@kingannoy If only it were that simple...most of my clients chose to work toward compliance, but some took this tack. They weren't (and aren't) crazy, and there's nothing wrong with blaming the EU for making this choice. It has consequences - some they'll like (fewer cookies) and some they won't (further neutering the possibility of a European Silicon Valley). This one falls somewhere in between.
I could understand your argument if we were talking about a company has a reason for handling private data, like say, Fit Bit. And if they said something like: "We got caught with our pants down, we'll be back with you as soon as we figured it out".
Instead it's a company with no excuse for gathering anything but your address, low-key insulting our government. They aren't crazy, they are the target of this law and I love their precious little snowflake response.
@kingannoy I think that's a fair distinction, but I'm not sure it necessarily supports that side of the argument. There's something inherently fair about expecting fitbit or google or facebook to handle personal data in a sophisticated, accountable manner. Should we treat a clothing company the same way? That raises one of GDPR's other unintended consequences; the parties it benefits most are the ones it seeks to constrain (by disproportionately affecting less sophisticated competitors).
It's as if a physical store would say something like:
"We have to close our store. We can't comply with these health and safety standards and getting our building up to the fire code is just too much effort. So sorry... Blame your government (no really)"
@kingannoy Second, GDPR requires dramatically more than complying with best practices, especially for foreign companies. It is not as simple as "privacy good, ergo GDPR good." It is *intentionally* vague, requires foreign entities to submit themselves to the personal jurisdiction of European countries (viz a viz the data transfer mechanisms), and in some cases prohibits what local state or federal laws over here require (and the exceptions for legal compliance only covers EU law).
A Mastodon instance for info/cyber security-minded people.