GDPR victims: who has already stopped working due to new regulation of personal data
The European General Data Protection Regulation came into force two months ago. While the IT sector is thinking about the future of large information giants , changes are already taking place at a lower level: many companies have closed, others are trying to adapt.
/ photo SounderBruce CC
The goal of the GDPR is to tighten control over the processing of users' personal data. Therefore, new legislation imposes a large number of requirements on companies. And although this should bring benefits to the IT sector in the long term (as issues related to the regulation of this sphere will become more transparent), now innovations are costly for some companies. And not everyone was able to resolve this issue.
So, before introducing the GDPR, a series of online games announced the termination of work. For example, Super Monday Night Combat and Loadout .
The active development period of Loadout, launched in 2012, has long ended. However, to meet the new requirements of the GDPR, the project team would have to invest significant resources in the development: go through the client, update databases and servers. According to Rob Cohen's Loadout CEO (Rob Cohen), it wasn't worth it. Most of the Loadout players are from the EU, so there was no reason to expect that the project would survive without them.
For the same reason, Super Monday Night Combat, also released in 2012, closed. According to its creators, the budget required to redesign the project in accordance with the requirements of the GDPR exceeds the budget allocated for a six-year game .
In addition to computer games, "under attack" were services that involve the storage of personal data in distributed registries. For example, the PICOPS biographical data verification service has closed.. In fact, he “linked” the identity of the person with the address in the Ethereum-blockchain. According to the creators, the service enjoyed tremendous success, but it was impossible to preserve all its functions that made it useful, and at the same time fulfill all the requirements of GDPR.
And this is not the only product working with blockchain and closed due to the introduction of the new law. Also, the CoinTouch service , which allowed searching for friends of friends to exchange a crypt, stopped working .
There is still an alternative to a complete cessation of service or game activity - you can turn off European servers or block access for residents of the European Union, while continuing to work for the rest of the world.
And although for a number of projects this was not an option (the same Loadout), there were also those who took such a step. For example, gamers from Europe lost the opportunity to play Ragnarok Online : the company closed European servers and restricted access by IP.
/ photo by Tony Webster CC Some American media outlets that receive traffic from Europe have
also resorted to IP blocking . Blocked access to their sites from the European IP Los Angeles Times and the Chicago Tribune. However, such methods are criticized by the community.
This decision has obvious reputational risks and means the loss of a part of the audience. Moreover, in the opinion of some users, such a decision is an involuntary admission of guilt in the unlawful processing of user APs.
But there are less obvious consequences. Thus, the European advertising exchanges, which place online advertising using programmatic technology , have suffered from the introduction of GDPR . May 25 (the date of entry into force of the GDPR) advertising volumes collapsed: the decline was from 25 to 40% between different companies.
The problem is that the organizations selling advertisements could not guarantee the compliance of distribution partners with the new requirements. Google also advised advertisers not to buy placements from third-party resources through their services and limit themselves to Google inventory.
USA Today retained access for European users to the site, but removed all advertising from there. The New York Times temporarily did not display ads through programmatic in Europe.
A month later, advertising volumes began to gradually recover , but according to various industry estimates, many advertisers still spend 30% less money than before May 25.
This may have long-term implications for the advertising market. So, some publishers simply didn’t have the technological capabilities to get users to agree to display targeted ads. This will potentially lead to a drop in the profits of publishers and a reduction in the number of sites where advertisers can buy advertising.
The site, where they keep records of the "victims" of the GDPR , is now about 20 titles. Some services have closed completely, some have blocked access from European IP.
Interestingly, even the largest IT-companies were forced to make reductions: for example, Twitter closed its applications for Roku, Android TV and Xbox.
However, the case with advertising exchanges shows that the influence of the GDPR was even wider than one could think: it is not only about closing or restricting the operation of some services, but about global changes in the practices of disseminating and consuming information on the Internet.
PS Several materials from the First Corporate IaaS blog:
The main direction of our activity is the provision of cloud services:
Virtual Infrastructure (IaaS) | PCI DSS Hosting | Cloud FZ-152 | Rent 1C in the cloud
/ photo SounderBruce CC
The price is too high
The goal of the GDPR is to tighten control over the processing of users' personal data. Therefore, new legislation imposes a large number of requirements on companies. And although this should bring benefits to the IT sector in the long term (as issues related to the regulation of this sphere will become more transparent), now innovations are costly for some companies. And not everyone was able to resolve this issue.
So, before introducing the GDPR, a series of online games announced the termination of work. For example, Super Monday Night Combat and Loadout .
The active development period of Loadout, launched in 2012, has long ended. However, to meet the new requirements of the GDPR, the project team would have to invest significant resources in the development: go through the client, update databases and servers. According to Rob Cohen's Loadout CEO (Rob Cohen), it wasn't worth it. Most of the Loadout players are from the EU, so there was no reason to expect that the project would survive without them.
For the same reason, Super Monday Night Combat, also released in 2012, closed. According to its creators, the budget required to redesign the project in accordance with the requirements of the GDPR exceeds the budget allocated for a six-year game .
In addition to computer games, "under attack" were services that involve the storage of personal data in distributed registries. For example, the PICOPS biographical data verification service has closed.. In fact, he “linked” the identity of the person with the address in the Ethereum-blockchain. According to the creators, the service enjoyed tremendous success, but it was impossible to preserve all its functions that made it useful, and at the same time fulfill all the requirements of GDPR.
And this is not the only product working with blockchain and closed due to the introduction of the new law. Also, the CoinTouch service , which allowed searching for friends of friends to exchange a crypt, stopped working .
Temporary (?) Measures
There is still an alternative to a complete cessation of service or game activity - you can turn off European servers or block access for residents of the European Union, while continuing to work for the rest of the world.
And although for a number of projects this was not an option (the same Loadout), there were also those who took such a step. For example, gamers from Europe lost the opportunity to play Ragnarok Online : the company closed European servers and restricted access by IP.
/ photo by Tony Webster CC Some American media outlets that receive traffic from Europe have
also resorted to IP blocking . Blocked access to their sites from the European IP Los Angeles Times and the Chicago Tribune. However, such methods are criticized by the community.
This decision has obvious reputational risks and means the loss of a part of the audience. Moreover, in the opinion of some users, such a decision is an involuntary admission of guilt in the unlawful processing of user APs.
Drop in advertising volumes
But there are less obvious consequences. Thus, the European advertising exchanges, which place online advertising using programmatic technology , have suffered from the introduction of GDPR . May 25 (the date of entry into force of the GDPR) advertising volumes collapsed: the decline was from 25 to 40% between different companies.
The problem is that the organizations selling advertisements could not guarantee the compliance of distribution partners with the new requirements. Google also advised advertisers not to buy placements from third-party resources through their services and limit themselves to Google inventory.
USA Today retained access for European users to the site, but removed all advertising from there. The New York Times temporarily did not display ads through programmatic in Europe.
A month later, advertising volumes began to gradually recover , but according to various industry estimates, many advertisers still spend 30% less money than before May 25.
This may have long-term implications for the advertising market. So, some publishers simply didn’t have the technological capabilities to get users to agree to display targeted ads. This will potentially lead to a drop in the profits of publishers and a reduction in the number of sites where advertisers can buy advertising.
The site, where they keep records of the "victims" of the GDPR , is now about 20 titles. Some services have closed completely, some have blocked access from European IP.
Interestingly, even the largest IT-companies were forced to make reductions: for example, Twitter closed its applications for Roku, Android TV and Xbox.
However, the case with advertising exchanges shows that the influence of the GDPR was even wider than one could think: it is not only about closing or restricting the operation of some services, but about global changes in the practices of disseminating and consuming information on the Internet.
PS Several materials from the First Corporate IaaS blog:
- PD in the cloud: areas of responsibility of the customer and the cloud provider
- How to handle PD in the cloud
- What to consider PD from the point of view of the Russian regulator
The main direction of our activity is the provision of cloud services:
Virtual Infrastructure (IaaS) | PCI DSS Hosting | Cloud FZ-152 | Rent 1C in the cloud