| >data those companies don't own I don't know if it's possible to have a productive discussion about what seems to be a question of fundamental philosophy and values, but that's ridiculous on its face. If I'm a shop owner and a customer buys something from me, the cash register prints two receipts: one the customer owns, one I own. If a customer writes me an email, I own my copy of that email. If a customer comes in and makes a scene, and I ban him from my stores's premises, the paper I generate telling my staff to call the police if they seem him is mine. If I follow him around and write down everywhere he goes... at some point a line gets crossed, sure. If I start asking other shopkeepers if they've seen him or what he purchased, yeah, something's wrong. But to claim that my records of the interactions he knowingly, willingly had with me are his property just sounds bizarre. >Realistically, this is not going to impact small companies a lot. This is about big ad and tech companies, and giving citizens some minor semblance of tools to resist them. The GDPR does not discriminate by the size of the operation. It's large companies which can reliably afford the consultant, lawyer, and engineering time to understand and adapt to new regulation. The violators are going to be those without security and compliance departments. |
The paper you printed to ban someone from you store falls under Art1, ยง1, Section f of the GDPR; your interest in keeping that person out of the store outweighs their interest in keeping their details private.