>I feel like you’re making a bigger deal out of this than necessary, unless you’re doing some shady stuff with our data.
This sentiment and the hilariously large fines (regardless of company size, even) on relatively-ill-defined requirements make the whole GDPR process feel like it was designed to bully businesses into compliance.
Some pieces of GDPR are definitely for the benefit of the end-user (at the expense of companies, who happen to be providing those users other benefits). It all feels really heavy-handed, though.
Not to mention a little reminiscent of the problems that occur with other "bans" (which, this effectively is). When you put heavy legal restrictions on doing X (where, in this case, X is storing and processing data that you assumedly use to provide a service for users), you're effectively hurting the legitimate businesses most (_especially_ small ones) while the real "bad guys" that are actually doing bad things with our data are going to continue ignoring the law. There might be some value in-between, but I doubt there's much.
>This sentiment and the hilariously large fines (regardless of company size, even) on relatively-ill-defined requirements make the whole GDPR process feel like it was designed to bully businesses into compliance.
>Some pieces of GDPR are definitely for the benefit of the end-user (at the expense of companies, who happen to be providing those users other benefits). It all feels really heavy-handed, though.
The GDPR isn't vastly different to the old Data Protection Directive, which has been in force since 1997. The panic over GDPR suggests that a lot of companies had simply been ignoring the DPD. If a bit of bullying is required to get businesses to obey the law, then so be it.
> while the real "bad guys" that are actually doing bad things with our data are going to continue ignoring the law.
This is already happening without the GDPR (carders, dumps, etc), so I don't buy it. The black-market analogy (e.g. illegal drugs) also doesn't hold when applied to companies.
> the hilariously large fines (regardless of company size, even)
Oh no, proportional fines! How socialist!
The whole point is to make it somewhat independent of the company size, so bigger companies won't just swallow the fines. This is typically what Google et al do, they just factor it in to the cost of business. The GDPR wasn't written in a vacuum.
This sentiment and the hilariously large fines (regardless of company size, even) on relatively-ill-defined requirements make the whole GDPR process feel like it was designed to bully businesses into compliance.
Some pieces of GDPR are definitely for the benefit of the end-user (at the expense of companies, who happen to be providing those users other benefits). It all feels really heavy-handed, though.
Not to mention a little reminiscent of the problems that occur with other "bans" (which, this effectively is). When you put heavy legal restrictions on doing X (where, in this case, X is storing and processing data that you assumedly use to provide a service for users), you're effectively hurting the legitimate businesses most (_especially_ small ones) while the real "bad guys" that are actually doing bad things with our data are going to continue ignoring the law. There might be some value in-between, but I doubt there's much.