This law has been in application since 1978 [1]. And in 2018, we have adtech companies like Criteo. [2] I have one of my best friend who started his adtech startup in France. Everything is good.

There's is a lot of implicit contracts (you filled up our sign up form? Well, then you chose to give us your data. ...) The only things you have to do: know which data you collect and give the ability to people to update/delete their data. That's all.

I don't understand the fear. I don't understand what is "vague" about it. It's so simple and low barrier that Microsoft decided to make it the rule for all of their users. But thanks to the hysteria, they made a PR stunt out of it.

--

[1] https://en.wikipedia.org/w/index.php?title=Data_ownership&ol...

[2] https://en.wikipedia.org/wiki/Criteo

They tried hard rules, rather than principles with the cookie laws and the companies around the world turned a good idea into a shit-show of popups while continuing to behave like nothing happened.

Honestly the more I read and the more I see how different business react I start to view the GDPR as EU finally showing that will not accept businesses viewing it as a second rate legislator.

The GDPR and reactions to Trumps policies an EU that is finally starting to behave like it's representing the best interest of 500 million people.

What is poorly written about it?

> there must be clear paths to implementation and verification.

There are.

>Perhaps that should've been fixed instead of wondering why so many companies don't really want to deal with it.

There's nothing to fix, and I'm going to assume you can't even name 3 things since your post is just an extremely vague talking point.