Hey all – Brian from Instapaper here. We worked really hard to try to avoid a service interruption in the EU, but unfortunately we were unable to. We continue to work hard to ensure that the service interruption is as brief as possible.

Let me know if you have any questions...

Obviously, IANAL, but my company talked to a few over the past week.

This move is, in my opinion, a bad read on the odds and European culture.

First, culture. The goal (at least in France, but that's probably the same in other countries) is to get you in compliance, NOT to fine you. What this means is that before you get lawsuit and fines, someone will talk to you and work with you to see how you can get compliant.

Second, the odds. Unless you are a big company that thrives on GDPR violations (doesn't seem to me Instapaper is one, but I could be mistaken as I never used the service), you aren't likely to be targeted before a while, at least until a big case is done and over (let's take the odds Facebook is first).

Third, the delay. While the GDPR takes effect tomorrow, you have a grace period of a year for part of it (for example, getting consent for newsletter). I would really be surprised if enforcement start tomorrow.

Well, at least that's my read on the situation. And that's how I intend to do it: pro-actively work into getting in compliance without rushing it too much, and handle things properly as they come.

Asked a lawyer: If Instapaper doesn't delete the data from its EU users tomorrow, all the rules of the GDPR might still fall on their head. Most likely, they are then storing EU user data without given consent and have to follow all the requests about data storage, use, deletion and so on. Denying service without data deletion is not an option.

My impression is that Instapaper team is terribly understaffed and probably lost control over it's code base. They had changed hands twice over the years (Betaworks (Digg) 2013 and Pinterest 2016) with practically zero changes in code or the app. Zero progress, zero updates. That says something.

And the instapaper.com when downloading is sharing data with third parties like there is no tomorrow. Simply it is downloading a lot of crap from original sites (images etc.) which could be used for tracking - no way they could be compliant with GDPR and let user decide which third parties to share data with.

> But because the fines are so steep — violating GDPR will cost a company 4 percent of its global turnover or $20 million, whichever is larger — no one really wants to be caught non-compliant.

Can everyone just stop repeating this, pretty please? That is the maximum penalty. You'd have to try really, really hard to get that kind of penalty. For minor transgressions, you're likely to get away with a reprimand.

I'm still struggling with the fact that the EU can compel me to add what will be a funnel shattering dialog to my onboarding.

I've shelved a bunch of side projects that I was excited to work on because I have no interest in dealing with any of this ambiguous law. Implementing it would most likely cause a large percentage of users to uninstall my app, because who wants to be greeted with a scary sounding dialog as their first experience in an app. I know many folks here are privacy oriented, but unless this tiny slice of the population is willing to fund my app, I have 0 interest in pandering to them vs the majority of users that would get scared away by it.

I know that there's an almost 0% chance of any repercussion for not being compliant in a tiny app that'll probably never get anywhere, but I'm just so sickened by this whole thing that I don't want to deal with any of it.

Jesus christ, these cookie warnings are getting out of control. I'm not in EU, stop blocking half of my screen with them!

How does shutting down fix GDPR issues? Does all user data magically disappear by shutting down?

They had years to prepare for that. I don't feel comfortable with them not being ready. Time to move to Pocket.

I'm sad to see that as I am an avid Instapaper user living in EU. The whole GDPR issue caused a lot of changes and friction, but hopefully that's a good thing on the long term

One days notice, pretty shitty treatment of customers.

A general question for the GDPR experts: If user A does a request of their data and user B added a page their Instapaper account that had user A listed, does that page have to be included in the response to user A?

Cloud flare needs a feature that let's you ban all EU ips

Not-So-Related question: How can I shut off access for European user to my service?

Blocking IPs ? Ask if they are European? What if they lie? What if they become European citizen later but fail to notify me?

Maybe The Verge should sweep around its own door: https://imgur.com/a/0r28SZb

If anyone is looking to export a list of their saved pages the links for this are on the Settings page: https://www.instapaper.com/user

A list of all saved pages in all folders can be downloaded in CSV or HTML.

What are good alternatives to Instapaper? There is Pocket, any other recomendation?

Maybe it is also time for somebody to create new app as tiny side apps owned by corporations seems to be sunseted sooner or later.

Theoretical Question, If I am a startup now and has an global audience, does that means I need to enforce GDPR from the get go? Or are there time limit before I have to comply?

For people living outside of EU, this should scare you, Instapaper are unable to take care of your personal data...

I could not find Instapaper addon for firefox anymore, is it somewhat related to this news?

This is a terrible move. They had effectively years to prepare for the GDPR and they already have some sort of rudimentary export and delete options.

This step removes all the trust in Instapaper that I had in the past: They either are mismanaged or are not willing to tell the users what data they are collecting and how they use and monetize this data. And it should worry all users, not only users from the EU.

that’s causing companies trouble because it’s not entirely clear right now what information residents will request, what format that information needs to be in, how to locate it and package it, and whether new infrastructure needs to be created to manage this request pipeline. Personal info is a somewhat nebulous concept, and the fact that experts are describing the GDPR as “staggeringly complex” is not making it easy to cover all the bases. (Granted, companies have had two years to prepare for this.)

That is bollocks. The most stupid excuse I have ever read.