Europe’s General Data Protection Regulation laws are now in effect, and we’re getting a sense of what publishers have decided to implement on their websites as of May 25 — whether they’ve decided to block European Union and European Economic Area-based traffic outright, set up buckets of consent for readers to click through, or something simpler. (Or nothing new at all.)

Publishers have had two years to prepare, but the government regulations still appeared to catch some off-guard. GDPR is intended to give people within the EU control over their personal data, but the way it’s structured is a headache for news organizations and other online entities that have used visitors’ data for years. GDPR’s principles may also put the dissemination of information online at risk, as Amy Webb argued in Nieman Reports:

The GDPR includes the ‘Right to Be Forgotten,’ which allows individuals to request that search engines and other platforms remove specific information about them. Effectively, this would allow an E.U. citizen to request that Google remove stories and websites from search, and it could have a profound effect on the dissemination of newsworthy information. While there are some exemptions in place to protect news outlets, journalists and researchers, it’s possible that investigative projects like this year’s Pulitzer Prize-winning #MeToo series, which relied on a tremendous amount of personal data, may not be seen, at least not easily, in some democratic countries that uphold the tenets of free speech. The subjects of those stories might object to the reporting and demand that their names and likenesses be removed.

These splinternets are already happening. Local news outlets, like North Carolina TV station WRAL (screenshot courtesy of Robert Socha) and all Tronc properties have blocked access to visitors from the European Union.

America 2018. pic.twitter.com/KJVaSGz8nT

— Chanders (@Chanders) May 25, 2018

Connecticut’s NewsTimes asked visitors to choose which services their information is shared with, from Taboola to Chartbeat — but apparently their GDPR explanation was inaccessible to EU browsers.

Tried to check in on my hometown paper @MurrayLedger while in Prague- no dice. Tried to find the GDRP explainer on @townnews but it was also blocked, so had to pull a cached version even to find their reasoning. Goodness. pic.twitter.com/IlbGS22q1K

— Kyser Lough (@KyserL) May 25, 2018

Access isn’t shut off everywhere, though: NPR is asking visitors from the EU to agree to their terms or view the site in plain text only.

OMG THIS IS AN AWESOME SOLUTION TO #GDPR – BACK TO 1996! pic.twitter.com/WZSXPbneN2

— Alec Muffett (@AlecMuffett) May 24, 2018

And if you want to browse The Washington Post’s website from the EU, it will cost you an extra $30 a year for “no on-site advertising or third-party ad tracking.”

Washington Post creates new pricing tier for European paying subscribers. pic.twitter.com/aT83PamqIQ

— Gus (@GusHosein) May 25, 2018

The Atlantic’s comprehensive ask walks users through the different options of data processing.

More screenshots of the granular opt-in requirements offered by @TheAtlantic imposed by #GDPR shows other publishers what privacy-by-design actually looks like. pic.twitter.com/bsNTm7hpph

— David Carroll 🦅 (@profcarroll) May 25, 2018

Could there be a silver lining? Some publishers might be using this as an opportunity for a smoother browsing experience, like USA Today’s GDPR-proof website:

The GDPR-compliant version of the USA Today website is so much better than the normal version it's unreal. Ad free, no autoplaying video, crisp clean design. pic.twitter.com/Cs4vRjgfJC

— alex hern (@alexhern) May 25, 2018

Other services, like reading app Instapaper, movie and TV review app Stardust, and inbox-declutterer Unroll.me, have shut down access to EU customers and sometimes even erased their accounts. The countdown-to-GDPR clock is now reset to the countdown-to-first-penalties clock (activists have already filed complaints against Google and Facebook).