One Year Into The GDPR: Can We Declare It A Total Failure Yet?
from the click-here-to-pretend-we-respect-your-privacy dept
Tomorrow will represent a full year since the GDPR went into effect. In the run-up to the GDPR, we called out many of the problems with the regulation which, while well-intended, did not seem to deal well with the nature of the internet, speech, or what privacy actually means. In the year since, we've posted numerous stories highlighting the negative consequences of this poorly considered law.
Whenever we do that, however, many of the law's defenders insist that these unintended consequences are a small price to pay for either protecting our privacy or reining in the internet giants. So, it does seem worth investigating whether or not the GDPR has done either of those things. And, so far, the evidence is sorely lacking. Indeed, on the question of dominance, we pointed out late last year that the early returns suggested that the GDPR had only made Google more dominant, which hardly seems like a way to punish the company.
And now that we have more results, it seems more and more people are realizing that the GDPR has been an utter failure. As CNBC notes in its evaluation of the law, it's hard to see how the GDPR has resulted in any benefits to the public. Instead, it's just created a big mess:
...one year later, GDPR hasn’t lived up to its potential.
Among some consumers, GDPR is perhaps best known as a bothersome series of rapid-fire, pop-up privacy notices. Those astronomical fines have failed to materialize. The law has created new bureaucracies within corporations, and with those, tension and confusion. And it’s unclear if the EU data authority that oversees the law is adequately staffed to handle its demands.
In short, from the user side especially, all the GDPR has done is made people constantly need to click on annoying privacy and cookie notices that they don't read and don't find useful at all. This shouldn't have been a surprise. We've pointed out for many years that the entire concept of a privacy policy is backwards. It creates a situation where no one actually reads it, and it doesn't do much to protect anyone's privacy. I head someone recently note that they should really be called "data exploitation policies," and that, at least, would be a bit more accurate. But still wouldn't get anyone to read them or better protect anyone's privacy.
And, as Politico has pointed out, it appears that not only has the GDPR made the big tech companies more dominant, it's now laid out the rules of the road by which they can introduce even more privacy-destroying offerings:
New forms of data collection, including Facebook’s reintroduction of its facial recognition technology in Europe and Google’s efforts to harvest information on third-party websites, have been given new leases on life under Europe’s General Data Protection Regulation, or GDPR.
Smaller firms — whose fortunes were of special concern to the framers of the region’s privacy revamp — also have suffered from the relatively high compliance costs and the perception, at least among some investors, that they can’t compete with Silicon Valley’s biggest names.
“Big companies like Facebook are 10 steps ahead of everyone else, and 100 steps ahead of regulators,” declared Paul-Olivier Dehaye, a privacy expert who helped uncover Facebook’s Cambridge Analytica scandal. “There are very big questions about what they’re doing.”
This entire approach is backwards and silly. If we want to have better control over our privacy we're not going to do it through demanding better privacy policies, or confusing data protection laws. We need to create the incentives to put the actual control of the data back into the hands of the users. And that doesn't just mean a right to download your info. It means that you have full control over your data and get to control what apps and services can access it and for what reasons. That's not the world we have today, and nothing in the GDPR gets us any closer to it.
And the answer is not "more enforcement." That just locks in the big companies even more and continues to present the roadmap to "follow" the rules, or to work the refs. Instead, if we moved to a system of protocols instead of platforms we could decouple the data from the service, putting real control of the data back in the hands of end users. Then things like privacy policies and GDPR enforces wouldn't matter so much, because we'd have direct control over our data.
Instead, all we have is a massive law that has harmed startups, entrentched big companies, failed to protect privacy and just served to annoy most users.
The reality is that many people, in order to save time, simply click “OK” on the never-ending stream of pop-ups and most everyone I spoke to confess that they just move on when unable to access the desired website. Or, as one Twitter user told expressed, “I read a lot fewer articles in US papers/magazines.”
And, sure, there have been a few fines of internet companies, but as recent GDPR complaints show, there does not appear to be any way to actually fully comply with the GDPR, which makes it a particularly useless law. If you can't actually comply, if it's not actually protecting privacy, and it's just annoying users and creating more bureaucracy, what good is it?
Meanwhile, Alec Stapp has collected a ton of stories and examples of the GDPR's negative impact. It notes much of the stuff above, but also highlights just how damaging it's been to innovation on the whole:
Startups: One study estimated that venture capital invested in EU startups fell by as much as 50 percent due to GDPR implementation. (NBER) Mergers and acquisitions: “55% of respondents said they had worked on deals that fell apart because of concerns about a target company’s data protection policies and compliance with GDPR” (WSJ) Scientific research: “[B]iomedical researchers fear that the EU’s new General Data Protection Regulation (GDPR) will make it harder to share information across borders or outside their original research context.” (POLITICO)
So now that we've had a year, can we admit that the GDPR has been a total failure by almost every possible measure? Supporters of the law will say to give it more time, or to say we need to "improve" the rules, but it should be obvious by now that the entire approach is the problem, not the implementation.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: censorship, competition, compliance, data protection, dominance, eu, free speech, gdpr, privacy, tech
Reader Comments
Subscribe: RSS
View by: Time | Thread
I just realized that I only saw those for a short time, and my adblock has been hiding them.
I thought the websites were not required to continue warning users, but I was wrong.
But, if I never clicked on those "OK" buttons consenting to be tracked, does it means that those sites accessed using an adblock are violating GDPR?
Where can I report them?
[ link to this | view in chronology ]
GDPR
Google's Dominance? Pyrrhic Result!
[ link to this | view in chronology ]
Re: GDPR
I believe it's the law of Kamphuis: If the lawmakers keep failing, it's not because they are stupid, but because they have other goals.
[ link to this | view in chronology ]
Re: Re: GDPR
Thank you for saving us tinhatters time with your general concensous about lawmakers other goals. I concur.
[ link to this | view in chronology ]
Eyeballs, not products
The big problem is that the Internet platform companies aren't offering products to users, they're offering eyeballs (users) to advertisers either directly or indirectly. As long as that's the case, their incentives will always favor working around any privacy regulations strongly enough to offset any incentives to behave otherwise.
If the carrot doesn't work, use the stick. Make it the law that personal information and data is owned by the user who generates it and the default is that no other entity has the right to collect or distribute it. Make statutory damages and legal costs and fees mandatory if a violation is proven. Then spike the guns of "privacy policies" and "terms of service" by setting a requirement that any collection or distribution of personal information requires the express consent of the user for that specific use, after having been clearly informed of the nature and extent of the data collected and it's use, and that any agreement that does not conform to this requirement is expressly contrary to public policy and not just void but flatly illegal.
I don't see the politicians going along with that though, there's too much money involved.
[ link to this | view in chronology ]
Re: Eyeballs, not products
Supporters of the law will say to give it more time, or to say we need to "improve" the rules, but it should be obvious by now that the entire approach is the problem, not the implementation.
Way to be that guy...
[ link to this | view in chronology ]
Re: Eyeballs, not products
You take the privacy out of the hands of those seedy schmucks who sell it to much shadier billionaire bum corporations and there will be no incentive because advertising money will become disinterested. Seedy governments get our privacy for free and its funny how they never become disinterested in it.
[ link to this | view in chronology ]
You always set up straw-men goals so you're "right".
First sentence of good technical writing should state your premise. I can't skip over 3rd word. You go into your own "Red Queen" world in which words mean what you want them to:
Oy. In the real world, "represent" is academese for perhaps "make" or "mark", and is wrong usage.
Similarly, rest of text is written to support your notions, particularly to blame "those" and "some", who are always wrong when you write.
Now, let's look at results.
1) Overall, it's not the meltdown that you predicted. So you're wrong on "the sky is falling". You have your usual three anecdotal data points. Even here, when's the last time anyone complained?
2) Your premises and beliefs never admit of the possibility that GDPR actually is written to lock in the giants, because the EU is only a globalist front for the new soft fascism. That's clearly so. As a trained "economist" your duty is to flatter The Rich and their corporations; always write for two audiences, one of which doesn't understand that they're the suckers, so again has the celebratory HA, HA tone.
3) The one area we might agree is your notion that GDPR is wrong-headed on its "opt out" basis... Since only "opt IN" can work and it'd wreck GOOGLE's whole "business model", I'm sure you don't go along on the obvious solution.
4) "So now that we've had a year, can we admit that the GDPR has been a total failure by almost every possible measure?" -- No, you're still not right on #1 and tactitly excluding #2 for which it's adequate incrementalism and so a "success".
5) And as always, for "solution" you have a yet more complex magic to suggest, which only academics grasp and to implement at all would take another decade, to REALLY allow the big criminals to entrench without any interference:
It's a false position because pure fantasy: "a system of protocols" is just academese meaning STALL FOR TIME.
In sum, 1) you're WRONG that caused a collapse, 2) as always you're actually protecting Facebook / GOOGLE'S surveillance capitalism, and 3) claim that your fictional notion was way to go, making you "right all along", as ever.
My way: take a meat ax to anything big, break up into tiny pieces and TAX at over 100 percent if necessary. Only valid theory and only way ever proven to work.
[ link to this | view in chronology ]
Re: You always set up straw-men goals so you're "right".
Isn't GDPR protecting Facebook and Google? They're the only ones who can truly afford to comply with the law, right?
[ link to this | view in chronology ]
Re:
My way: take a meat ax to anything big, break up into tiny pieces and TAX at over 100 percent if necessary.
I'll anticipate you using this approach for the RIAA.
Just to spoiler a little, I won't be holding my breath for this.
Also just because, Shiva Ayyadurai didn't invent email.
[ link to this | view in chronology ]
Re: You always set up straw-men goals so you're "right"
Linda Rompe -- now there's a n anagram of palindrome for ya
[ link to this | view in chronology ]
Re: You always set up straw-men goals so you're "right".
It's a false position because pure fantasy: "a system of protocols" is just academese meaning STALL FOR TIME.
So instead of stalling for time, trying to reach a solution to this problem, we should just go with a (at best) useless law, just because it does something.
[ link to this | view in chronology ]
FUD
Sorry guys; speaking as someone who actually had (and has) to do this; a year on the positive column more than outweighs the negative. In my business the road to compliance has vastly improved not just the direct management of personal data but also business processes as a whole and greatly improved security awareness.
Looking a number of the so-called negative points above clearly many of them are 'as expected' or actually good news. M&As failing with businesses over concerns of GDPR practices? Seems a sign that it's working well, not badly. Some people seem to have forgotten that in market economies some business need to fail; this is a good thing!
I also like the take-away that “There are very big questions about what they’re doing.” Indeed. Clear proof that it IS working.
[ link to this | view in chronology ]
Re: FUD
As a (reluctant and unwilling) privacy professional who doesn't need the work, you are spot on. The state of personal data management in almost every enterprise before GDPR was abysmal. Certainly firms that had to comply with COPPA had some practices in place, but there's a reason everyone who could ran screaming from COPPA compliance for the last decade.
The very fact that businesses now have the procedures in place to even know what data they have and where it is going is a fundamental sea change and GDPR is responsible. I'll be the first one to say that it's horribly drafted, overbroad, and relies on a number of terrible premises and assumptions, but a total failure? It's doing exactly what it was intended to do (among many other things).
[ link to this | view in chronology ]
Re: FUD
It's also causing problems. Last year the main forum boards for Minecraft were sold to a larger company, and nearly 30% of the threads/posts had to be deleted. Why? Because GDPR requires that users opt-in to the transfer of their data when a company is sold, and between inactive users, people running adblock, and not responding to emails from the forums and very large chunk of game history has been flushed down the tubes.
I'm not saying that there aren't good side effects of GDPR, because there are. And in some cases the direct effects are good too. But IMHO the regulations painted with far too broad of a brush, and we're only just beginning to see the unintended consequences of what many feel is a very poorly written set of regulations.
[ link to this | view in chronology ]
Re: Re: FUD
I'm pretty sure that in the case you state it would have been perfectly fine to simply "anonymize" the posts.
[ link to this | view in chronology ]
Re: Re: Re: FUD
Even if you didn't the posts were no more revealing of the person behind the keyboard than they are right here. Nobody posted their names, addresses, etc on those forums.
This isn't a case of the GDPR going too far. It's a case of misunderstanding the GDPR.
[ link to this | view in chronology ]
Re: FUD
..greatly improved security awareness..
That ain't the same thing as 'greatly improved security.'
[ link to this | view in chronology ]
*facepalm*
Why do you Americans insist that all the EU wants is punish the US companies because they're more successful than European ones? Again, the point is NOT to "punish Google". The point is to allow us to have privacy. If it makes Google weaker, so be it. If it makes Google stronger, so fucking be it. As long as I get my privacy, any impact on Google's dominance is utterly irrelevant.
Like with the previous "cookie law" and "cookie notices", that's not a consequence of GDPR, that's a consequence of not following GDPR. GDPR has not done that to people, sites braking the law have done it to people. Eventually, either those sites will get fined and stop doing that, or there will be a new law, with even more teeth and less leeway.
FFS, Mike. https://gdpr-info.eu/recitals/no-32/ (emphasis mine):
Oh my, that looks like if you blindly click through, you're protected by GDPR. It's literally the opposite of what you're complaining about!
https://gdpr-info.eu/art-7-gdpr/ :
And so on, and so forth. You do make a few good points, but it seems to me that most of your arguments are inconsistent, and not based on what the law does but on what you think it does.
You complain that potential fines could destroy companies, and you complain that no companies were destroyed for breaking the rules. The entire point was to for fines to start small, then if companies don't clean up their act, gradually ramp them up until they really start to hurt. In fact, I believe I read an article or two where you pointed out the uselessness of "slap on the wrist" fines (of course, you weren't talking about GDPR).
You see companies doing things "to comply with GDPR", and you complain that GDPR is wrong and there is a better way. However, those companies are actually not in compliance and GDPR is really close to what you want.
You're arguing about short-term negative economic impact without any attempt at looking for a positive impact. You could do a very similar analysis about, say, environmental regulations.
You're arguing that since the entire Internet didn't become a privacy haven in one year, it means the GDPR failed. Aren't you underestimating both the inertia of 3+ decades of Internet free-for-all, as well as the molasses-like slowness of federal bureaucracy?
I agree with a lot of your positions. On those I disagree with, I can usually at least see where you're coming from. But your reaction to GDPR has completely mystified me. Must be one of those European<>American cultural differences...
[ link to this | view in chronology ]
Re:
I have to agree with [almost all of] this. The one point that seems a bit hyperbolic is this:
If you scroll through a document without reading it and then click the "Accept" button at the bottom that is still an affirmative action declaring consent. The GDPR does not describe that act as non-consent.
I'm an American but I work for an international company making software products for international companies and governments all over the world. Because our software is public-facing we had to implement GDPR in our products. I was the lead of the team responsible for doing so and, as such, have read the GDPR docs more times than I care to recount in order to ensure our updates would allow our customers to be compliant with the regulation. The whole way-too-long document can be boiled down to just a few points and the cost of this improvement in the products was really rather minimal. All of the changes even make sense for non-GDPR nations because why wouldn't you want to be able to choose how your data is used?
Sure, the GDPR can be abused but what can't? With a little creativity you can abuse literally anything. I believe this regulation has done more good than harm, overall, and has forced the world to start thinking about protection for personal data in ways and at scale that other laws, such as HIPAA, have not. If that has some costs for implementation (which naturally hit startups harder than moneyed, established corporations) then so be it. This is known as progress and is a natural consequence of new technology becoming established technology.
[ link to this | view in chronology ]
Re: Re:
Regarding this: how would a registry (like Robinson List) where you set out what and what not can be done with your data in general terms (tick a few boxes or even write a text), some kind of "Privacy Will" that would override anything you have clicked on a site/service?
In the end, the point is that nobody reads those notices because you don't feel like reading legalese every time.
What about only reading legalese once (with maybe counselors to guide you through that) where you set in stone your privacy settings?
Of course, you can change them later on, but instead of having to tick every time, you tick once and it's now the service operator's job to check that registry and decide whether he wants to have you as his customer/visitor or not.
And yes, if this makes startups harder or Google stronger, so-fucking-be-it. I want full control of my privacy and personal data, and if I say that you can't use my phone number for commercial purposes, you can't.
No buts, ifs or whats.
And of course, the effect is retroactive. If I realize that I don't want my phone for that, any previously given consent is null and void.
Oh, and btw, I'm fine with destroying businesses for failing to protect my privacy or selling me out.
Privacy is a fundamental right. If my data, choices or opinions end up in wrong hands, it might cost my job.
Or worse, my life at a later date if the political situation in my country turns dire.
I think we are mistaken if we think that protecting our privacy is only about not having ads or spam calls.
[ link to this | view in chronology ]
Re:
And has the GDPR succeeded at this goal?
Have you made an attempt at looking for a positive impact? Because I don't see any examples in your post.
[ link to this | view in chronology ]
Ah, something isn't a flawless panacea, therefore it should be written off as a failure. Good to know.
Meanwhile I'll be over here enjoying the countless sites and services, big and small that have had no problem complying with the law.
[ link to this | view in chronology ]
Re:
Thank you for clearly labeling your strawman.
[ link to this | view in chronology ]
GDPR failure or success
Dear Mike,
As European citizen, I consider the GDPR a success:
There is much more awareness -- worldwide -- about privacy. Partly because of the GDPR and it's 25 year old predecessor.
Your remark that no companies have gone bankrupt has been debunked by your article [1] on the French regulator requiring Vectuary, a Real-Time bidding company to delete its complete database. Now the Irish DPA is starting an investigation into Google's RTB practises. [2]
Some tinpot dictator silencing a journalist using the GDPR [3], although bad, is to be preferred over silencing with a gun. It's not a failure of the GDPR that a corrupt country abuses it against criticism.
This article [4] makes the case that targeting advertising is bad for both the people as well as the advertisers. Returning to a topical model would bring back profitable advertising revenues to sites, publishers, etc, away from the data tracker. Perhaps that would have made a compelling argument against article 13 of the new copyright directive.
1: https://www.techdirt.com/articles/20181123/09014141092/new-gdpr-ruling-france-could-dramatically-re- shape-online-advertising.shtml
2: https://brave.com/dpc-google/
3: https://www.techdirt.com/articles/20181114/01491541047/yet-another-gdpr-disaster-journalists-ordered -to-hand-over-secret-sources-under-data-protection-law.shtml
4: https://zgp.org/targeted-advertising-considered-harmful/
[ link to this | view in chronology ]
Re: GDPR failure or success
Another small but significant example: the Dutch "Credit registration bureau" (BKR) was forced to offer free registration reports to all citizens.
Companies are even more careful sharing data.
And remember that the GDPR is just the next instance of EU privacy law, with many regulations that were already in effect (in a similar form) for decades.
[ link to this | view in chronology ]
Let me turn this around - what do you think would happen if, one year into someone's presidency, you would authoritatively declare it a failure...? You'd be laughed out of the room, because everyone is aware that whether or not one likes the direction he's taking, it would be ridiculous to assess anyone's true achievements one miserable year after taking office. And that's only even more true whenever litigation or legal matters are involved in any way. Yes, you can look at what GDPR did so far and not be terribly impressed - saying this is all it can/will ever do is laughable.
And that companies are trying to dodge having to actually comply with it (which most of those pop-ups really do, instead of doing it properly) is hardly GDPR's failing; if anything, we need a handful of large booms going off to remind the smaller critters that this will not fly - but that will take some more time; NOYB filed complaints the minute GDPR went into effect (and continued to do so after); but those wheels turn hella slow, even though they're definitely turning.
And finally things like "oh but actually asking is hard, I don't wanna do it" or "but that destroys my business case" are not actually valid excuses. I should be happy actually to see you go under, if your business model involved gobbling up my privacy not because I agreed with that but just because you could. Legitimate businesses will continue to be able to secure that consent just fine - in fact, GDPR is still siding WITH THEM AGAINST ME as soon as I had any actual dealing with anyone: once a financial transaction happened they are allowed to retain my data even if I would very much want them to no longer have it later for whatever other reason.
So no, sorry. Whatever the reason for that chip on your shoulder about GDPR is, I'm not buying it. And neither do a number of others apparently, which tends to happen whenever a chip is speaking instead of the voice of reason.
[ link to this | view in chronology ]
Re:
How about after three years?
[ link to this | view in chronology ]
Re:
...that's the analogy you decided to go with?
You do know who the current president is, right?
[ link to this | view in chronology ]
"If we want to have better control over our privacy we're not going to do it through demanding better privacy policies, or confusing data protection laws. We need to create the incentives to put the actual control of the data back into the hands of the users. And that doesn't just mean a right to download your info. It means that you have full control over your data and get to control what apps and services can access it and for what reasons. That's not the world we have today, and nothing in the GDPR gets us any closer to it."
The GDPR absolutely gets us closer to that. The main objective of GPDR is to put control over data in the hands of the consumer, instead of the companies.
I'm sorry, Mike, but you have completely missed the mark on GPDR, and I say that as a European citizen and consumer.
[ link to this | view in chronology ]
Re:
I like the idea of polluting the database.
[ link to this | view in chronology ]
Re:
An argument is a series of connected statements intended to establish a proposition. It isn't just contradiction.
[ link to this | view in chronology ]
Shill Harder
The shills are really out in swarms on this one. :)
Anywho, back to some real discussion.
You just answered the question inside the question. The purpose was more government jobs for otherwise useless toadies. Got some worthless nephew who needs a "job" (tongue firmly in cheek), get him a position in "handling" the GDPR. He can play minesweeper all day while pretending to process GDPR complaints, and draw a sweet government check.
[ link to this | view in chronology ]
Re: Shill Harder
Is it that strange to you that some Europeans actually wanted GDPR and like it (so far at least)?
Yup, that's a great way to have a discussion -- first dismiss everyone who disagrees :/
The word you're looking for is "circle-jerk".
[ link to this | view in chronology ]
Re: Re: Shill Harder
Why shouldn't I dismiss you? You dismissed all the bad that's been shown since the passage of the law. If you can dismiss all the negatives, I can safely dismiss your opinions on the matter.
[ link to this | view in chronology ]
Re: Re: Re: Shill Harder
I didn't dismiss anything. I argued that, in my opinion, positives outweigh the negatives. I even provided citations from the actual law that clearly refute parts of the article. Others also stated their opinions and experiences.
You called everyone who disagrees with you "shills", and then had the gall to call the resulting echo-chamber "real discussion".
[ link to this | view in chronology ]
Re: Re: Re: Re: Shill Harder
It is interesting to note that the positives outweigh the negatives ... for some people while the complete opposite is possible for others and yet it is proclaimed that, for you anyways, things are peachy keen.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Shill Harder
It’s almost as if...people somehow have their own gasp opinions. Crazy.
[ link to this | view in chronology ]
Re: Re: Re: Shill Harder
What "bad"? Can you be specific?
If not then you're just trolling.
[ link to this | view in chronology ]
People want to use websites , and apps,
they do not read user privacy notice,s they just click ,ok.
gdpr is a waste of time, they would eb better off having rules
re how websites share data, do they sell it,do they give it to advertisers and third partys ,
is it well protected ,are data bases encrypted and well protected
from hackers ,
Even facebook did not have users info on instragram fully protected .
There should be basic standards for protecting user data from hackers
and how it is stored and encrypted .
GDpr makes big websites like facebook stronger ,
and makes it hard for small startups to grow.
[ link to this | view in chronology ]
Re:
Go read the GDPR or any of the countless crib notes for the regulation. It does not say what you think it does and it does say what you think it doesn't.
[ link to this | view in chronology ]
Re: Re:
Seriously, it's like the OP went through GDPR, picked up the primary requirements already in the law, and then said "we should have something like that instead of GDPR."
[ link to this | view in chronology ]
"Numerous articles", my ass
Even most of the things you honestly think are "problems" don't seem to be real problems. It's not that we should accept them to get the good parts, it's that they are good parts. And that ignores the other stuff you tried to sneak in.
The obvious solution here is not to collect the data to begin with. Which is what the GDPR is supposed to incent. OK, yes, the "platforms" are trying to evade the whole point of the rule, and that results in paradoxical outcomes. Looks like the GDPR should be tightened to prevent them from possessing the information at all.
And if that means Amazon can't train Alexa, then tough... Alexa is not important.
[ link to this | view in chronology ]
Masnick, your continued rage against the GDPR reminds me of when Elon Musk continually flew off the handle trying to claim that his mini-sub was the best way to save the kids in the cave all while the professionals were doing the real work and succeeding.
GDPR is producing tangible positive developments in the realm of privacy, but you’re too busy saying “No, it’ll never work! We should be using my ideas instead!” and then trot out your prized “protocols, not platforms” concept again for everyone to see. This narcissistic downplaying of real accomplishments is very unbecoming of you.
[ link to this | view in chronology ]
Wow, look at all the dissenting opinions. I thought Techdirt was supposed to be an echo chamber or something...
You mean blue was lying when he said that?
I'm shocked, I tell you. Shocked!
[ link to this | view in chronology ]
Re:
Even blue agreed with the dissenters. The sky is truly falling.
[ link to this | view in chronology ]
Re: Re:
blue will agree with anyone who disagrees with Mike, even if it's someone just "agreeing" that breathing is bad for you. That's not exactly mind-blowing.
[ link to this | view in chronology ]
Re: Re: Re:
Can Mike publish an article on the benefits of breathing, please?
[ link to this | view in chronology ]
Mean to total failures
I suppose I can see why you would want to call GDPR a total failure. But frankly I think that is unfair to total failures.
[ link to this | view in chronology ]
Uh what?
What do benefits to the public have to do with it? It's like imagining the purpose of elections to be giving politicians a chance at turning their election promises into reality.
The election promises are the means to get elected, not the purpose. Confusing the justification of some law with its purpose is going to make politics look like absurd theatre.
[ link to this | view in chronology ]
WRONG mikey
one example on youtube where the guy actually got guildwars 2 to bend over , and he got them using the gdpr and now there is a nice video showing everyone a COMPLETE HOWTO USE IT RIGHT
and if you do this then you have a system that actually works now if the company pulls an epic games its is also liable
but that wont happen too often we can hope.
[ link to this | view in chronology ]
Re: Punctuation, not just for PUNKS
You’re supposed to use capitalisation at the beginning of a sentence. Not count up how many you should have used and make an entire sentence of them.
[ link to this | view in chronology ]
GDPR
Has anyone created a way to turn off the GDPR?
[ link to this | view in chronology ]
Re: GDPR
Yup, many websites (strangely, particularly news websites) are doing it. It's called "not doing business in the EU", or, in the extreme, "block the EU".
And if you are in the EU, the only way to turn GDPR off is to... move :)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
IP addresses don't have anything to do with WHOIS. I presume you meant to say "domain registrations" which are affected by WHOIS since WHOIS is a public tool for reporting the registrant of a domain name.
Certainly the registrant information wasn't deleted. If it's no longer available on the net it will still be available to law enforcement, etc. Still, registration of a domain name has always included explicit consent to publishing your registrant details and should not have been affected by the GDPR. Registrants have always had the option of paying extra for domain privacy (which itself has always been somewhat questionable).
[ link to this | view in chronology ]
Re: Re:
You are quite wrong. Why the ignorant post? Do I have to teach you how to use WHOIS? You don't need any domain name and I most frequently end up using WHOIS without any access to a domain name. This happens when some process is attempting to access an Internet IP address, that call out is caught by a 'reverse firewall' such as Little Snitch on Mac, and I'm not going to allow the call out to occur until I know exactly WHOIS that IP address. Do you comprehend now?
IASSOTS. Think before you post please.
Equally obvious: Before GDPR, any friendly, helpful, kind, useful IP owner published who they are along with their IP address / Domain name. That meant that anyone could verify that the data being sent from their computer was going to an acceptable place.
EXAMPLE: Via WHOIS anyone used to be able to learn that an IP address of 17.x.x.x meant an Apple owned IP address. On a Mac, of course it is fine for a process to send data to Apple.
But when some entirely unknown IP address shows up, and there is nothing vie WHOIS or anytying else to tell the user who owns that IP address, of course you don't want your data being sent there!
Thankfully, this detrimental nonsense, inflicted by the stupid GDPR, can be overcome in an application such as LittleSnitch by way of the application having created its own WHOIS listing of IP addresses willing to allow the world to know exactly who they are.
And obviously my point is that ALL (every) IP address should have an identity associated with it, no opt-out, no GDPR nonsensical obfuscation over every IP address ever assigned.
Do you get that as well, yet? Do stop being obtuse, please.
[ link to this | view in chronology ]
Hello Mike,
sorry for being late. To answer your question "One Year Into The GDPR: Can We Declare It A Total Failure Yet?": The short answer is "No". The long answer is: "Why should we?".
What I find "funny" most of the time is your irrational "logic".
"made people constantly need to click on annoying privacy and cookie notices": not the GDPR makes it, it's web "designer" using cookies to sell my information to Google, Facebook, ... you name it.
"has the GDPR made the big tech companies more dominant": was it meant to decrease their dominance?
"if we moved to a system of protocols instead of platforms": move, Mike.
"Or, as one Twitter user told expressed, 'I read a lot fewer articles in US papers/magazines.'": the GDPR is not here to promote reading newspapers.
What I understand is that the GDPR is shit because it introduces compliance cost, hinders startup, make companies go out of the EU etc. The point is that the GDPR is not here to lower compliance cost, enable startups, make companies enter the EU. These things are fully out of scope of the GDPR.
If you really want to argue that the GDRP is bad then bring some example where it does not protect personal information.
Thank you for reading,
Your favoutire GDPR troll.
[ link to this | view in chronology ]
Re: TLDR
[ link to this | view in chronology ]
Re: Re: TLDR
Useless non-input. Troll elsewhere.
[ link to this | view in chronology ]
Re: Re: Re: TLDR
Oh look the forum cops have shown up. Won’t be too long before the Grammer Nazis storm the beeches.
[ link to this | view in chronology ]
I still contend that the law was not "well-intended" to begin with. As with most laws the motive was to control others for the benefit of some (sometimes called "minority rule").
[ link to this | view in chronology ]
Re:
[citation needed]
[ link to this | view in chronology ]
One good thing GDPR does
When I get confronted by the "not allowed in your area" I now know that particular website wants to do dodgy things with my data.
[ link to this | view in chronology ]
The strings attached to your back become more visible with every one of these posts, Mike.
[ link to this | view in chronology ]
GDPR is only hypocrisy turned into idiocracy
The situation is pretty bad as they pretend they care about us. It's all fake as always, they care only about their agenda. The truth is all this thing (and not only one that happens in the world today) is a brain-wash procedure for idiocracy to be. DHL for instance does not show in their database the address and phone number for parcels beneficiary - for their own protection :))) I used to work with DHL and I gave up, because the 1-2 days transit time of my parcels turned into a weeks, because I had to call DHL EVERY TIME to give them my info once again beside the sender did. Can you believe this? Why people refuse to wake up ?? Idiocracy is here and it's filled with terror :)))
[ link to this | view in chronology ]