[hobbe80]

Problem is - a shutdown doesn't really make any difference. Dropping the data would make a difference, but just shutting down access could potentially (very unlikely though) mean additional infractions - the customers' requests for data access, corrections, removals etc. still need to be handled, and this could be seen as an attempt to skirt those rights.

[donarb]

I would say that a shutdown essentially freezes the data and prevents it from being used internally, hacked, misused, disseminated, etc. For all intents and purposes, at the moment it doesn't exist. Once they believe they are back in compliance with the law, it will be "unfrozen" and users will be able to retrieve their data or opt-out completely by cancelling their accounts.

And who's to say that Instapaper did not contact the authorities and discuss a plan such as this to mitigate the problem temporarily?

[chopin]

> And who's to say that Instapaper did not contact the authorities and discuss a plan such as this to mitigate the problem temporarily?

If that's the case, why can't they simply tell this?

I side with the GP: Preventing access doesn't absolve you from complying with the law.

[taysic]

Does GDPR make it illegal to shut a site down for a period of time? While they are shut down, what could be noticeable that they are not complying with?

[kungtotte]

GDPR doesn't care about your site, it cares about user data.

The big thing with shutting the site down is it might make it impossible for users to request information about their data and/or request to have it deleted. That would violate the GDPR and could land the site in trouble.