US-Based Instapaper Cuts Off Access in Europe in Order to Fix GDPR Compliance
If you thought the GDPR didn’t apply to you because you weren’t in Europe, think again. Techcunch and other sites are reporting that Instapaper, which is owned by Pinterest and based in San Francisco, is temporarily cutting off users in the EU so that the company can develop new policies and procedures to comply with GDPR, the EU’s new privacy regulation.
Here’s Instapaper’s announcement:
Starting tomorrow May 24, 2018, access to the Instapaper service will be temporarily unavailable for residents in Europe as we continue to make changes in light of the General Data Protection Regulation (GDPR), which goes into effect May 25, 2018. We apologize for any inconvenience, and we intend to restore access as soon as possible.
If you have any questions about your account, would like us to generate an export of your saves, or want to check in on our progress, please let us know at [email protected]. We look forward to having the same Instapaper service you know and love accessible in Europe in the very near future. Thanks for your patience.
The new regulations take effect tomorrow. No one knows why Instapaper took such an extreme step, but they are not the only one. Over on Twitter I read about one company that disabled features on its smart lightbulbs because its tech violated GDPR rules, and there are several reports of companies that have found the cost of compliance to be so high that they’d rather abandon the EU as a market – or even worse, they are shutting down completely.
Instapaper is most likely withdrawing from the EU because of the GDPR requirements on storing and accessing user data. Users have the right under the GDPR to request the data a company has on them, and if the company doesn’t comply that means huge fines.
Instapaper has probably found that they cannot comply with the new rules by tomorrow, when they take effect, and so it has no other option than to temporarily cut off users.
Comments
Russell Phillips May 24, 2018 um 6:45 pm
But that nice Mr Umstattd said that US companies don’t need to worry about GDPR 😉
Joking aside, I’m a (light) Instapaper user. I’m also paranoid, so I have local copies of everything I’d saved on Instapaper. It’s slightly annoying, but it’d be much more annoying if I didn’t have local copies.
Nate Hoffelder May 24, 2018 um 9:33 pm
hehehe
Allen F May 24, 2018 um 8:11 pm
This is why just making up new rules/laws works so well, the rule makers never consider what/who else the rule/law may affect and how.
Me, I’m waiting for tomorrow to see which companies big and small decided to just have a blank webpage waiting when the EU wakes up in the morning. (Though I’m sure nothing of value will be lost. 😉 )
Nate Hoffelder May 24, 2018 um 9:33 pm
they didn’t just make it up – this rule has been in the works for years
it was actually announced back in 2016:
https://gdpr.city/gdpr-regulation-eu-2016679/
Olivier May 25, 2018 um 8:41 am
Exactly. I remember when the new EU VAT rules went into effect you were scathing with those like Patreon who were not ready despite having had years to prepare. Why the sudden sympathy for GDPR stragglers?
Nate Hoffelder May 25, 2018 um 8:47 am
I was scathing because the last second screaming that followed a couple years of ignoring the issue pissed me off.
Allen F May 25, 2018 um 2:49 pm
"Users have the right under the GDPR to request the data a company has on them, and if the company doesn’t comply that means huge fines."
I wonder how many companies can’t afford the man-hours involved if every EU user demands to know what the company has on them?
This is another case where something written to tie down the big/bad companies can actually hurt/kill off the smaller ones.
For added fun, my name is not my email address, what legal fun happens if I ask/am giving info on someone else?
Hannah Steenbock May 28, 2018 um 4:51 am
I run my blogs on WordPress, and they have added a function where I can check the data kept for each user, in case of a query.
I really doubt it’ll cost a lot of man-hours if handled correctly. I mean, it really isn’t much more than a database query, right?
Ana May 28, 2018 um 6:22 pm
Yes,you run blogs, so it’s a database query for you, try running a company with different applications managing different aspects of your business, some of them outsourced to other companies: You accept credit cards for payments? Then you are collecting personal information information of your clients, PayPal? Are you using an Excel sheet to keep track of the hours you expend doing some work for your clients or do you need a more complex solution to keep track of your bills? What is your backup policy? And so on…
Nate Hoffelder May 30, 2018 um 4:57 pm
@ Ana
That, and judging by the tome of her comment Hannah is almost certainly missing about 75% of the required compliance. I know what is required (it’s a long list) and I also know there’s no way anyone could be blase about it.
Kaz Augustin May 28, 2018 um 10:17 pm
Oh good grief, stop getting hysterical about this, Ana. Paypal is completely transparent to the end-user. We don’t even know which/what credit card a customer uses, so saying that we need to retain information we don’t even receive (except for an email address, item bought and timestamp, which is on the email Paypal sends us) is scaremongering at its finest. As for the number of hours doing work for a client, well if you’re not already doing that as part of a freelance business to forward to both your client and accountant, you don’t deserve to be in business.
Hannah, you’re right. If it’s in the database at the time of query then you forward the information to the user…if your data is granular enough to separate each user (e.g. if they’re subscribers). I get anonymised metrics that only identify the country of a visitor, which is easy enough to spoof via VPN. All the data that uniquely identifies a person is only via my email newsletter.
Kaz Augustin May 25, 2018 um 7:34 am
Exactly. Companies have had TWO YEARS to comply. And besides, they actually don’t have to do anything, they just have to declare that they’re working on a policy to cover the regs. That’s good enough.
Could this be because:
(a) Americans can’t comprehend legal documents anymore
(b) Big companies are peopled by lazy asses
(c) Companies are using this as a way to hit back at the EU *daring* to safeguard people’s privacy
(d) All of the above
PS We have ours on our site. It’s not that damned difficult.
Ana May 25, 2018 um 9:36 am
a) You only have to read all the posts in European countries to generalize it all to people, not just Americans
b) And a lot of European medium/small companies, waiting just for an auditor to see how to comply.
c) There’s no privacy, GDPR is just a lot of bureaucrats justifying why they are overpaid.
Mark Williams – The New Publishing Standard May 25, 2018 um 7:50 am
GDPR is like Christmas. We all know exactly when it’s coming, but we still run about like headless chickens on Christmas Eve afternoon, caught totally unawares.
Quite honestly, if Instapaper can fix this after it being "temporarily unavailable" it could have fixed this any time in the past two years.
Bye, bye Instapaper.