Services blocking users from the EU to “comply” with GDPR is just saying don’t trust us

On Twitter a nice thread of services blocking EU users so they can “comply” with GDPR (General Data Protection Regulation) so that they don’t need to change how they manage and keep data. This may work for them but it also shows users in other markets that the sites just don’t want to comply with what should be basics on data protection. Long story short the services on the list should not be trusted at all by any users in any country.

List of services blocking

Here are a few examples of services that are just blocking users instead of following some basic rules on keeping data safe and giving users basic rights to content they created.

 

What does GDPR require services to do?

The rules are simple, and easy to follow if you take a bit of time to see how your service works and stores data.

Use plain language

The new GDPR explicitly says that you must use plain language, not a giant pile of legalese.

Consent must be explicitly given

If you are going to collect personally identifiable information (name, email, phone, etc), then you must have explicit consent.

Notification of data breaches

You must notify data subjects of a data breach within 72 hours of you becoming aware of it.

Right to access their data

Upon request, and at no charge, you must provide a data subject a copy of the personal data you have stored about them.

Right to be forgotten

People have the right to leave your website and have you not store personally identifiable information about them. Provided, of course, that doesn’t violate any other laws.

Right to take your data elsewhere

Data must be in a commonly used and machine-readable format upon user request.

Privacy by Design

Only ask for data you actually need.