Instapaper on pause in Europe to fix GDPR compliance “issue”

INSUBCONTINENT EXCLUSIVE:
Remember Instapaper The Pinterest-owned, read-it-later bookmarking service is taking a break in Europe — apparently while it works on
achieving compliance with the region updated privacy framework, GDPR, which will start being applied from tomorrow. Instapaper notification
does not say how long the self-imposed outage will last. WTF is instapaper doing with data pic.twitter.com/eG2dhtkvnd — Sam (@smithsam)
May 23, 2018 The European Union General Data Protection Regulation updates the bloc privacy framework, most notably by bringing in
supersized fines for data violations, which in the most serious cases can scale up to 4% of a company global annual turnover. So
itsignificantly ramps up the risk of, for example, having sloppy security, or consent flows that aren&t clear and specific enough (if indeed
consent is the legal basis you&re relying on for processing people personal information). That said, EU regulators are clearly going to
tread softly on the enforcement front in the short term
And any major fines are only going to hit the most serious violations and violators — and only down the line when data protection
authorities have received complaints and conducted thorough investigations. So it not clear exactly why Instapaper believes it needs to
pause its service to European users
It also had plenty of time to prepare to be compliant — given the new framework was agreedat the back end of 2015
We&ve reached out to Pinterest with questions and will update this story with any response. In an exchange on Twitter, Pinterest product
engineering manager Brian Donohue — who, prior to acquisition was Instapaper CEO — flagged that the product&sprivacy policy &hasn&t been
changed in several years&
But he declined to specify exactly what it feels its compliance issue is — saying only: &We&re actively working to resolve the issue.& In
a customer support email that we reviewed, the company also told one European user: &We&ve been advised to undergo an assessment of the
Instapaper service to determine what, if any, changes may be appropriate but to restrict access to IP addresses in the EU as the best course
of action.& &We&re really sorry for any inconvenience, and we are actively working on bringing the service back online for residents in
Europe,& it added. The product privacy policy is one of the clearer TCs we&ve seen
It also states that users can already access &all your personally identifiable information that we collect online and maintain&, as well as
saying people can &correct factual errors in your personally identifiable information by changing or deleting the erroneous information& —
which, assuming those statements are true, looks pretty good for complying with portions of GDPR that are intended to give consumers more
control over their personal data. Instapaper also already lets users delete their accounts
And if they do that it specifies that &all account information and saved page data is deleted from the Instapaper service immediately&
(though it also cautions that &deleted data may persist in backups and logs until they are deleted&). In terms of what Instapaper does with
users& data, its privacy policy claims it does not share the information &with outside parties except to the extent necessary to accomplish
Instapaper functionality&. But it also not explicitly clear from the policy whether or not it passing information to its parent company
Pinterest, for example, so perhaps it feels it needs to add more detail there. Another possibility is Instapaper is working on compliance
with GDPR data portability requirement
Though the service has offered exports options for years
But perhaps it feels these need to be more comprehensive. As is inevitable ahead of a major regulatory change there a good deal of confusion
about what exactly must be done to comply with the new rules
And that perhaps the best explanation for what going on with Instapaper pause. Though, again, there plenty of official and detailed guidance
from data protection agencies to help. Unfortunately it also true that there a lot of unofficial and dubious quality advice from a cottage
industry of self-styled ‘GDPR consultants& that have sprung up with the intention of profiting off of the uncertainty
So — as ever — do your due diligence when it comes to the ‘experts& you choose.