Also, must be nice to live in a country where the regulator is as benevolent and reasonable as is described in this article.
I think it's ok for foreigners to be skeptical of this promise, as the article implies that this reasonableness is not encoded in law.
I do have some direct experience of working with EU data protection regulators. My experience has been that they vary wildly in "reasonableness". UK ICO is pretty OK, they want companies to succeed. France's CNIL is a joke. Petty, spiteful and utterly inconsistent. I watched as a company worked closely with them to get their sign-off on a change to their terms of service and privacy policy. CNIL were happy to be involved and taken so seriously, they were satisfied with the changes and even praised them in private. After the company announced the change, some journalists saw an opportunity to make some noise and did so. CNIL then immediately changed their mind and dished out a fine, despite having previously agreed to it. What a farce.
That's at the national level. I can give many examples of cases where the EU has been anything but reasonable.
The entire argument Jaques presents here boils down to his belief that everyone working in GDPR enforcement in the EU will not only be totally predictable and reasonable today but also going forward into the indefinite future.
As pointed out in the other thread, this belief is itself unreasonable, because the nature of the GDPR means that even in the unlikely even it's true today, if in 10 years a new Commission arrives and changes their mind they can retroactively decide that things previously allowed were actually illegal. The GDPR says virtually nothing about anything so they'd certainly argue such a thing was merely a "clarification" and not a retroactive change to the law.
There are plenty of examples of governments doing this sort of thing over time, including the EU, like with Apple's tax situation. Mr Mattheij appears to just write this possibility off entirely.
So, there's no opportunity for litigating using their previous statements? At least now I understand why you're on every GDPR thread.
Regulators can never be held to anything they say. When you ask questions, if they answer at all, it always comes with a disclaimer that it's merely "guidance" and not binding. If they later change their mind, it's always a "clarification" and not a change.
The sort of people who think vague regulations are a good idea are the sort of people who think regulators are staffed by people who are inherently good, so they're usually written to give regulators maximum power and minimum accountability. GDPR is a case in point. If you read the EU's documents on the matter closely, and I have, then you find that the EU refuses to even respond to questions at all. That's delegated to national regulators, but the EU is clear that those regulators don't have the power to issue binding declarations, only guidance. In other words, you can ask a regulator or a lawyer. Their opinion has no more or less weight than my own posts do. The only time binding decisions are made is during enforcement actions.