, meaning you can access the media websites on your phone, tablet, and desktop.
- After downloading the VPN software, follow the installation instructions, which are typically quick and easy no matter what device you’re using.
- After installing the VPN, head to the settings and select a server in the US.
- Having selected a server in the US, open the browser on your device and navigate to The Chicago Tribune or any other major US-based publication of your choice and enjoy the content.
Getting the same level of privacy enjoyed under GDPR outside the EU
If you live outside the EU, you’re not covered by GDPR because organizations are under no legal obligation to respect your privacy. The same goes if you’re an EU citizen and you move or even briefly travel outside the region. Since these organizations can determine your location using your IP address, you need to use a VPN that changes your IP address to make it seem like your device is within the EU.
If you know little to nothing about VPNs, using this technology may sound like a daunting task. However, setting up a VPN is easy once you take a little time to learn about the technology. Moreover, leading VPN providers provide their users with intuitive VPN apps and desktop clients that are easy to operate. Most providers have an app or a client for all the major device platforms: Windows, MacOS, Linux, Android, and iOS.
In addition to familiarizing yourself with how VPN technology works in order to make the best use of it, learning the ins and outs of this privacy and security tool will enable you to determine which features best cater to your personal needs and, by extension, which VPN provider offers a package that suits you best.
To make the task of identifying the best VPN for you easier, our team of experts here at VPN Base have researched and tested numerous VPN services under various circumstances and have written reviews that offer a breakdown of the most suitable VPN based on your needs, whether you want to use it for accessing restricted media websites, playing online multiplayer games, or streaming your favorite shows on Geo-restricted streaming services, such as Netflix.