Comment by stavros
1 year ago
Whenever the GDPR is mentioned here, people more or less treat it as a sign of fascism. With that attitude from us, how can our rights on privacy be respected?
I'm extremely glad that the GDPR and NOYB.eu mean that car manufacturers can't pull that shit here. If I opt out, I'm opted out, or there will be big fines for them.
The problem with the GDPR is the overhead. If it was one line that said "you can't sell data on people without their explicit freely given consent" then anybody could comply with it by simply not selling data on people.
But it's a long piece of legislation and some of the requirements are time-consuming to implement even if you're not doing anything nefarious. "It is bad for innocent people to incur uncompensated costs" should be a primary principle in creating legislation.
> If I opt out, I'm opted out, or there will be big fines for them.
They're getting sued. If the plaintiffs win they'll have to pay. It's not obvious why this is worse or any less of a deterrent.
What piece of regulating legislation have you seen that's one line?
"Every contract, combination in the form of trust or otherwise, or conspiracy, in restraint of trade or commerce among the several States, or with foreign nations, is declared to be illegal."
https://www.law.cornell.edu/uscode/text/15/1
5 replies →
> It's not obvious why this is worse or any less of a deterrent.
I'd say it may not be obvious why, but it's obvious that it is less of a deterrent, because this sort of data trading seems to be commonplace and semi-overt in the US, and much less common (and hush-hush in the rare cases where it does happen) in Europe.
I'd also hazard a guess why it's less of a deterrent: the risk, i.e. probability of successfully getting sued * cost of successfully getting sued, is likely much lower compared to the relatively high probability of a DPA going "WTF no" in Europe as soon as someone reports it.
> I'd say it may not be obvious why, but it's obvious that it is less of a deterrent, because this sort of data trading seems to be commonplace and semi-overt in the US
But that's because the US doesn't even have the law requiring express and freely given consent, so they just stick the consent in some agreement nobody reads next to a box you have to check. You could have that rule without having the whole GDPR.
In this case they apparently collected the data even if you never checked the box, which is just egregious and now they're getting sued.
> the risk, i.e. probability of successfully getting sued * cost of successfully getting sued, is likely much lower
Certainly this is not because plaintiffs would be unwilling to file claims if they could.