The European Union's flagship data protection laws have hit an early hitch, with several major US news websites blocked to European users out of concern that they might fall foul of the rules.
The Los Angeles Times and Chicago Tribune newspapers were among those inaccessible to online readers in Europe following the introduction on Friday of the General Data Protection Regulation (GDPR).
Separately, Facebook and Google are already facing their first official complaints under the new law after an Austrian privacy campaigner accused them of effectively forcing users to give their consent to the use of their personal information.
The new rules strike at a core of businesses that offer free content online but that make money by collecting and sharing user data to sell targeted advertising.
The EU has billed the GDPR as the biggest shake-up of data privacy regulations since the birth of the web, saying it sets new standards in the wake of the recent Facebook data harvesting scandal.
But it has also been blamed for a flood of emails and messages in consumers' inboxes in recent weeks as worried businesses rush to update their privacy policies and request the explicit consent of users.
Among the most notable blackouts observed in the past two days are those of sites tied to the American media company Tronc. In addition to the Chicago Tribune and Los Angeles Times, the New York Daily News, Orlando Sentinel and Baltimore Sun were also unavailable to readers in Europe.
“We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism,” Tronc said in a statement.
The decision illustrated that some companies would prefer to lose European customers than risk being hit with the stiff penalties allowed under the new law.
Some other major US news sites acknowledged the new privacy rules with large disclaimers and other information to explain what information was being gathered when a reader visits the site.
“Welcome to USA Today Network’s European Union Experience,” the news organisation USA Today proclaimed at the top of its website, explaining that the company would not collect personally identifiable information or other data commonly used to sell online advertising.
Even though the GDPR rules were officially adopted two years ago, with a grace period until now to adapt to them, companies all over the world, including in Thailand, have been slow to act, resulting in a last-minute scramble this week.
Companies can be fined up to 20 million euros (US$24 million) or 4% of annual global turnover for breaching the strict new data rules for the EU, a market of 500 million people.
The European Commission insisted that it was not responsible for the blackout of some US sites, saying it was "proud to set high data protection standards" for the bloc's 500 million citizens.
"We have seen the press reports, but it is not for the commission to comment on individual companies' policies in terms of offering services in the EU," a spokesman said in an emailed comment to AFP.
"We expect all companies to fully comply with the General Data Protection Regulation as of today. With the new rules in place, EU data protection authorities will watch over their correct application across the EU and ensure full compliance."
Meanwhile, Austrian privacy campaigner Max Schrems said he had launched four official complaints with national regulatory authorities under the new law.
They target Google in France, Instagram in Belgium, WhatsApp in Germany and Facebook in his native Austria.
He said the problem with all these sites was pop-ups that have appeared in recent weeks, asking users to agree to new terms of use, adding that this amounted to a system of "forced consent" from users.
A previous case brought by Schrems against Facebook triggered the collapse of a previous EU-US data sharing agreement.
Brussels says the new laws put Europeans "back in control" of their data.
"When it comes to personal data today, people are naked in an aquarium," said EU Justice Commissioner Vera Jourova.
French President Emmanuel Macron said on Twitter that "with the GDPR we are building a European sovereignty on data".
The law says individuals must explicitly grant permission for their data to be used. It also establishes their "right to know" who is processing their information and what it will be used for; and gives them the "right to be forgotten".
Parents will decide for children until they reach the age of consent, which member states will set anywhere between 13 and 16 years old.
The case for the new rules has been boosted by the recent scandal over the harvesting of Facebook users' data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.
Facebook chief Mark Zuckerberg said as he apologised to the European Parliament on Tuesday over the scandal that his firm would be "fully compliant" with the EU law.