Otherwise, I would love to hear which part of my comment was orwellian in nature?
The concept of the rule of law was invented primarily in countries that now belong to the EU. Is there no one left there who still thinks it's important? It's not even that people argue "the GDPR couldn't be less vague without loopholes, and this is important enough that it's worth the cost". The idea that a powerful human's best attempt to objectively apply stable, published rules is generally better than a powerful human's unrestrained discretion just seems foreign to most commenters here.
If you ran an organization publicly associated with George Soros in Hungary (whose prime minister has described him as an "enemy of the state"), then would you still feel good relying on your friendly relationship with the government? What steps would you take to comply with the GDPR as it's currently written, if you couldn't rely on the goodwill of the people interpreting it? With a sufficiently corrupt government, there's nothing you can do; but the point where a judge will accept an obvious lie tends to come long after the point where a regulator lets politics disambiguate a vague standard.
If you produce a device that accidentally violates FCC guidelines, would you rather be immediately punished to the extend of the regulation or rather work with the FCC to rectify the issue and how to fix it for affected customers?
The other reason is that yes the GDPR is vague. It must be because in the past corporations have abused loopholes and the only way to prevent people abusing loopholes without punishing people who don't abuse them is to make it vague and then decide on their behaviour.
And again, these are corporations, legal persons. They don't even have the remotely same rights as a natural person.
The EU lets every police force in the EU, or in Interpol request data interception. That is a LOT of organizations, and of course, they got caught doing abuse just the same. But, for instance, the default practice in the US is that you get told your phone is tapped (yes, really), unless the police explains to a judge why not (nearly always), BUT in that case you still get told afterwards. This does not exist in the EU. You will never be told you got tapped.
Second, in the US, the provider looks at the order, verifies it with the proper authorities, and decides for itself on scope, reasonableness, ... etc. In the EU, nope. If an order is received the only actions that a provider can take must be technical in nature. In theory an employee that does the actual tapping of the phone can't even tell his manager he's tapping phones, and definitely he can't tell anyone which phones are to be tapped or why (nor is there any obligation on the part of the requesting force to tell him why, but it is a field on the form). In many countries, this can be done without judicial oversight, or in nearly all cases with only very, very light oversight. This, to me, is far more worrying than the situation in the US.
If a local police officer in Latvia wants to tap the phone of anyone in the EU, he just has to fill out a form and fax it to interpol.
This is even weirder given that Europe has actual experience with abuse of surveillance powers, everywhere from Germany Eastward, as well as during WWII. They KNOW what can go wrong, they just have to ask their parents or grandparents to find people who were actually exposed to this. And yet ...
Next we find out that large-scale spying on the own population is done in, at least, UK, France, Germany, the Netherlands ... and not a peep. This was barely reported in the local media, in fact. We all know that most other countries are going to be worse than these, not better. And, of course, they cooperate with the NSA as well.
Hell, the US has reporting on how much they spy on their own citizens (in fact, that's the source of most of the outrage). No such stats in the EU. Nobody, not even the police forces themselves, feels the need to have the most banal, basic level of transparency.
Clearly when it comes to spying the EU is of the opinion, them, yes, perfectly allowed. Think of the children ! I mean, clearly these guys do not believe in privacy.
So yes, it is very Orwellian when they just request that you work with them on the privacy of their citizens. Clearly the result they want is not actual privacy and protections for their citizens.
If they believe in privacy protections, they have a lot of state agencies that they need to attack for not having any decent respect for privacy, as well as the fact that what few protections do exist only exist in a vast complex tangled web that errs on the side of violating people's privacy. And that's ignoring the fact that privacy protections have been systematically eroded further and further in Europe (e.g. recently in Germany).
They actually do, the german police for example, generally destroys any video or image footage they make after 24 hours if there is no reason to believe they would help solve a crime.
I can't say anything about Latvia but in germany atleast the privacy of letter and remote communication is heavily protected and usually not granted lightly (exceptions being stuff like actual nazis)
People are definitely aware of the past and there is always a lot of outcry whenever a new law attempts to encroach on that territory, politicians have destroyed their careers with such proposals.
>And that's ignoring the fact that privacy protections have been systematically eroded further and further in Europe (e.g. recently in Germany).
Please note that the BND, the german intelligence service, recently shutdown a surveillance program after several thousands of people requested the deletion of their datasets.
>You will never be told you got tapped.
I don't understand why you should be told that the police is trying to get evidence of you doing a crime? Or someone else's crime?
Again, we have different laws and legal systems (!) in the EU up to and including not having the US constitutions. I think it would benefit the conversation if you recognize these differences instead of applying american laws and principles on the EU.
I run a company based in the UK, but I myself am American and most of my business experience is in the US. Despite that, I honestly have had no issues adapting to the GDPR. Considering that the business I operate has systems specifically designed to store as much data on people as possible, I find it absurd other businesses are unable to handle user/client data responsibly.
That said, I cared about privacy BEFORE GDPR and intended to act responsibly regardless of regulation.
