Imgur Pulls Out of UK as Data Watchdog Threatens Fine
Posted3 months agoActive3 months ago
express.co.ukOtherstoryHigh profile
heatedmixed
Debate
85/100
Online CensorshipData ProtectionUK Regulations
Key topics
Online Censorship
Data Protection
UK Regulations
Imgur has pulled out of the UK due to a threatened fine from the UK's data watchdog, sparking a heated debate about online regulation, jurisdiction, and the impact on internet freedom.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
9m
Peak period
120
0-12h
Avg / period
26.7
Comment distribution160 data points
Loading chart...
Based on 160 loaded comments
Key moments
- 01Story posted
Sep 30, 2025 at 9:01 AM EDT
3 months ago
Step 01 - 02First comment
Sep 30, 2025 at 9:09 AM EDT
9m after posting
Step 02 - 03Peak activity
120 comments in 0-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 6, 2025 at 5:56 AM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45424888Type: storyLast synced: 11/22/2025, 11:47:55 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Block UK access now just in case.
The fault is obviously an incompetent and authoritarian UK government, but that's what the UK overlords have agreed.
> {"data":{"error":"Content not available in your region."},"success":false,"status":400}
https://datatracker.ietf.org/doc/html/rfc7725
They did at least put a thanks to Ray Bradbury.
(My residential IP is blacklisted for some reason and I always get a JSON error message from them)
If I have a website I'm pretty sure I'm bound to break some random country's law without knowing
Answering my own question, I guess it's exceptionalism of the powerful countries where they can just bully you into following their law
They're clearly working up to this; it's what happened with Pirate Bay, etc.
The opinion polls are clear: the normies want this.
Giving normies the vote was a mistake.
That's the dichotomy. You're either an elitist snobs or a normies. No nuance, no qualification.
Opinion polls are bullshit and just an indicator of propaganda effectiveness.
https://news.ycombinator.com/item?id=45432347
The often cited YouGov polling, I think sampled a few thousand people. There are almost 2.5 million signatures on petitions between the OSA and Digital ID.
You can get any result you want by asking leading questions on polling. This was of course satirised by Yes Minister.
https://www.youtube.com/watch?v=G0ZZJXw4MTA
I can counter any of the iffy polls by simple point to the official online petitions service. There were a huge number of signatures to revoke OSA and two million signatures to abolish the plans for the Digital ID. While the Digital ID is technically a separate issue, many of the same privacy concerns are present.
https://petition.parliament.uk/petitions/722903?pubDate=2025...
https://petition.parliament.uk/petitions/730194
The number of people that signed these petitions is far more representative than any polling.
On top of that, recently I've seen reportrs of both the Liberal Democrats and Reform (the two largest parties after the main two) recongising the OSA as unpopular and are likely to suggest reforming/removing it.
On top of that. The labour government and the conservative government that proceeded it which created the OSA were/are both deeply unpopular.
So any notion that there is a popular mandate for this is nonsense.
I wouldn't trust them in young LibDems in Bristol either. Doesn't matter if they seem nice or not. Lots of young politicians have nice ideas and over time they either end up as bad as the ones they are replacing, they are forced out or leave of their own accord and then complain about it on a podcast.
(no, its not the cookie law either.)
They are a quango, rather than policy makers
Again they are not OFCOM, and they didn't make OSA, thats very much down to the previous tory government
It'd be interesting to see how fast the policy would get reversed then.
This was always a stupid policy and so protesting it by pulling services is one way to draw attention to that.
the first clue is that its the ICO that is running this. the ICO has nothing to do with the online safety act.
Secondly asking a commercial company to conform to basic data protection isn't that onerous.
Honestly its almost like HN has tumbler level reading comprehension.
Microsoft + Google + Amazon + Nvidia + Meta + Apple = $630 billion in annual operating income.
They'll react to a change in capital investment faster than anything else.
Wow I didn't know big tech invested so much in the UK!
They aren't making $630 billion per year in money off of those companies, but the operating income means they're getting taxes on that $630 billion (income tax from company and employees, VAT for purchases, etc.) and the personnel working in the UK are probably spending most of that money in the UK (velocity of money theory comes into play here).
The resulting economic benefit for the UK government is enough that they'd notice the drop if all that started to transition away.
Damage to stock value would be the bigger blocker (from both sides of the pond).
Might kickstart some actual competition though, as that happening would create a large hole to fill.
Didn't something like that happen about 15 years ago maybe due to net neutrality? Or maybe it was wikipedia's black outs over SOPA.
Anything else is just an observation and isn't neccesarily true at all.
> The only real information about me is data I produced myself.
Thats copyright law, which is whole 'nother kettle of fish. Its also one I don't know that well
But I'm curious about how far you feel that assertion goes. Ignoring what the GPDR says exactly, how do you feel about the various examples?
I have http request logs from requests that you've made. Do I have to delete them when you ask?
You sent me an email, do I have to delete my copy?
I host an email service for me and a friend exclusively, you request that I delete your data, do I have to delete emails you sent to him as well?
You answered a long thread about an esoteric computing question, hypothetically under the name denvercoder9, do I have to delete that comment? What about the replies to it which quote you?
I have evidence that you committed a crime of some sort, do I have to delete that?
Someone else posted true information about you to my site intended to categorize comments to HN posts. It's someone else data about you, do I have to delete that when you ask?
What if the information is actually false?
Where should the line be drawn, and why?
Common law has the concept of reasonableness.
If you're a single person hosting a simple website, having logs is perfectly reasonable thing to have to check for fraud and other nefarious things.
> You sent me an email, do I have to delete my copy?
Depends who hosts the email server, and is it commercial. Buisnesses need a purpose for holding onto emails, its not reasonable for a non business single person to have one.
> You answered a long thread about an esoteric computing question, hypothetically under the name denvercoder9, do I have to delete that comment? What about the replies to it which quote you?
Thats actually interesting, the only thing that PII is the name, so if the name is deleted thats complying.
> I have evidence that you committed a crime of some sort, do I have to delete that?
There is a specific carve out for criminality.
Oh what's that, you actually just want to control other people's data?
One, the thing you "generate" ie typed out by hand, rather than got a machine to make, is copyright.
Data about you is GDPR
> Oh what's that, you actually just want to control other people's data?
sounds like a projection...
That's the funny or hypocritical thing: Both laws have the same reach but people here tend to praise the GDPR for it while being furious about the Online Safety Act.
That's decades of the public internet that would be permanently erased; billions of dead links pointing nowhere. HN alone would lose ~32,000 images from its archives,
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
Is it not hubris to call it "no loss" if, say, 3 hours ago, "Design of a LISP-based microprocessor / Page 22 has a map of the processor layout:" was forever lost to humanity, as collateral damage to some techbros' dispute?
Decentralization can't arrive soon enough.
https://web.archive.org/web/20230427181813/https://i.imgur.c... (link is already dead at Imgur)
Wayback will have them, as is tradition. A crawl (non IA) has been kicked off to reconcile to ensure maximum coverage of Imgur links on HN.
(Accessing Imgur archives in Wayback is as trivial as a browser extension for your average user; Imgur has raised $60M and only does ~$30M/year, they will eventually be sold or close as the user experience degrades as operators and investors attempt to squeeze more from the enterprise)
https://www.privateinternetaccess.com/blog/internet-archive-...
The government requires that ISPs provide some opt-out adult filtering, but archive.org being blocked seems like an over-zealous third party moderation list, not government censorship.
Personally even if the IA didn't have a copy, I'd still say "marginal loss" and "inconvenient". imgur is just another in the line of image hosting sites that have come and gone. Much of what it hosts isn't actually high value, and isn't actually the sole copy.
Not sure what you're pining for with respect to "decentralization" -- we already have it, nothing stops someone from uploading an imgur image elsewhere, either the original uploader or someone downloading and reuploading somewhere. There are other image hosting sites. And yes, the internet is filled with dead URLs, privatized or deleted forums and discords and twitter accounts that host or previously hosted unique discussion or media, etc. etc. and any number of other minor tragedies. imgur totally dying would be among the least of them.
…
> service
Money is good for goods and services…
If people give them money or cough ad revenue and get the service they want, that’s called a business.
https://ico.org.uk/for-the-public/the-children-s-code-what-i...
Then you look up what the actual regulation says and it's hundreds of pages of pure legaleese (over 100 pages for GDPR, over 300 for Online Safety Act), that you'd need to hire a team of lawyers to parse and interpret to make sure you're not breaking any of the regulations therein.
Maybe, you hope. Unless you've read (and understood!) all of it you can't say this with certainty.
In all likelihood you trust a 3rd party company like Intuit and their team of lawyers to tell you what actually applies to you.
The first 33 pages are reasons why the law needs to exist. 23 pages are instructions for EU member countries and the EU itself.
The remaining legal text itself is spaced out more than any high school teacher would ever allow, and IMO it's also quite light on the legalese. Not enough that I'd feel confident to skip the legal department in my multinational, but it's far from the unreadable mess people make it out to be.
The OSA on the other hand... I'm glad I don't personally serve the UK.
sigh
There is a difference between guidance and regulation.
GDPR isn't that hard to comply with, I know because I helped take a very large Financial News company from 0 compliance to full compliance. the guidance is quite easy to understand: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...
but, why are the regulations 100 pages of legalese? because rich companies, and unscrupulous shits pay money to to lawyers to avoid having to pay fines for breaking the law. You also have to carve out exceptions for things like charities, small organisations, have specific rules for things like health care, and define exceptions based on what are reasonable exceptions when detecting criminality
Say you take "the right to be forgotten", ie, I as someone who banks with Natwest want to close my account, withdraw my money, and get them to forget everything about me (ie stop sending me fucking emails you shits)
Thats simple right? the law says I have the right to have my details deleted.
But what if I committed fraud in that time? what if I am opening and closing, asking for deletion to get round money laundering laws?
And thats why the regulations for data protections are long.
Also GDPR regulations aren't that unreadable. You're most likely a programmer, legal texts are highly structured instructions (ie just like any high level programming language)
However, do not take this as endorsement of the unrelated law that is the online saftey act, which is badly drafted, gives too much power to an under resourced semi independent body, and is too loosely defined to be practically managed in any meaningful way by OFCOM.
I will however stick up for GDPR, because it stops the fucking nasty trade in in personal data that is so rife in the USA.
How many might there be in this case, one wonders? https://www.ycombinator.com/legal/
This is GDPR. So long as they conform to the 13 principles then HN will be fine. Its nothing to do with the online safety act.
For the OSA (which I think is very badly drafted, and poorly enforced by OFCOM) so long as there is decent moderation (which there is), a way to report posts (there is) and the site doesn't persistently host actual abuse, then you're mostly fine.
It doesn't help that OFCOM are unwilling to change the scope of guidance to match the size and type of community.
for example the only thing that can really be classed as PII is my username. does it count as reasonable to request it be deleted?
If the username is removed, and there is no reasonable way to link the user to the comment, then its not PII. I would hope that this is logical because its not personally identifiable. (caveats apply here like if you put your home address in every comment. However is it reasonable to expect a user to do that in a public forum? probably not. )
As you can request that your username is deleted here, and assuming they are deleted properly, then HN is reasonably following the user's request. Hence my assertion that HN is GDPR compliant enough to no worry.
Like, all your posts just disappear?
Most commonly it's the EU fining American tech for GDPR violations and related privacy shenanigans.
an oxymoron.
1. Make sites gdpr compliant by installing an extension or two. 2. Use a vpn to pretend to be not from Europe.
And what is that exactly?
The whole point of corporations is that the company is liable, not its employees. also the shareholders are only liable for the money they put in, and not anything else.
Convictions in the UK are non-transferable. you can't convict a company, then transfer guilt onto its employees, they need to be tried at the same time.
first Durov is a French citizen, so its not like he's immune to french laws
Second france has a totally different legal system to the UK(legal code vs common law)
thirdly, he's the primary owner of telegram, not an employee
Fourthly he was arrested on fraud, money laundering and child porn charges. Those are all criminal charges, not civil(GDPR is mostly Civil, same with the online saftey act, howefver with the OSA "senior managers" could be criminally liable, but again that's for CSAM, of which possession and distribution is a criminal already)
> Seems naive.
I really wish people would actually bother to understand law, because its pretty important. For programmers is much easier, because we are used to reading oddly worded specifically ordered paragraphs to divine logical intent. The law is really similar to programming.
If Imgur never had UK presence, then yeah there would be no teeth. But if you're doing business in a country you can't break the law then leave and expect them to just ignore what you did during that time.
How do you expect the "pull out" to happen? They must have had a UK bank account or similar, whose transfers won't get approved as they're trying to escape from criminal prosecution. Or they'll work with the US to ensure responsible individuals are held responsible.
It isn't exactly the first time someone/something commits crime in a country then try to escape, there is lots of ways to work with others on this.
How so? None is needed to take revenue from UK-seen ads.
May US voters put America First over international law.
I heard here recently during a similar discussion (about 4chan and this same British watchdog agency) that the US does not allow extradition of its citizens for breaking non-US laws if the behavior is legal in the US.
If you're the US you call planes of out the sky that have representatives and owners of the companies on them.
I'm assuming any leadership of Imgur would want to avoid going to the UK for the rest of eternity.
I would do that (after appealing) and be done with it.
American companies are too use to being able to bully their way in America. Some countries do have better consumer protection laws.
That this is even a question is bananas to me. Isn't that handled by the judicial system rather than involving politics/the administration? Shouldn't be possible for the US to have a treaty, and there are questions about if the treaty will actually be enforced or not, how could anyone trust the US as a whole for anything if those aren't enforced?
Whether they can collect the money while Imgur aren't doing business in the UK is a different argument, but it's not particularly controversial that a country can fine a business operating in its jurisdiction for violating that country's laws. Even if those laws are authoritarian bullshit.
after they have infringed the data protection laws.
For example, if I get a parking fine, and then move my car. I can't claim that now that I've moved my car, I'm not liable for the previous fine. This is no different.
The difficulty is getting enforcement; in practice, what happens is that the fine is put down as outstanding and if any executive or employee of the company enters the country, they're arrested and held hostage until the company pays up (or are held directly responsible for whatever the company is accused of). Most countries usually have corporate presency laws to avoid this sort of scenario though.
Alternatively, the judgement can be enforced through diplomatic channels, but that's a giant clusterfuck and unlikely to succeed unless it's something that's very blatantly a crime in both countries, since it's effectively retrying the case. (And even then it can depend on if the country just doesn't feel like cooperating for that specific case, for no other reason than spite; France for example is fond of doing this.)
Even for local companies. I had a UK ltd company and it got some fines for not filling in the correct forms but you can just close it down still owing money, which I did, and there's no liability for the director(s).
Why should a US company harm UK citizens just because they're in the US?
If you want to serve a market in another country you have to follow their rules.
In this case, Imgur have been misusing UK children's information. Considering the laws are pretty similar, I suspect they're misusing EU children's information too.
That's the OP's question. Bluntly: if I'm here, and they're bloviating over there, what can they actually do about it?
This is quite a slippery slope. If I host a website in one country, I do not necessarily care where people access my website from. It is not like I actively provide a service to them - they just use internet (decentralised network) to access it. What if I publish a newspaper here, someone takes it where the contents are illegal, am I accountable?
There was a period a couple hundred years ago when it was all the rage internationally to write constitutions. Lots of countries got constitutions within a few decades, and almost no constitutions have been written since then. I wonder sometimes how the internet would be different if it were implemented in an era or culture in which people believed in that sort of thing.
It could be written into blockchain to avoid this, as I hear that is quite popular nowadays.
That is in essence already in place just for CSAM. We just pretend the internet is a free for all in all other cases.
It's not about "hosting a website", it's about providing services.
If you provide services, like selling a newspaper, in the UK, you need to respect their laws, or you will suffer the legal implications of not doing so.
And regarding the accountability, it refers to the fact that imgur USED TO provide services in the UK:
> We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law, and our investigation remains ongoing.
Companies providing services outside the UK can infringe all the UK laws they want, the UK doesn't care.
But as soon as you decide to provide services in the UK, you have to follow the law. And, as they explain in the article, if you break the law, stopping to provide services in the UK will not absolve you for your past wrongdoings.
UK legal imperialism is self centered and unrealistic and undermines speech the world over.
I’m not happy with extraterritorial assertions over internet services either, but you can’t wish them away with sophistry about “we’re not providing services to them!” if you’re happy to take their money and serve them a page in exchange. That’s the definition of a business providing a service to a customer.
It’s completely absurd to say that some hobbyist would have nexus in the UK because they run a Google Adwords campaign to get some occasional pocket change from their project. Pre-Internet, it would be like going after a US magazine because someone brought home a copy from the US. Websites are not global entities by default, somehow responsible for obeying laws across nearly 200 national jurisdictions and many more state/provincial/local jurisdictions, across different languages and legal customs. Completely absurd! Who do you think you are to demand such a thing?
On the other hand, I think it would be perfectly fine to say that UK domiciled ad networks cannot put their ads on sites that violate some arbitrary standard. (An anti-freedom law to be sure, but at least it’s consistent with common international conventions.) This puts the onus on the ad network, rather than the site owner, who may not know or care who is visiting or from which country.
543 more comments available on Hacker News