Whenever the GDPR is mentioned here, people more or less treat it as a sign of fascism. With that attitude from us, how can our rights on privacy be respected?
I'm extremely glad that the GDPR and NOYB.eu mean that car manufacturers can't pull that shit here. If I opt out, I'm opted out, or there will be big fines for them.
The problem with the GDPR is the overhead. If it was one line that said "you can't sell data on people without their explicit freely given consent" then anybody could comply with it by simply not selling data on people.
But it's a long piece of legislation and some of the requirements are time-consuming to implement even if you're not doing anything nefarious. "It is bad for innocent people to incur uncompensated costs" should be a primary principle in creating legislation.
> If I opt out, I'm opted out, or there will be big fines for them.
They're getting sued. If the plaintiffs win they'll have to pay. It's not obvious why this is worse or any less of a deterrent.
"Every contract, combination in the form of trust or otherwise, or conspiracy, in restraint of trade or commerce among the several States, or with foreign nations, is declared to be illegal."
> What's a contract? What's trust, or conspiracy? What's trade, or commerce, or a foreign nation? What does "declared" mean?
These have established meanings in existing law. What are you proposing as a plausible ambiguous interpretation of "declared"?
> This is the legal equivalent of "I can write Doom in one line, import doom; doom.start()".
That's two lines.
Also, it's not equivalent, because the original is actually a composition and not just a tautology. It's like saying that this one liner to find word frequencies in a file:
> What are you proposing as a plausible ambiguous interpretation of "declared"?
Is your argument that the GDPR can be one line because "data" already has an established meaning in existing law? The GDPR is large because all these things needed to be defined, and there are tons of edge cases, not because the lawmaker figured they'd add some extra fluff in there.
It's not being verbose or well-defined which is the problem. It's that the law isn't a single well-specified requirement but rather many independent ones that each have to be complied with separately, including by people who weren't doing anything untoward to begin with.
If you weren't doing anything harmful then your preexisting behavior shouldn't become unlawful.
Here's the GDPR in one sentence for you: "do not process data from people that haven't consented to that processing".
The rest of the text is about specifying the terms of art processing, data, people, and consent.
> If you weren't doing anything harmful then your preexisting behavior shouldn't become unlawful.
Exactly. Except that you do not get to define harmful, the law does. If you weren't processing any PII, then your preexisting behaviour did not suddenly become unlawful.
> It's not obvious why this is worse or any less of a deterrent.
I'd say it may not be obvious why, but it's obvious that it is less of a deterrent, because this sort of data trading seems to be commonplace and semi-overt in the US, and much less common (and hush-hush in the rare cases where it does happen) in Europe.
I'd also hazard a guess why it's less of a deterrent: the risk, i.e. probability of successfully getting sued * cost of successfully getting sued, is likely much lower compared to the relatively high probability of a DPA going "WTF no" in Europe as soon as someone reports it.
> I'd say it may not be obvious why, but it's obvious that it is less of a deterrent, because this sort of data trading seems to be commonplace and semi-overt in the US
But that's because the US doesn't even have the law requiring express and freely given consent, so they just stick the consent in some agreement nobody reads next to a box you have to check. You could have that rule without having the whole GDPR.
In this case they apparently collected the data even if you never checked the box, which is just egregious and now they're getting sued.
> the risk, i.e. probability of successfully getting sued * cost of successfully getting sued, is likely much lower
Certainly this is not because plaintiffs would be unwilling to file claims if they could.
I'm extremely glad that the GDPR and NOYB.eu mean that car manufacturers can't pull that shit here. If I opt out, I'm opted out, or there will be big fines for them.