zlacker

>>grabeh+(OP)
For those of you understandably intimidated by the GDPR regulations themselves, here's a good summary in plain English: https://blog.varonis.com/gdpr-requirements-list-in-plain-eng...

The UK's ICO also has a good structured summary: https://ico.org.uk/for-organisations/guide-to-the-general-da...

In general I agree with the sentiments in this article. I've probably spent a total of three to four days reading around the GDPR and I don't really see what's special about this law other than it's imposing decent standards on what was in effect a wildly unregulated industry in people's personal data. If you have a broad distrust of any government activity then I suppose any new laws with "fines up to €X" might feel like "I run a small site on a Digital Ocean droplet and I'm at risk of a €2m fine out of the blue." But that doesn't make it true.

>>frereu+N2
There is nothing - and I do mean nothing - written into the GDPR that requires any warnings of any kind, or places any limits on fines, except for $10/$20 million or 4% of revenue, whichever is greater. Period. A multimillion-dollar fine without warning for a first, minor violation is perfectly lawful under GDPR. The idea that "yes it says that but we can trust EU regulators to not assess large fines against foreign companies, even though they would benefit handsomely from them" rings hollow to me.

>>downan+Fc
>we can trust EU regulators

I want to stress that this is a major point of political polarization in Europe at the moment. Even if this claim is true, it warrants a clear and articulated defense.

>>omgint+kd
Also any Americans reading “we can trust X” will likely get a good laugh out of this.

It is irresponsible not to assume that if the law is written a certain way then at some point, the law can (and likely will) be enforced that way when it suits the government.

>>sailfa+Ig
> It is irresponsible not to assume that if the law is written a certain way then at some point, the law can (and likely will) be enforced that way when it suits the government.

With the caveat that "the law" in this case isn't just the GDPR, it's the entirety of EU case law. GDPR exists in a particular legal context.

>>justin+Tq
I get the impression I am misunderstanding EU law (not necessarily a surprise) when folks say things like "Civil law vs. Common Law" or "legal context."

If a law is on the books, it can be enforced in the EU, right? I understand there is precedent but precedent is not law, it's merely the common understanding of that law in that particular context. Precedent is overturned all the time (not to mention ignored when convenient), as it should be.

Is there a critical difference here that I am not understanding? Perhaps it has to do with the fact that the EU is not a state, but a high level guiding body for a number of states?

>>sailfa+tA
That is a fine analysis but I'm not sure what your question is. All laws exist in a legal context and analyzing them while being ignorant of that context is futile. That's all I was saying. I think almost all the people armchair-analyzing the GDPR in a hyperbolic manner would be equally useless at analyzing their own laws, in their own countries, for what it's worth. (someone in another comment said something contrasting the EU with places where laws are "not open to interpretation." Dear lord...)

That doesn't mean Jacques' analysis is not worthwhile, by the way. He is not ignorant of the legal context. Judging by the reaction to the article, this is going to be one of those situations where you can lead a horse to water but you can't make him drink.

>>justin+cL
I thought the article was well written, rational, and measured, and with the right leaning toward not capturing data to avoid worrying about the GDPR.

That said, I would've liked to see a bit more healthy skepticism about the ability of any sort of government or organization to avoid mis-using laws with a wide breadth when it suits them, especially if things slide toward tech-protectionism.