> If your account gets hacked, the hacker can use the right of access to get all of your data.
If your account gets hacked, the hacker has access to your account. Duh.
> The right to be forgotten is in conflict with the public’s right to know a bad actor’s history (and many of them are using the right to memory hole their misdeeds).
People can change. Newspapers can exaggerate one's misdeeds.
> And the right to opt-out of data collection creates a free-rider problem where users who opt-in subsidize the privacy of those who opt-out.
Opting out of data collection isn't a thing under the GDPR. Breaking business models that involve people selling their privacy is an intended consequence of the GDPR.
> “Amazon sent 1,700 Alexa voice recordings to the wrong user following data request” (The Verge)
Doesn't sound like a company that can be trusted to ensure people's privacy without regulation.
> “The problem with data portability is that it goes both ways: if you can take your data out of Facebook to other applications, you can do the same thing in the other direction. The question, then, is which entity is likely to have the greater center of gravity with regards to data: Facebook, with its social network, or practically anything else?” (Ben Thompson)
Freedom includes the freedom to make bad decisions.
> “Presumably data portability would be imposed on Facebook’s competitors and potential competitors as well. That would mean all future competing firms would have to slot their products into a Facebook-compatible template. Let’s say that 17 years from now someone has a virtual reality social network innovation: does it have to be “exportable” into Facebook and other competitors?
No more than Facebook has to create a search engine so you can export your search history into Google.
> “About 220,000 name tags will be removed in Vienna by the end of [2018], the city’s housing authority said. Officials fear that they could otherwise be fined up to $23 million, or about $1,150 per name.” (The Washington Post)
The data protection authorities later told them that this is bullshit.
> As of March 20, 2019, 1,129 US news sites are still unavailable in the EU due to GDPR. (Joseph O’Connor)
"Losing" businesses that don't respect privacy is intended. It's kinda flattering that so many US news sites specifically cater to EU residents, making them subject to the GDPR. But frankly: We don't care much about your local news.
> During a Senate hearing, Keith Enright, Google’s chief privacy officer, estimated that the company spent “hundreds of years of human time” to comply with the new privacy rules. (Quartz)
> However, French authorities ultimately decided Google’s compliance efforts were insufficient: “France fines Google nearly $57 million for first major violation of new European privacy regime” (The Washington Post)
The French authorities rightfully didn't care how much time Google spent on not complying with the GDPR.
> Tradeoff between privacy regulations and market competition
Oh no, we might lose the ad market.
> GDPR has been the death knell for small and medium-sized businesses
Companies that cannot safeguard their users' privacy shouldn't exist, not to mention those whose business model is based on infringing on their users' privacy.
---------------------------------------------
The "arguments" ad companies use against the GDPR are just absurd.
EU 2016: We don't want businesses based on violating our citizens' privacy to operate anymore. You have two years two comply.
Ad companies 2018: Evil government! If you force us to stop violating our customers' privacy, we will stop violating our customers' privacy! You will regret this! And why didn't you warn us?
---------------------------------------------
GDPR: You must ask your customers to opt into data collection, letting them opt out is not sufficient.
Ad companies: The evil EU fined us for not complying with the GDPR! That's unfair! How could we know that "letting them opt out is not sufficient" means that letting them opt out is not sufficient? The GDPR is so vague! And we spent so much money on not complying!
If your account gets hacked, the hacker has access to your account. Duh.
> The right to be forgotten is in conflict with the public’s right to know a bad actor’s history (and many of them are using the right to memory hole their misdeeds).
People can change. Newspapers can exaggerate one's misdeeds.
> And the right to opt-out of data collection creates a free-rider problem where users who opt-in subsidize the privacy of those who opt-out.
Opting out of data collection isn't a thing under the GDPR. Breaking business models that involve people selling their privacy is an intended consequence of the GDPR.
> “Amazon sent 1,700 Alexa voice recordings to the wrong user following data request” (The Verge)
Doesn't sound like a company that can be trusted to ensure people's privacy without regulation.
> “The problem with data portability is that it goes both ways: if you can take your data out of Facebook to other applications, you can do the same thing in the other direction. The question, then, is which entity is likely to have the greater center of gravity with regards to data: Facebook, with its social network, or practically anything else?” (Ben Thompson)
Freedom includes the freedom to make bad decisions.
> “Presumably data portability would be imposed on Facebook’s competitors and potential competitors as well. That would mean all future competing firms would have to slot their products into a Facebook-compatible template. Let’s say that 17 years from now someone has a virtual reality social network innovation: does it have to be “exportable” into Facebook and other competitors?
No more than Facebook has to create a search engine so you can export your search history into Google.
> “About 220,000 name tags will be removed in Vienna by the end of [2018], the city’s housing authority said. Officials fear that they could otherwise be fined up to $23 million, or about $1,150 per name.” (The Washington Post)
The data protection authorities later told them that this is bullshit.
> As of March 20, 2019, 1,129 US news sites are still unavailable in the EU due to GDPR. (Joseph O’Connor)
"Losing" businesses that don't respect privacy is intended. It's kinda flattering that so many US news sites specifically cater to EU residents, making them subject to the GDPR. But frankly: We don't care much about your local news.
> During a Senate hearing, Keith Enright, Google’s chief privacy officer, estimated that the company spent “hundreds of years of human time” to comply with the new privacy rules. (Quartz)
> However, French authorities ultimately decided Google’s compliance efforts were insufficient: “France fines Google nearly $57 million for first major violation of new European privacy regime” (The Washington Post)
The French authorities rightfully didn't care how much time Google spent on not complying with the GDPR.
> Tradeoff between privacy regulations and market competition
Oh no, we might lose the ad market.
> GDPR has been the death knell for small and medium-sized businesses
Companies that cannot safeguard their users' privacy shouldn't exist, not to mention those whose business model is based on infringing on their users' privacy.
---------------------------------------------
The "arguments" ad companies use against the GDPR are just absurd.
EU 2016: We don't want businesses based on violating our citizens' privacy to operate anymore. You have two years two comply.
Ad companies 2018: Evil government! If you force us to stop violating our customers' privacy, we will stop violating our customers' privacy! You will regret this! And why didn't you warn us?
---------------------------------------------
GDPR: You must ask your customers to opt into data collection, letting them opt out is not sufficient.
Ad companies: The evil EU fined us for not complying with the GDPR! That's unfair! How could we know that "letting them opt out is not sufficient" means that letting them opt out is not sufficient? The GDPR is so vague! And we spent so much money on not complying!