ALL EURO WR MEMBERS: PLEASE READ

[lou v]

I've gotten a few messages from WR members in Europe about an error message you've been receiving . Unfortunately, I have some bad news.

Due to the corporate requirements associated with a new European Union law (called GDPR, General Data Protection Regulation) that is about to go into effect, Rivals is blocking all traffic from EU countries. This was a business decision. These regulations have extremely strict and complicated requirements for handling user data, privacy, etc., and they come with very stiff penalties for each infraction. According to Rivals analytics, 99.8% of all traffic is domestic, with the majority of the last 0.2% coming from search engine crawlers and bots from Asia and EU. So there is a very small group of members who will be impacted by this restriction.

If you still want to access the site -- and we hope you do -- there is a way around the block if your personal info is not EU-based (e.g., credit card needs to be from the USA). You can use a VPN (virtual private network) service, which is basically a tunnel for internet traffic between your computer and another computer somewhere on the planet. This simulates like all your data is coming from that other computer instead of your actual location.

There are a lot of free and safe VPN services and some great low-cost premium ones too. All you typically do after signing up is install a VPN client on your computer/phone, select where you want your 'end point' to be (e.g. USA for this situation) and turn it on. From that moment on all your web browsing and other internet data is encrypted and piped through that other computer. You can turn it on and off needed, and as an added benefit VPNs encrypt every byte that leaves/enters your computer so it's an extra level of privacy and security.

If you're a subscriber and don't want to use a VPN, Rivals will refund your current subscription.

We apologize for the whole situation. Please let me know if you have any questions or if I can help in any way.

Thanks.

 

[Hungry Jack]

Yup. ECat can use a VPN to maintain his crusade against Ohio State.

 

[Eurocat]

I've gotten a few messages from WR members in Europe about an error message you've been receiving . Unfortunately, I have some bad news.

Due to the corporate requirements associated with a new European Union law (called GDPR, General Data Protection Regulation) that is about to go into effect, Rivals is blocking all traffic from EU countries. This was a business decision. These regulations have extremely strict and complicated requirements for handling user data, privacy, etc., and they come with very stiff penalties for each infraction. According to Rivals analytics, 99.8% of all traffic is domestic, with the majority of the last 0.2% coming from search engine crawlers and bots from Asia and EU. So there is a very small group of members who will be impacted by this restriction.

If you still want to access the site -- and we hope you do -- there is a way around the block if your personal info is not EU-based (e.g., credit card needs to be from the USA). You can use a VPN (virtual private network) service, which is basically a tunnel for internet traffic between your computer and another computer somewhere on the planet. This simulates like all your data is coming from that other computer instead of your actual location.

There are a lot of free and safe VPN services and some great low-cost premium ones too. All you typically do after signing up is install a VPN client on your computer/phone, select where you want your 'end point' to be (e.g. USA for this situation) and turn it on. From that moment on all your web browsing and other internet data is encrypted and piped through that other computer. You can turn it on and off needed, and as an added benefit VPNs encrypt every byte that leaves/enters your computer so it's an extra level of privacy and security.

If you're a subscriber and don't want to use a VPN, Rivals will refund your current subscription.

We apologize for the whole situation. Please let me know if you have any questions or if I can help in any way.

Thanks.

 

[Eurocat]

What the hell is going on, I understand none of this.

Please write me lou (my real life name at yahoo.com).

What did I do?

 

[iskaboo]

Lou, thanks for the reply to my PM.

Does this mean that I must renew with a credit card registered to a US address when my membership expires? If so, I guess I will no longer ‘support’ Rivals financially because after 24 years overseas, I no longer have one. I guess I can see whether I can reimburse someone in the US for buying my membership for me.

I also find it strange that Rivals/Yahoo is afraid of violating the GDPR, which isn’t all that onerous. I belong to other US chat sites that have not blocked me. I wonder whether Rivals has been selling data to organisations without users’ consent and thus does not comply with the new regulations? Or, does this have something to do with Yahoo’s data breach?

Eurocat, please PM me if I can assist.

 

[Eurocat]

Lou, thanks for the reply to my PM.

Does this mean that I must renew with a credit card registered to a US address when my membership expires? If so, I guess I will no longer ‘support’ Rivals financially because after 24 years overseas, I no longer have one. I would ne’er whether can reimburse someone inn the US for buying my membership for me.

I also find it strange that Rivals/Yahoo is afraid of violating the GDPR, which isn’t all that onerous. I belong to other US chat sites that have not blocked me. I wonder whether Rivals has been selling data to organisations without user’s consent and thus does not comply with the new regulations?

Eurocat, please PM me if I can assist.

I have no idea what the hell is going on.

Iskaboo do you know Florida or Alan Smithee? hey have my email (which is just my name @yahoo.com)

I cannot believe this is being done to me, I have posted since Chris Pool ran this site circs 2000. I remember posting after the attacks. What the hell did I do wrong?

 

[iskaboo]

Euro

See my email. I don’t think you or I have done anything wrong, but I do think that the lawyers at Yahoo/Rivals are overreacting.

I would like to threaten to move to another NU site, but that would be an empty threat nowadays.

 

[Hungry Jack]

What the hell is going on, I understand none of this.

Please write me lou (my real life name at yahoo.com).

What did I do?

All of your personal data has been hacked and sold to Fusion GPS.

Seriously, NO ONE HAS DONE ANYTHING WRONG. It is a new law that says any web company operating in Europe that stores any customers personal data has to be really careful, or face big fines from the EU and it’s stormtroopers.

So Rivals is not going to allow EU IP addresses to access it’s site. This exempts from any legal risk.

The VPN software is EZPZ and will keep you guys logged in.

 

[iskaboo]

All of your personal data has been hacked and sold to Fusion GPS.

You don’t know how right you are.

http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html

 

[epicbret]

Should have been better posters.

 

[FloridAlum]

I have no idea what the hell is going on.

Iskaboo do you know Florida or Alan Smithee? hey have my email (which is just my name @yahoo.com)

I cannot believe this is being done to me, I have posted since Chris Pool ran this site circs 2000. I remember posting after the attacks. What the hell did I do wrong?

Are you aware that you can send him a private message through this site clicking on the little envelope at the top. It is very easy. And he paid member can initiate a conversation.
I should’ve been more clear. Click on his name on his post, then click on start a conversation

 

[FloridAlum]

All of your personal data has been hacked and sold to Fusion GPS.

Seriously, NO ONE HAS DONE ANYTHING WRONG. It is a new law that says any web company operating in Europe that stores any customers personal data has to be really careful, or face big fines from the EU and it’s stormtroopers.

So Rivals is not going to allow EU IP addresses to access it’s site. This exempts from any legal risk.

The VPN software is EZPZ and will keep you guys logged in.

So Eurocat would be OK if he merely convinces Latvia to leave the EU, right?Won’t this Brexit business help all posters in England?

 

[Gladeskat]

Too many Cricket and Rugby posts.

 

[FloridAlum]

Too many Cricket and Rugby posts.

I expect this to become a major item when Queen Elizabeth realizes she can no longer access this board.

 

[FloridAlum]

I have to be careful about outing anyone, but if you happen to see an irate post from RoyalWindsorCat, well, you know......

 

[DonatelloCat]

Too many Cricket and Rugby posts.

and not enough exclamation points!!! dang!!

 

[Hungry Jack]

Too few Rugby posts.

FTFY

 

[EvanstonCat]

Yup. ECat can use a VPN to maintain his crusade against Ohio State.

Actually, I don't need a VPN To access Rivals. I'm not based in Europe. Although, my corporate VPN kicks into London, and so for a moment, I did see the error message. But, I continue to post without restriction.

Fear not fellow Ohio State haters, the crusade continues unabated, and I will not be denied.

 

[EvanstonCat]

All of your personal data has been hacked and sold to Fusion GPS.

Seriously, NO ONE HAS DONE ANYTHING WRONG. It is a new law that says any web company operating in Europe that stores any customers personal data has to be really careful, or face big fines from the EU and it’s stormtroopers.

So Rivals is not going to allow EU IP addresses to access it’s site. This exempts from any legal risk.

The VPN software is EZPZ and will keep you guys logged in.

Actually, it's quite simple to manage the risk, if you add a disclaimer somewhere (trust me, we have really good lawyers and are super sensitive with compliance issues). Ours:

Important: Any comments or statements made are not necessarily those of [company]. The information transmitted is intended for [purposes]. [activities] may be subject to our monitoring procedures. You should only send personal data to [company] for which you have full and proper authorisation. [Company] uses personal data where appropriate to conduct its business and to comply with legal and regulatory obligations, in accordance with its privacy policy (link to privacy policy).

 

[AstroCat]

GDPR strikes again. I am actually working on a number of projects that involve GDPR compliance. I can confirm that the requirements are very onerous. In fact, the more we research it, the worse it is in terms of compliance.

A user’s protected personal information is not just sensitive information, such as credit card numbers, but simply a name and email address is considered protected information under GDPR. EU residents have all kinds of rights under GDPR with respect to how their personal information is used and stored, including the right to be forgotten.

GDPR was a response to the massive abuse of personal information by web companies, such as Facebook, Google, Linked-In, etc. In my opinion, it is an over response, as the GDPR net will catch virtually all businesses, not just consumer-oriented web businesses. Technically, just storing the personal information of an EU resident on a US based server would be a violation of GDPR at this time because the US is not yet on the GDPR approved list (the last time I checked, no country outside the EU is). More than a few US companies are moving their data on EU residents to servers in the EU just to be safe.

GDPR actually took affect over a year ago, but enforcement starts in May 2018, which is why companies are finally starting to act. The fines can be massive, as you might expect if the original targets of this law were companies as large as Facebook. A US company that has no business presence in the EU can probably ignore GDPR for now, but if that company (or its parent or subsidiaries) has any physical presence in the EU, then it is best to either comply or find a way to avoid storing any personal data of EU residents.

 

[FloridAlum]

GDPR strikes again. I am actually working on a number of projects that involve GDPR compliance. I can confirm that the requirements are very onerous. In fact, the more we research it, the worse it is in terms of compliance.

A user’s protected personal information is not just sensitive information, such as credit card numbers, but simply a name and email address is considered protected information under GDPR. EU residents have all kinds of rights under GDPR with respect to how their personal information is used and stored, including the right to be forgotten.

GDPR was a response to the massive abuse of personal information by web companies, such as Facebook, Google, Linked-In, etc. In my opinion, it is an over response, as the GDPR net will catch virtually all businesses, not just consumer-oriented web businesses. Technically, just storing the personal information of an EU resident on a US based server would be a violation of GDPR at this time because the US is not yet on the GDPR approved list (the last time I checked, no country outside the EU is). More than a few US companies are moving their data on EU residents to servers in the EU just to be safe.

GDPR actually took affect over a year ago, but enforcement starts in May 2018, which is why companies are finally starting to act. The fines can be massive, as you might expect if the original targets of this law were companies as large as Facebook. A US company that has no business presence in the EU can probably ignore GDPR for now, but if that company (or its parent or subsidiaries) has any physical presence in the EU, then it is best to either comply or find a way to avoid storing any personal data of EU residents.

You’re alive! I thought you had totally disappeared

 

[AstroCat]

Yes, I am still around. I read most of what is posted here, but just do not have time to write. In this case, I have GDPR on the brain so it was quick and easy to write. I hope you are doing well.

 

[FeliSilvestris]

I am able to access from Europe through the Tor browser, which you may want to know about for other reasons: https://www.torproject.org/projects/torbrowser.html.en

Lou, while the concern about the GDPR may be in principle legit, important questions about the particular approach taken by Rivals remain.

1) Rivals is (AFAIK) a wholly-owned subsidiary of Oath Inc. (Yahoo, AOL, etc), which is itself a subsidiary of Verizon. Yahoo itself seems to continue to offer its services to European residents with normality, and probably other units of Oath (and Verizon) are doing the same. Hence it is unclear why Rivals policies on this matter need to be sharply different from those of its sibling/parent companies.

2) Even if we accept that GDPR compliance is a major problem for Rivals, why is it necessary that Rivals BLOCK ALL European access, even READ-ONLY access??? Offering paid services to EU residents is one thing. Offering free services to them is another. And allowing anonymous READ-ONLY access should be quite another, from the GDPR compliance PoV. The requirements should be quite different. It is at best doubtful that simply by allowing EU residents to READ a website, the website owner falls under the GDPR (which would cover the entire worldwide web).

3) The allegation that only 0.2 percent (two tenth of one percent) of Rivals traffic comes from overseas is highly doubtful...they may have meant TWO percent, which is more reasonable, although it may still be too low. It is estimated that 1.6 million Americans live in the EU. By comparison, the state of Wyoming only has about half a million residents, and about a dozen of US states have populations under 1.5M. Furthermore, many Europeans may have their own reasons to follow college sports. For example, they may be alumni of US colleges/universities and/or may have lived in the US for an extended period of time, for whatever reasons. All this suggests that Rivals overseas traffic may have been underestimated.

As an absolute minimum, Rivals should effective-immediately allow READ-ONLY anonymous access from the EU (just like many media organizations, universities, companies and institutions are currently doing without apparent difficulties).

 

[GlideCat]

Too many Cricket and Rugby posts.

Rugby, yes. Cricket? We are a dull crew but not THAT dull.

 

[GlideCat]

Rivals is (AFAIK) a wholly-owned subsidiary of Oath Inc. (Yahoo, AOL, etc), which is itself a subsidiary of Verizon. Yahoo itself seems to continue to offer its services to European residents with normality, and probably other units of Oath (and Verizon) are doing the same. Hence it is unclear why Rivals policies on this matter need to be sharply different from those of its sibling/parent companies.

Maybe MRCat is correct in his ideas that FloridAlum's statement that they could read drafts of our thoughts that were typed but never posted could be the tip of an iceberg. And maybe Rivals is doing things with our data that their fellow subsidiaries are not. And maybe the requirements of the EU would make these issues go public and Rivals fears the reaction of their subscribers.

Or maybe not. I have no idea. Life is more interesting if MRCat is right, though. My version of life is much more boring.

 

[iskaboo]

Maybe MRCat is correct in his ideas that FloridAlum's statement that they could read drafts of our thoughts that were typed but never posted could be the tip of an iceberg. And maybe Rivals is doing things with our data that their fellow subsidiaries are not. And maybe the requirements of the EU would make these issues go public and Rivals fears the reaction of their subscribers.

Or maybe not. I have no idea. Life is more interesting if MRCat is right, though. My version of life is much more boring.

I think GlideCat may be on to something here. Amazon lets me buy stuff off its US site, even though I live in (currently) an EU country. Adobe is happy to let me pay for and use Creative Cloud. My Hotmail and Gmail accounts won’t be cancelled. In fact, my Yahoo account won’t likely be cancelled. So why does Rivals have a problem with GDPR while no one else outside the EU seems to be all that worried or have people like AstroCat working on solutions?

Either that or inside information about Northwestern football may have a National Security parameter that I have not previously appreciated.

 

[AstroCat]

I think there are several reasons why companies have ignored GDPR until now. For one thing, enforcement does not begin until May, and for many companies, that means they are just now getting around to dealing with it. Also, in the US most companies assumed that either GDPR could not possibly apply to them or that if it did apply, then compliance would be easy for any company that was not intentionally abusing personal information.

On the other hand, some of the largest web companies have been working with the EU for years in preparation. In addition to changing how they handle personal data, some have created a set of policy documents called Binding Corporate Rules (BCRs), which after a very lengthy approval process (probably over a year) will allow them to operate without much EU scrutiny -- as long as they adhere those policies.

Mid-size companies are making simpler changes, such as flagging user accounts from EU residents and moving those accounts to servers in the EU (where presumably the hosting companies are better prepared to handle GDPR), providing them with new terms of service rules, and setting up a central website to handle user requests to view/modify/delete all of their personal data.

The question about read-only websites is an interesting one. If they are truly read-only, then GDPR would not apply to them. Unfortunately, many websites track users and you can assume that all large websites do so, and there is a lot of sharing of that information. For example, after visiting the website for Royal Caribbean Cruise Lines, you may start seeing a lot of cruise line ads appear on your screen when you visit unrelated websites. Similarly, if you type the phrase Cancun vacation into your web-based email service as part of a message, it is likely that you will start seeing Mexico vacation ads on other websites (possibly even including Rivals). When this kind of information sharing happens, then GDPR applies. In brief, if the information stored by a web company about a user can somehow be linked to an actual EU resident, even if that linkage requires complex and time consuming effort, then GDPR applies.

For anyone who is interested, here is the actual law. It is possible to skim the main points in an hour or so.
https://gdpr-info.eu/

 

[DaCat]

I expect this to become a major item when Queen Elizabeth realizes she can no longer access this board.

Our very own alum and soon-to-be royal family member Meghan Markle may also have a say in this matter. I heard she actually posts here under the screen name wrestlerblahblahblah or something.

 

[FeliSilvestris]

Our very own alum and soon-to-be royal family member Meghan Markle may also have a say in this matter. I heard she actually posts here under the screen name....

I don't know about Meghan, but another factor for @Rivals Staff @lou v to consider is the number of US military personnel being affected. It seems that currently almost one-hundred thousand US military members are deployed in Europe. That figure does NOT include any military or civilian contractors or dependents...adding contractors and dependents, the resulting figure should easily reach several hundred thousands...I am no PR expert, but blocking from accessing Rivals.com (even in read-only mode) so many members of the US Armed Forces and those near them cannot possibly be good PR...for Rivals itself or for its siblings/parents.
https://en.wikipedia.org/wiki/United_States_military_deployments#Europe

 

[villox]

I don't know about Meghan, but another factor for @Rivals Staff @lou v to consider is the number of US military personnel being affected. It seems that currently almost one-hundred thousand US military members are deployed in Europe. That figure does NOT include any military or civilian contractors or dependents...adding contractors and dependents, the resulting figure should easily reach several hundred thousands...I am no PR expert, but blocking from accessing Rivals.com (even in read-only mode) so many members of the US Armed Forces and those near them cannot possibly be good PR...for Rivals itself or for its siblings/parents.
https://en.wikipedia.org/wiki/United_States_military_deployments#Europe

I look forward to marching in the streets for this, right after we solve guns, world hunger, and our extended military occupation of much of the planet.

 

[GlideCat]

I look forward to marching in the streets for this, right after we solve guns, world hunger, and our extended military occupation of much of the planet.

Felis' post and our extended military occupation of much of the planet would kind of cancel each other out.

 

[FeliSilvestris]

I look forward to marching in the streets for this, right after we solve guns, world hunger, and our extended military occupation of much of the planet.

I didn't say anything about marching on the streets...just that it does not seem good PR to block hundreds of thousands of US military personnel and dependents...of course other Americans living in Europe should also count (as of 2011, the State Department estimated the number of Americans living in Europe who are NOT affiliated with the US govt to be 1.6 MM, roughly one quarter of all living abroad). And of course there are non-US-citizen European residents who follow college sports for various reasons (alumni, etc).

 

[GlideCat]

I didn't say anything about marching on the streets...just that it does not seem good PR to block hundreds of thousands of US military personnel and dependents...of course other Americans living in Europe should also count (as of 2011, the State Department estimated the number of Americans living in Europe who are NOT affiliated with the US govt to be 1.6 MM, roughly one quarter of all living abroad). And of course there are non-US-citizen European residents who follow college sports for various reasons (alumns, etc).

I think Villox was talking more about the issue of Rivals data abuse as a whole rather than just your post. I, too, do not see a great deal of issue with Rivals-specific potential data sales. If it bothers me, I stop using Rivals. That does not mean that data abuse as a whole - specifically by Microsoft and Apple that have created pseudo-monopolies for software - are not an issue. But I don't sweat Rivals too much.

Them blocking Europe is a weird thing and your point about the military is valid.

 

[villox]

I think Villox was talking more about the issue of Rivals data abuse as a whole rather than just your post. I, too, do not see a great deal of issue with Rivals-specific potential data sales. If it bothers me, I stop using Rivals. That does not mean that data abuse as a whole - specifically by Microsoft and Apple that have created pseudo-monopolies for software - are not an issue. But I don't sweat Rivals too much.

Them blocking Europe is a weird thing and your point about the military is valid.

My point was that I highly doubt there will be any real “PR” impact from this whatsoever.

However, if they suffered a data breach and were fined by the EU, that would be something they’d probably get worked up about.

 

[FeliSilvestris]

My point was that I highly doubt there will be any real “PR” impact from this whatsoever.

You are entitled to your opinion just as we are...I do not work on PR...do you?
Every time a U.S. corporation does something that can be perceived as (at best) "insensitive" if not contrary to the interest of regular (rank-and-file) Americans serving their country overseas there is a significant potential of a PR-backlash...I say this based on experience and common sense (not because I am an expert on these things). Fact is, the EU regulation applies to A LOT of corporations and firms...AFAIK, the vast majority of them continue to offer their services (or at least access to their websites) to EU residents...this seems to include even companies with direct ties to Rivals...It seems that there is something very specific to Rivals that has led Rivals to block ALL access to everyone residing in the EU...that at least 100's of thousands of those blocked are U.S. servicemen and their dependents should be a matter of special concern...when most others continue to provide access to them (and everyone else).

 

[iskaboo]

I did work in PR for 25 years, and I can tell you that the PR impact of this move on Rivals/Yahoo will be non-existent.

As much as I am a bit p*ssed off that I have to make sure my VPN is connected to a US server before I read the boards, the fact is that I can easily access them. If it turns out that I am not allowed to continue to have a paid membership because I live in the UK, then I guess I won’t be able to read posts on The Rock, and Rivals - and unfortunately Lou - will lose some revenue.

The only thing that surprises me is that I am a member/user of many US-based sites, and so far Rivals is the only site to block me because I live in an EU country.

 

[FeliSilvestris]

The only thing that surprises me is that I am a member/user of many US-based sites, and so far Rivals is the only site to block me because I live in an EU country.

That is exactly the problem...if most firms in the industry were handling this matter in a similar way, it would be hard to blame Rivals for doing what most in the industry are doing.

the PR impact of this move on Rivals/Yahoo will be non-existent.

Well, I don't see how you can be so sure of that. Anyway, with both major college sports in off-season, this is obviously a very quiet period for Rivals. Probably most affected haven't even noticed it. From late summer on, we will have a better idea of any backslash (if the situation hasn't changed by then).

 

[DaCat]

Well, I don't see how you can be so sure of that.

After 25 years in the industry, he probably has a pretty good idea.

 

[EvanstonCat]

After 25 years in the industry, he probably has a pretty good idea.

Well, to be fair, there are some people who are X number of years in their job or industry who still don't have any idea what they are doing. I won't say who, but let's say I would put my faith in an automatic tennis ball machine over them right now based on results.

 

[Gladeskat]

Well, to be fair, there are some people who are X number of years in their job or industry who still don't have any idea what they are doing. I won't say who, but let's say I would put my faith in an automatic tennis ball machine over them right now based on results.

Automatic tennis ball machines do a whale of a job in recruiting, too.