undefined | Better HN

0 pointsAlanYx1y ago0 comments

The report is critical of both actually (the regulations themselves as well as fragmentation in compliance and enforcement).

0 comments

izacus1y ago

It is, but pretty much every single takeaway from even other points (energy, defense, etc.) comes back much strongly to the fragmentation of interpretations, enforcements and laws across the member states than the existence of regulation itself.

Of course, haters of regulation will probably ignore this part and focus on the "GDPR bad" narrative :)

AlanYxOP1y ago

That's a strong theme, but it's not the only one. For example, there are three main points made about the GDPR in the second document:

- frequent changes in interpretation over time;

- the extra burden added by national transposition and enforcement, including local "gold-plating"/divergence; and

- the proportionally higher regulatory burden faced by SMEs and small mid-caps compared to larger companies.

The second point is squarely about fragmentation but other two touch on more core issues. Fragmentation does affect the other two, e.g., with multiple local DPAs there will be an inevitable ratcheting effect of what's required by the GDPR if an org wants to operate across the EU, but some of it is not related to fragmentation. Privacy Shield was supposed to provide a pan-EU GDPR-compliant framework but got killed, now people are saying that the EU–US Data Privacy Framework is going to get shot down too, leaving data architects in the dark on how to comply. That uncertainty is going to exist even if all the DPAs get coalesced into a pan-national entity.

j / k navigate · click thread line to collapse