GDPR forgive us, it's been one month since you were enforced…
… and we still aren’t accepting EU users
A month after the enforcement date of the General Data Protection Regulation – a law that businesses had two years to prepare for – many websites are still locking out users in the European Union as a method of compliance.
To celebrate the milestone, El Reg is casting a vulture's eye over the sites that are giving a new meaning to the phrase "barrier protection".
Among the sites that Reg readers have moaned to us about are talk show podcast DrLaura.com, vintage clothes outlet ModCloth and American sports shop Dick's Sporting Goods.
Another retailer that failed to get its house in order is posh homeware store Pottery Barn, whose notice says that "due to technical challenges caused by new regulations in Europe" it can't accept orders from the EU.
"The pace of global regulations is hard to predict," the shop complains about the legislation, which was adopted on 14 April 2016. "But we have the ultimate goal of being able to offer our products everywhere."
There are also a whole host of local media outlets that are shying away from dealing with the matter, including Narcity, Fredericksburg, The Advocate and the Hutchinson Leader. No doubt some smaller outfits lack the resources to justify serving what's likely to be a small number of readers in the bloc.
Less understandable – though not vastly unsurprising – is the news that major US publisher Tronc, which owns a number of the US's top-selling outlets such as The LA Times, the Chicago Tribune and the New York Daily News, remains blocked for those on the wrong side of the Pond.
Although its redirect message still states that the firm is "engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market", the blocking might hint that its efforts either haven't been in earnest or the firm isn't that bothered about EU readers (we asked the publisher for a progress update but are yet to receive a response).
Similarly, Instapaper and Unroll.me have yet to restore EU access to their services.
However, if you were thinking that compliance should be simple, there's plenty of evidence to the contrary – a great example being Forbes, which manages to make tracking-free access to its site so difficult you'd be forgiven for giving up.
Forbes’ GDPR opt-out is one of the darkest design patterns I have seen in a while pic.twitter.com/QEH7Ms44nu— Thijs Niks (in AMS 🇳🇱) (@ThijsNiks) June 14, 2018
Once users click the (much less prominent) button to change their preferences, they're offered a set of clear, granular options for cookies. However, those who choose "required cookies" only are faced with a wait while Forbes tries to handle your request – which some report can last for days...
It appears that @Forbes just deactivates their site for people who opt out of advertising cookies. I tried all the possible privacy settings, waited for days, and then the only working option is when you allow really shady characters to spy on you. "Thanks." pic.twitter.com/wBIAxmNis7— Georg Hekt (@GeorgHekt) June 20, 2018
Other sites, meanwhile, have taken an altogether different approach, running separate versions that are stripped of tracking – and thus actually allow people quicker access.
Because of #GDPR, USA Today decided to run a separate version of their website for EU users, which has all the tracking scripts and ads removed. The site seemed very fast, so I did a performance audit. How fast the internet could be without all the junk! 🙄— Marcel Freinbichler (@fr3ino) May 26, 2018
5.2MB → 500KB pic.twitter.com/xwSqqsQR3s
Outside of traditional publishing, Twitter also ran into hot water thanks to over-eager attempts to comply with rules in the GDPR that say kids must be 13 in order to be able to consent to using online services.
While trying to lock down the site, it also ended up automatically locking out people who were under 13 when they set up their account – regardless of how old they are now. The biz said earlier this month that it was working to fix the problem and restore those users' access.
Perhaps the best of all the GDPR fails, however, is the person who claimed it had caused him to get locked out of his hotel room.
Hey geek friends! I've been locked out of my hotel room. Genuine reason: GDPR update on the door system. I'm locked out by GDPR, for real.— Alex Hudson (@ealexhudson) May 22, 2018
Are there any sites you used to rely on but now can't access? Let us know. ®
Sponsored: Becoming a Pragmatic Security Leader