| >Is it not obvious that politicians don't want to bust their biggest (potential) campaign contributors for GDPR violations? In the UK, campaign contributions are almost completely irrelevant. Political parties can spend no more than £46,000 per candidate at each election. Our major parties literally have more money than they can spend. Most European countries have similarly strict campaign finance legislation. >Isn't it obvious that we don't have any more privacy now than before GDPR, because governments are still spying the shit out of us all? Corporate data mining and political surveillance are somewhat distinct issues. Here in the UK, government agencies have relatively broad powers to collect and use data on citizens. In Germany, privacy rules are extraordinarily strict. As long as member states are abiding by the ECHR, it's a matter for their national parliaments. >In light of that, is it not obvious that GDPR's real goal is something other than improving our privacy? No. >Do you genuinely think governments (or EU bureaucrats) actually care about us or our privacy? Some politicians are obviously pro-surveillance. Some are strongly pro-privacy. That's sort of how democracy works - a democracy where all politicians agree on everything isn't much of a democracy at all. There are major differences of opinion between member states and within member states, differences of opinion between parties and within parties. There are three parties in Germany's current coalition government, all of whom have significantly different policies with respect to privacy. >And gosh, it sure makes it more difficult for small businesses to stay viable, and wouldn't it be nice for big corporations to have fewer potential competitors/disruptors around? GDPR has little or no impact on a large proportion of small businesses, because their businesses don't depend on the processing of personal data. If your data processing operations are small-scale, straightforward and legitimate, it isn't hard to comply with GDPR. Some small businesses have been significantly impacted, mainly because they have been flagrantly disregarding the Data Protection Directive for many years. Most of the GDPR isn't new, it's just the old data protection laws with credible powers of enforcement. The changes made by the GDPR are mostly updates to reflect the changing nature of personal data processing. The Data Protection Directive came into force in 1995. At that time, nobody really anticipated the sheer scale and pervasiveness of personal data harvesting that the internet would facilitate. |