Honestly, more and more I'm starting to think GDPR is just an excuse to fleece "evil foreign tech giants". It's a set of arbitrary rules with vague and selective enforcement that seems not to be completely understood even by the legislators who wrote it, as demonstrated by legislators not knowing the answer to the simple question: Are pop-up consent forms acceptable. It's whatever the bureaucrats don't like that day really.
Guess some US company will have to go to court (and subsidize the European Legal Industry doing so) for the privilege of figuring it out.
It wouldn't be so comical if FAANG wasn't full of European devs who chose to innovate in the Valley, probably to escape this very bureaucracy.
Doesn't seem arbitrary to me. It might be cultural though. Somehow the need for privacy is just not something that is in the lived experience of eg many Americans, apparently.
Say we've learned over time that the color purple is really dangerous and needs to be regulated (work with me here for a second) .
Now try explaining "Purple Considered Harmful" to someone who is colorblind. The fact that suddenly grape juice is bad, but orange juice is good... weird. Or the fact that you'd not be allowed to mix tomato ketchup with blueberry jam. And you'd just randomly get fined for trying to sell that "dark green" sweater. Madness!
It would all seem quite arbitrary to the color blind person. Meanwhile someone with color vision would instantly see that all those things are purple, and thus clearly harmful.
The example might seem bit contrived, but something similar might be going on with the European concept of privacy.
People have been hurt due to PII issues in recent history, so one would like to keep control of PII. But try to explain that tingling spidey sense that has kept one's family alive in the last century to someone who has never encountered Nazis or Soviets before, and has instead lived a life of unfettered freedom. That might be rather difficult. Especially if you can't get the base concept across, and need to do it in terms of (very arbitrary seeming) examples.
Honestly, if you fail to comply with GDPR, you probably failed to comply with laws stretching at least back to 1995. GDPR mostly changed ability to hunt down violations, and further harmonised and clarified laws that were already in force. It's easier to comply in post-GDPR world than before it, and there's general guidance for let's call it "honest mistakes" as well as coverage on some internet-specific issues.
And Valley is pretty much there because when the long chain of capital-hungry events was building it up, we were still rebuilding from last war while funding preparation for take three thanks to Truman.
Honestly, more and more I'm starting to think GDPR is just an excuse to fleece "evil foreign tech giants". It's a set of arbitrary rules with vague and selective enforcement that seems not to be completely understood even by the legislators who wrote it, as demonstrated by legislators not knowing the answer to the simple question: Are pop-up consent forms acceptable. It's whatever the bureaucrats don't like that day really.
Guess some US company will have to go to court (and subsidize the European Legal Industry doing so) for the privilege of figuring it out.
It wouldn't be so comical if FAANG wasn't full of European devs who chose to innovate in the Valley, probably to escape this very bureaucracy.