[hekfu]

> Honestly though, I would _love_ to live in a world where you could walk into my home and install your 'adtreckr' eye tracking cameras on my TV. What you're describing is "trust", and I think the amount of it that each person has (for people in general, but also for companies) is a big influence in how they view GDPR (and other regulations that some might argue are unnecessary). Obviously, we're very far away from that world, so this isn't consent for you to come waltzing into my home in the near future. :)

Anarchy is always ruined by all those people! (I'm a big fan of trust, and not a big fan of Hayek,but Hayek had an insight when he talked about the micro and the macro cosma. People are to diverse that we can rely on "trust" to solve things, we need agreed on official rules)

> In my eyes, the satirical representation of what's happening here (from a consumer's point of view) is me placing an order for your awesome new eye tracking cameras, looking forward to the delivery and installation, and then seeing delays and delays as you repeatedly come back with, "well, are you sure you want this? are you sure I can enter your home? are you sure I can touch your TV? are you sure I can modify your TV?" I signed up, I paid for it, I told you I want it, just do whatever you need to do to give me it.

No. If you opt into buying my camera, since it is explicitly necessary to do all of that stuff, the consent is given as part of the buying contract. I just need to clearly state and explain that. If you had to gain access Facebook or instapaper via a huge opt in order form (let's say a pop-up detailing exactly what happens to your data), then it is equivalent...and that is exactly what GDPR requires

> From a business POV, I already treat user data with utmost regard, and my users know that. Similarly, I trust that the companies I willingly give my data to do the same. There are probably some bad actors in the mix, but I doubt they're going to bother with compliance anyway. Having to go out of my way to prove that data trust is there to a third party completely uninvolved with the contract I have with my users, and to spend hours and hours implementing new workflows and pipelines for out of scope functionality that needs to be maintained indefinitely -- this is not good for a business. It's bad for small businesses because it sucks up time, money, and other resources, and it's bad for big businesses because it opens up such a huge area for litigating non-issues. It might have some value to users, as I said elsewhere, but it's a heavy-handed regulation that is too overreaching in its implementation, in my personal opinion.

If you already do everything that is commonsense data protection, which is the bulk of what is required by GDPR, then all you have to do is documen that. If you cannot guarantee that the data is not shared, then the third party isn't uninvolved in the contract you do with your users.

Honestly, think of my data as something I own, like my house or my car, and GDPR becomes easy. Think of it as something you "create" by tracking me on your site, and your point of view becomes easier. I like my world better

[wilsonnb]

I have a hard time seeing any justification for your view. Why would you own data about yourself? Do you own your name? Do you own the fact that you went to taco bell for dinner last night? Can you sue someone else for knowing you went to taco bell last night? Should it be a crime for someone who knows your name to tell someone else your name? What if they do it for money?

"Owning" data about yourself is a very strange concept to me.