> That letter is likely only a problem when selectively used by a malicious actor against a small organization.
Which is what is so annoying and economically destructive about regulations like these that are broadly applied to all companies, especially on the internet where single person companies are very popular. They are designed in a vindictive way against large companies like Facebook or major online retailers who burned customera due to minimal information security investment.
But they so often ignore the reality of the burden it places on small firms who account for 90% of businesses and 50% of employment, who cant afford lawyers or the legal risks of a 'piss off' letter.
The western economic environment countinually gets more and more structured favouring large firms, encouraging large scale merging, which usually generates the type of large oligopoly companies who most often does the things that cause regulations to get created, then imposed on smaller firms.
If Japan's economy is any indication we do not want to state heavy economy where big companies are the only sanctioned winners and smaller companies are heavily disincentived by the state (whether indirectly, by side effect, or overtly).
If not having these laws created isnt an option (seemingly impossible in an administrative heavy org like EU), I then hope someday these regulation start being structures like progressive income tax using size minimums or are contained to specific industries where it's clearly a problem (both of which would apply well to minimum wage laws for example). So laws are pinned directly to a specific problem area justifying the heavy-handed state intervention, not just blanket laws on everyone.
For most smaller businesses there is no real reason to do all that much as long as you can answer such questions on an ad-hoc basis. Although of course we still have to see how widespread it will become in practice.
Basically you need to make sure you 100% know what data you collect (including any third parties) and make sure you have a good reason to collect it.
Honestly most of GDPR should be considered "common sense". It's just that many corporations actively act against the interest of individuals they collect data on, and it's precisely these practices that GDPR tries to correct.
Unfortunately even if you're already handling personal data responsibly, the GDPR still also requires that you be able to provide various documented policies to your regulator on demand, still contains lots of ambiguity about how far subject rights can go in practice, still imposes obligations to include lots of extra detail in privacy policies or otherwise provide lots of information and active warnings to data subjects, etc.
Maybe these things shouldn’t be collected as a matter of course. Should web servers log client IP addresses by default? Why? Does my mail server need to log email addresses of incoming mail by default? “Logging all the things” as default behavior really needs to be a thing of the past.
If anyone wants to get their feet wet in open source, there are thousands of high profile projects out there that could use a patch to scrub PII from their logging, and these are probably simple diffs.
“Logging all the things” as default behavior really needs to be a thing of the past.
Maybe, but logging useful things is reasonable. We investigate problems with our systems using server logs. We diagnose various security threats, fraud risks and ToS violations using server logs.
We're generally respectful of users' privacy, but we also have a legitimate interest in knowing how our systems are being used and preventing people from doing bad things with them. Those legitimate interests may take precedence over a visitor's right to privacy in some cases, in the same way that you can't tell a government to forget your criminal record or a bank to forget that you owe them money.
Presumably it would, but since approximately 0% of businesses that actually do anything could make such a statement truthfully, that doesn't help very much.
> The western economic environment countinually gets more and more structured favouring large firms, encouraging large scale merging, which usually generates the type of large oligopoly companies who most often does the things that cause regulations to get created, then imposed on smaller firms.
This is where socialism differs from communism - in socialism you have big privately owned companies, whereas in communism these are state owned. Everything else is more or less the same. Europe is currently under transition from group of mostly free mostly capitalist countries into full retard socialist authoritarian regime.
Regardless of that, GDPR is a very good thing, shame it has only been introduced now and not 10 years ago.
While I agree with your opinion about the GDPR, your analysis of Europe is otherwise plainly wrong. You would be aware of this if you actually followed EU politics (there is currently a strong trend towards right-wing / center politics. Left-leaning parties are moderately out of favour), which you definitely do not have to do. Just try not to spread misinformation on the internet: There is plenty of it to go around already.
Which is what is so annoying and economically destructive about regulations like these that are broadly applied to all companies, especially on the internet where single person companies are very popular. They are designed in a vindictive way against large companies like Facebook or major online retailers who burned customera due to minimal information security investment.
But they so often ignore the reality of the burden it places on small firms who account for 90% of businesses and 50% of employment, who cant afford lawyers or the legal risks of a 'piss off' letter.
The western economic environment countinually gets more and more structured favouring large firms, encouraging large scale merging, which usually generates the type of large oligopoly companies who most often does the things that cause regulations to get created, then imposed on smaller firms.
If Japan's economy is any indication we do not want to state heavy economy where big companies are the only sanctioned winners and smaller companies are heavily disincentived by the state (whether indirectly, by side effect, or overtly).
If not having these laws created isnt an option (seemingly impossible in an administrative heavy org like EU), I then hope someday these regulation start being structures like progressive income tax using size minimums or are contained to specific industries where it's clearly a problem (both of which would apply well to minimum wage laws for example). So laws are pinned directly to a specific problem area justifying the heavy-handed state intervention, not just blanket laws on everyone.