[s73v3r_]

It absolutely does not. That is still entirely legal. All the GDPR does is make sure that the entity you're trading with is up front about what data they are collecting, and what it will be used for, giving you the ability to make an informed decision.

[CryptoPunk]

That's not all it does. Among the other things it does:

It requires the entity to give you the ability to delete your personal data, which means a contract where you grant a service a permanent and irrevocable right to data about you in exchange for a service is illegal.

It also requires the entity to provide an equivalent service to any site visitor that chooses to not grant their data to the entity, thus making the business model of trading even revocable access to one's data for a service unviable in the long run.

It makes it illegal to offer a service in exchange for data that is stored without end-user retrievability. Therefore, it makes a contract where you grant a service irretrievable data about you in exchange for a service is illegal.

All of these reduce the range of possible voluntary interactions. It's anti consent.

[s73v3r_]

No, they do not. Not a single one of those reduces the range of voluntary interactions. If anything, they increase the range, because now it actually is voluntary.

And it is bonkers to imply that something that requires you to actually get affirmative consent from the user is "anti consent". You know what's really anti consent? 10 page TOS listings written in 10pt font that hide what's actually being done with data deep inside.

[CryptoPunk]

I just gave you examples of voluntary interactions that are now illegal under the GDPR programme, and you respond that none of the examples reduce the range of voluntary interactions. It's bizarre.

>>You know what's really anti consent? 10 page TOS listings written in 10pt font that hide what's actually being done with data deep inside.

I agree that it is anti-consent. I don't have a problem with laws requiring more legible consent forms.

My problem is the many limitations on the range of voluntary interactions that two parties can enter into that are found in the GDPR, a few of which I listed, and which you totally ignored.

[s73v3r_]

"I just gave you examples of voluntary interactions that are now illegal under the GDPR programme, and you respond that none of the examples reduce the range of voluntary interactions. It's bizarre."

No, you didn't. You gave a list of one-sided transactions where the user has no freedom or really consent at all in the matter.

"My problem is the many limitations on the range of voluntary interactions that two parties can enter into that are found in the GDPR, a few of which I listed, and which you totally ignored."

No, you didn't. All you did was post a list of "transactions" where the company has all the say, and the user really has no input whatsoever. No one is going to miss those transactions.

If you truly, honestly are concerned with "consent", then you should be applauding this law, as it does require actual, informed, affirmative consent. Not the "Here's a great wall of text, agree to give us every little bit of data with no recourse whatsoever for you or don't get any access to the service at all" form of "consent".

I'm sorry, but I cannot take seriously the idea that "if you can't sell yourself into slavery, you aren't free".

[CryptoPunk]

>>No, you didn't. You gave a list of one-sided transactions where the user has no freedom or really consent at all in the matter.

I have difficulty responding to such an immature mischaracterization of what I listed.

I listed a set of contractual arrangements that are now illegal. All of them could be entered into completely consensually, and cannot be reduced to being categorically one sided, given we don't know what the value of the service the user gets in exchange for their personal data will be in every instance that said contract is used.

You're infantilizing people when you claim they're not capable of consenting to the sale of their personal data. In fact, no court of law would ever agree with you that these contracts are non-consensual ipso facto what the user offers, which is why the only way these kinds of contracts could be categorically disqualified is to circumvent the courts' purview of establishing consent, by resorting to statutory interventions like GDPR.

And you're vastly over-simplifying the world, and overestimating your understanding of it, when you claim that such contracts could never be in the interest of the user.

What you're doing is absolutely reckless.

>>I'm sorry, but I cannot take seriously the idea that "if you can't sell yourself into slavery, you aren't free".

Selling your personal data to someone is not slavery. Slavery is a permanent condition, affecting your future self.

Personal data sold at one point in time only covers the data generated to that point in time, and does not forfeit data that is generated by your future self.

[s73v3r_]

>I listed a set of contractual arrangements that are now illegal. All of them could be entered into completely consensually, and cannot be reduced to being categorically one sided, given we don't know what the value of the service the user gets in exchange for their personal data will be in every instance that said contract is used.

And in that set, you predicated that the user could not revoke consent. That means that it is not a free contract.

>And you're vastly over-simplifying the world, and overestimating your understanding of it, when you claim that such contracts could never be in the interest of the user.

A contract in which one can not revoke consent is a contract in which one can never truly give consent. If I am unable to revoke my consent, then it can never be in the interest of the user, because my interest may change in the future.

>What you're doing is absolutely reckless.

No, what was absolutely reckless was the attitude of this industry that they should be entitled to suck up every last piece of data they could.

>Selling your personal data to someone is not slavery. Slavery is a permanent condition, affecting your future self.

Which is what you're pushing for. You don't want me to be able to withdraw consent later, thus my selling of data WILL affect my future self.

>Personal data sold at one point in time only covers the data generated to that point in time, and does not forfeit data that is generated by your future self.

It still affects your future self.

Once again, you have twisted this idea of "freedom" so badly, that you are claiming that it is anti-freedom for the user to have the freedom to withdraw consent! You should be ecstatic that you will now be able to exercise greater freedom than you could before. You will have that most basic of freedom to evaluate whether or not something is still in your interest, and if it's not, withdraw, without the other party still benefiting off of your information.

[Dayshine]

Only if you don't have a contract with the entity...

All the changes are to "consent", which is the naive consent of clicking "I accept".

You can still do anything with a proper, considered, contract.

[CryptoPunk]

Terms that you accept by clicking an "I accept" button can be a proper, considered contract. From what I understand GDPR requires more legible terms of service, in place of the undecipherable legalese one finds now, which could potentially help with the issue of users not understanding what they're accepting.

I don't see why the new rules couldn't have been limited to those of this sort, which ensure that users are providing considered agreement.

[kaseyb002]

I guess I was wrong. My impression was there are restrictions on the exact terms of how you can exchange your data with companies.

At the very least, my original statement was overly broad.