One Month Into GDPR – What The Effect Has Been

The following is a message posted to the IAJGS Public Records Access Monitoring Committee’s mailing list by Jan Meisels Allen:

It’s just past one month since the General Data Protection Regulation went into effect in the European Union. These are some of the things that occurred as a result of the GDPR:

1. The cessation of some genealogical data bases from being on the Internet:

  • 450,000 Records Removed From Online Access at Dutch Archives—such as the Tilburg Regional Archive online family cards collection dating from 1920-1940; other branches including Amsterdam, Alkmaar, Eemland and more have removed data from the Internet.
  • World Famous Network Y-DNA project ceased operation
  • Y-Search and Mitosearch projects of FamilyTree DNA were closed the end of May. While the announcement did not state they were closing due to the GDPR, the timing is at least “curious.”

2. Major litigation against multinationals allegedly not following the GDPR – the litigation was filed within hours of the GDPR becoming effective by privacy advocates, especially Max Schrems and his firm None of Your Business. According to Politico, in Austria there are 128 complaints and 500 questions; 50 data breach notifications- the same number that occurred previously in a span of eight months. In France complaints are up by over 50 percent compared to the same time period last year, There are 29 cross-border cases under investigation.

3. Facebook and Google are two dominant multinationals which have been the focus of many lawsuits and investigations. With the GDPR it appears their dominance is increasing especially in advertising as smaller publishers and advertisers may have problems meeting the new GDPR standards-exemplified by some companies pulling back from Europe.

4. We are seeing other countries, such as Canada, look at the GDPR and consider adopting similar or partial legislation following some of the GDPR rules. Japan and Argentina have overhauled their domestic rules to comply with the GDPR. South Korea and Columbia are tweaking their legislation looking at the GDPR standards.

5. The United States is looking at different privacy aspects, both federally and by state legislation (see California). The White House Special Assistant to President Trump for Technology, Telecom and Cyber Policy, Gail Slater, met with the CEO of the Information Technology Industry Council as well as the technology committee of the Business Roundtable. One of the items that was discussed as a possibility is an executive order directing the Department of Commerce’s National Institute of Standards and Technology to develop privacy guidelines. Another possibility is a public-private partnership laying out voluntary privacy best practices, which could become de-facto standards. It is recognized that some parts of the GDPR, such as the “right to be forgotten” may not work under US law, yet there is a bill in the New York Assembly that would adopt it in New York State-although there has been no action taken and it sits in the committee it was referred to last year and re-referred to this year…

6. Some companies have adopted GDPR to their global markets: Microsoft announced that on May 21st. Facebook said they essentially would treat the GDPR globally, but are moving their non-EU data collection not already in the US or Canada to the United States to avoid any possible fines if they are found not in compliance. The fines for non-compliance are substantial– 4%of worldwide annual revenue of the prior financial year or up to €20 million, whichever is higher (

7. Some US Newspapers stopped selling their newspapers in Europe—i.e. the publisher Tronc: publisher of The Los Angeles Times, Chicago Tribune, New York Daily News. Other publications are being found to deactivate their site for people who opt out of advertising cookies-or are running separate versions that are stripped of tracking , for example USA Today.

There are multiple court cases that may change the focus as we see it- and time will tell. The GDPR is being touted by some privacy advocates as the “gold standard” but we won’t know what standard, if any, will become dominant until more time passes and various countries look as to what is best for their individual country’s residents’ privacy.

To read more see:

To read the previous IAJGS Records Access Alert postings about the European Union’s GDPR, right to be forgotten, privacy issues, US privacy legislation, California’s privacy legislation and potential ballot initiative, Canada’s Privacy proposals and more, go to: You must be registered to access the archives. To register go to: and follow the instructions to enter your email address, full name and which genealogical organization with whom you are affiliated You will receive an email response that you have to reply to or the subscription will not be finalized.

Jan Meisels Allen
Chairperson, IAJGS Public Records Access Monitoring Committee


I’ve said here before that the 1920-1939/1940 Dutch family cards/population registers should never have been online. They record sensitive information like religion, and there would be a lot of people from that time period still alive.


Can you make a post following up on changes users are experiencing on the big genealogy sites? Like I know that on Geni, when I enter deceased people now they’re set to private by default when they used to be public.

It doesn’t really count as one of the “big” sites, but I’ve also heard that Wikitree had to delete a ton of data belonging to people who didn’t reverify their email addresses, but I don’t know all the details.

A site by site follow up on where sites stand would be great.


Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: