[iamtew]

Is the article available to Europeans somewhere? All I'm getting is a message with this:

> Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.

On the other hand, I'm wondering how much I want to read an article from a website where they must track me to when I just want to read something...

[amyjess]

archive.is is your friend.

http://archive.is/http://www.latimes.com/local/lanow/la-me-l...

[izacus]

I'd suggest flagging all articles posted here that prevent EU access. The content writers kinda have a right to deny you access, but we don't need to drive traffic in direction of those that refuse to handle your privacy well.

[reacharavindh]

Same here. If nothing, GDPR at least brings awareness to the general public about the level of unnecessary tracking that all these websites do.

[blocked_again]

Turns out https://news.ycombinator.com/item?id=17154971 was not a joke.

[TangoTrotFox]

It's also quite disconcerting to consider the implications of this. Since we 'opt in' to the articles we click on, tracking what individuals read and then building a profile based off of that would be quite informative, and quite invasive.

And then sharing, trading (to expand the profile), and selling it to other companies? Really nasty stuff.

[iamtew]

That's exactly why the GDPR is put in place, to give users transparency and force website to ask the users consent before tracking.

You'll see some sites have quite an extensive menu of opting in to various tracking etc. For example Engadget or TechCrunch have a popup asking you to give consent, or not, before using the website. This is how it should be done.

Then there's other websites that shows you all it's tracking and ask you to just accept, there's no option to refuse, which is against GDPR, as implied consent is no longer valid.

And then you'll have websites like latimes that just goes "fuck it, we'll just block 500 million people in EU instead!"

[mirimir]

Perhaps some major players in the programmatic ad clusterfuck have just thrown their hands up over GDPR.

[jijojv]

> Is the article available to Europeans somewhere

https://www.google.com/search?q=Tesla+in+Autopilot+mode+cras...

[lagadu]

Really goes to show how what they do with the reader's data that they collect is actually shady to the point of illegality in large swathes of the world.

[vsl]

What it really shows is that they have so little EU-originating readers/income that it doesn’t make economical sense spend thousands of dollars on evaluating compliance. And yes, the law is poorly written that even parsing it is a non trivial cost, particularly if you are a risk-averse organization.

It may mean they are doing obscene tracking too, but you are making ideological assumption if that’s your only hypothesis.

[sireat]

Exactly, while I have access to VPN and other means of bypassing the block, I have no intention of supporting such lackadaisical solutions to our privacy.

[sschueller]

This is so stupid, they are still infracting on European Citizens that just happen to not be in Europe. For example I can get to the page but I am in Switzerland which is not part of the EU yet smack in the middle of Europe.

[lagadu]

The GDPR's scope is EU (or EEA, I can't recall) residents in EU territories, it has no provisions at all for EU citizens who reside outside the territory.

[ggus]

I'm in San Marino, I can read the page, and San Marino is not EU but it is in the scope of the GDPR law.

[austenallred]

How do you propose they determine that you’re a part of the EU if not by IP address and if they can’t track members of the EU?

[DanBC]

The point is that they're i) blocking people who aren't covered by GDPR. ii) not actually exempting themselves from GDPR because they still have all the data from EU residents from before the blocking.

Blocking EU residents as a GDPR protection is dumb.

[pavelludiq]

I'm in the EU, but since I'm looking at it from a work computer, and I guess our network exits in the US, I can see the article, so they are in breach of GDPR even with their stupid block.

[dogma1138]

No they aren’t the fact that you can bypass their restrictions does not matter it’s the intent that does.

[pavelludiq]

Still, using ip addresses to try to determine where a request is originating from is not a good idea. I'm also not intending to bypass a block, I just happen to be in a network right now that that doesn't have a public ip in the EU, I'm using the internet as intended, the fact that ips sometimes correspond to geography is mostly accidental.

[dogma1138]

It doesn’t violate GDPR you do not need conscent for this level of profiling.

And again using or not using the internet as intended isn’t the issue here but rather if they intend to provide services to the EU or not a message saying EU users should leave in the same manner as age conscent is verified is technically sufficient to indicate that you do not provide service to EU residents, geoblocking the IP also sufficient even if it’s not perfect.

[nmjohn]

> Still, using ip addresses to try to determine where a request is originating from is not a good idea

How else should they do it? I concede it is not foolproof nor ideal - but for websites which you've not provided your location to yourself, how is it possible for them to determine whether or not you are in Europe?

[dogma1138]

You are allowed to use it and even keep it without consent if anything the GDPR wants to separate consent from data processing. https://eugdprcompliant.com/personal-data/

You can maintain the records of an IP address (as well as other PII) for business needs e.g. security or to enforce other requirements such as geoblocking even without explicit consent of the user it's all about why you and what do you with it which is why legal/lawful grounds exist.

https://ico.org.uk/for-organisations/guide-to-the-general-da...

Also for the most part if you do not have a lawful basis for collecting or processing PII consent is not a sufficient reason to so.