[closeparen]

>It's a statement that someone's private data and intellectual property is theirs

Private data is data you don't share. Under some very limited circumstances, you might entrust private data to a third party for safekeeping, i.e. Dropbox, Google Photos, iCloud Drive, and it's important that they not leak or abuse it.

But that's only a tiny portion of what the GDPR is about. It concerns records of your interactions with others. It's a statement that one side of an interaction is entitled to force the other side to delete their memory of that interaction, or to dictate the situations under which they are permitted to remember it.

[ocdtrekkie]

You are anthropomorphizing companies here, and I think it's a pretty poor analogy. Corporations do not have a memory, they have records, and those records comprise the personal data of everyone who encounters them; data those companies don't own. You seem to be characterizing GDPR as unfair towards the corporate end of the interaction, but that ignores the massive power differential that currently exists.

Corporations have incredible power compared to the individual, and before GDPR, it was commonplace for services to require unreasonable privacy violations: And consumers had to either accept it, or be cut off. (In many cases, the companies doing this have monopolies, making this even more problematic.)

Realistically, this is not going to impact small companies a lot. This is about big ad and tech companies, and giving citizens some minor semblance of tools to resist them.

[closeparen]

>data those companies don't own

I don't know if it's possible to have a productive discussion about what seems to be a question of fundamental philosophy and values, but that's ridiculous on its face.

If I'm a shop owner and a customer buys something from me, the cash register prints two receipts: one the customer owns, one I own. If a customer writes me an email, I own my copy of that email. If a customer comes in and makes a scene, and I ban him from my stores's premises, the paper I generate telling my staff to call the police if they seem him is mine.

If I follow him around and write down everywhere he goes... at some point a line gets crossed, sure. If I start asking other shopkeepers if they've seen him or what he purchased, yeah, something's wrong. But to claim that my records of the interactions he knowingly, willingly had with me are his property just sounds bizarre.

>Realistically, this is not going to impact small companies a lot. This is about big ad and tech companies, and giving citizens some minor semblance of tools to resist them.

The GDPR does not discriminate by the size of the operation. It's large companies which can reliably afford the consultant, lawyer, and engineering time to understand and adapt to new regulation. The violators are going to be those without security and compliance departments.

[tscs37]

Receipts and (most likely) EMails will not be affected. The former since it has to be kept around for tax purposes and the later since they fall under freedom of expression, both are exempted from the GDPR.

The paper you printed to ban someone from you store falls under Art1, §1, Section f of the GDPR; your interest in keeping that person out of the store outweighs their interest in keeping their details private.