The New Gatekeepers

Four days into GDPR, US publishers are starting to feel the effects

May 29, 2018

For something that has been in the works for more than two years, the EU’s General Data Protection Regulation seemed to take at least some people by surprise when it went into effect May 25th—including more than a few publishers. And some warn the long-term effects of the regulations could be severe: Ad exchanges used by many news sites reportedly saw an immediate drop in demand of between 25 and 40 percent, and many believe this could help increase the dominance of platforms like Google and Facebook, since they are better prepared for the data-handling rules and have deeper pockets.

When the new rules on how to handle user information went into effect, a number of news sites responded by simply shutting off access to anyone who appeared to be coming from a European address, and for many that continued to be the case right through the Memorial Day weekend.

As of Monday, for example, several of the papers belonging to the tronc chain—including the Los Angeles Times and Chicago Tribune—were still showing EU visitors a message saying: “Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.”

This response has drawn criticism from European regulators, who clearly thought they provided more than enough notice for publishers to conform with the new rules. In an email to Bloomberg about some of the US sites that were blocking European users by default, Andrea Jelinek—the head of the EU’s Data Protection Board, which is in charge of administering the GDPR—said the new rules “didn’t just fall from heaven. Everyone had plenty of time to prepare.”

Sign up for CJR's daily email

Other news sites such as USA Today’s responded to the new rules—under which multi-million-dollar fines can be issued for improper use of data—by removing some or all of the ad-related software that harvests information from users and tracks their behavior. According to one web engineer, the US version of the USA Today site was 5.5 megabytes in size and included more than 800 ad-related requests for information involving 188 different domains. The EU version was less than half a megabyte in size and contained no third-party content at all, meaning it not only didn’t track as much data but also loaded much faster.

While that may be good news for actual users, however, the long-term picture post-GDPR may not be good for publishers who rely on all of those irritating ad-related tracking systems for revenue.

Mathew Ingram is CJR’s chief digital writer. Previously, he was a senior writer with Fortune magazine. He has written about the intersection between media and technology since the earliest days of the commercial internet. His writing has been published in the Washington Post and the Financial Times as well as by Reuters and Bloomberg.