That this doesn't align with the free-for-all that was the WWW for the first two and a half decades doesn't change that, morality isn't all that hard and each and every company that crosses those lines is very much aware of it. These are not accidental misinterpretations of the law by any stretch of the imagination, they are wilful abuse.
While i do believe in being privacy conscious, i don't believe that this will be the case anytime soon (or at least until a generational shift happens). No business is interested in having to suddenly comply with such regulations and essentially no longer being able to utilize the data of individuals however they please.
Ergo, corporate interests will probably lead to lots of lobbying in this regard, just look at what happened with net neutrality and the advertising around it.
> Operating in the EU is not a liability if you treat your users data in a respectful and responsible way.
I think that all of this boils down to profit margins and viewing people as just numbers on a sheet somewhere, to extract wealth from. Just look at how scummy many of the cookie banner implementations are, designers being paid to implement as many dark patterns as possible, at least up until lawsuits started.
Just to pick up on this clause - it really needn't have been sudden. The regulation was adopted just over 2 years before enforcement kicked in[0], and of course it was written and debated for a while prior to that. In the UK the ICO researched the implications (for what were then just proposals) back in 2013[1]
[0] https://en.wikipedia.org/wiki/General_Data_Protection_Regula...
[1] https://ico.org.uk/media/1042341/implications-european-commi... (PDF)
jesus christ. enough with this bullshit.
Data protection laws had been a thing in European countries for a decade before GDPR.
GDPR itself gave everyone two years to comply.
GDPR was published in 2016, five years ago.
There's no effing "suddenly". If this is "suddenly" for your business, and your business still hasn't figured out how to not collect (and probably sell) user data wholesale, your business deserves to be sued out of existence.
> Just look at how scummy many of the cookie banner implementations are
Yes. And all of those cookie banners are illegal under GDPR.
> No business is interested in having to suddenly comply with such regulations and essentially no longer being able to utilize the data of individuals however they please.
Indeed, hence the need for regulation.
> Ergo, corporate interests will probably lead to lots of lobbying in this regard, just look at what happened with net neutrality and the advertising around it.
Sure. But since EU citizens will be enjoying those protections and US citizens will not eventually this will translate into an advantage for companies doing business from the EU and into the US. For that reason alone there will be a big incentive for the US to make a law that is symmetrical to remove this advantage.
> I think that all of this boils down to profit margins and viewing people as just numbers on a sheet somewhere, to extract wealth from.
This is a big factor, but not the only factor: data that is in isolation worthless can become very valuable or even dangerous when combined with other worthless or innocent data. There are plenty of examples of this. The balance clearly lies in protecting consumers from the fall-out of these and the more purposeful abuses. This is a matter of raising consciousness about what rights you already have, not necessarily of giving you new ones.
> Just look at how scummy many of the cookie banner implementations are, designers being paid to implement as many dark patterns as possible, at least up until lawsuits started.
Agreed. The EU did the right thing with the GDPR, it laid bare how many companies were outright scandalous in how they were dealing with the data that they were entrusted with, they were bad stewards and it is good to see this level of enforcement because that means that companies will wise up to it and find better - and cleaner - ways of monetizing their products and services. Once they have those they will realize that regulatory capture can be theirs if they lobby for these rights to be extended to everybody.
The EU is too large a market to miss out on.
The banner is stuck on the screen and usually has a button captioned: Learn more, instead of the cancel or deny button.
I just want the damn banner out of my face. How long before browsers automatically hide (default deny cookies) the banner and give the user a way to expose it if they wish?
I feel abused and manipulated as a user when they use these dark patterns--which the law, to my knowledge, expressly prohibits.
Except it's literally the other way around. EU companies will be at a disadvantage because they cannot use the data to neither improve their service or to monetize it in some way.
>The EU is too large a market to miss out on.
Is it? Then what does that make China and the US? Or the rest of Asia? They don't seem to make nearly as many rules that require a service to change the entirety of their monetization system. If companies have to agree to EU terms then why wouldn't they do the same to China? After all, it's too big a market to ignore.
The EU keeps making more rules for all kinds of things. Eventually this is going to catch up with us - if it hasn't already done so. The EU isn't exactly the tech center of the world nor does it seem to have a great trajectory or bright future. When it comes to tech all we seem to have is cars. Everything else is foreign developed, designed, and manufactured.
Given the lack of similar regulation in the US despite the situation being so bad that unsolicited spam subsidises the postal service and that even government agencies sell user data I’m not sure there is a desire for this from the general population.
It doesn’t help that politicians rely on a lot of what would breach the GDPR to help their reelection such as targeted advertising and unsolicited (and often misleading - pretending to be written by the official itself) email and phone campaigns.
This would effectively make political interests entrenched even more on the internet, because they'll see it as worthwhile to make free services. They get to feed you politically slanted ideas - just like free political newspapers.
>Operating in the EU is not a liability if you treat your users data in a respectful and responsible way. Common sense alone would answer your questions on what is and what isn't allowed in the vast majority of the cases.
Relying on common sense is playing with fire. Common sense says that with this many people using the services of these companies that people are okay with what these companies are doing. That's not what GDPR says and that's not something I had any vote on or anything like that.
You might prefer the cable TV model, but I prefer YouTube. I like that I don't have to pay anything to go look at a large variety of topics. Far more than any paid service would ever provide.
There are many ways for websites and apps to make money, and if you can't then maybe you simply shouldn't.
Even with tracking ads get the language component wrong frequently. Unskippable ads in a language you can't understand is even worse than normal.
This is too general of a statement. The majority of people in the US don't care about digital privacy and do get positive value.
Ah yes. The unsolved issue of businesses making money without wholesale collection and sale of user data.
No business ever made money until collecting and selling user data became possible.
The EUs definition of the proper way isn't a universal definition and it conflicts with the way I view that data should be treated.
