[13years]

But is GDPR really making the kind of difference people wanted?

What I see, is that mostly companies continue the same behavior, but now with a disclosure you are prompted to accept.

I predicted everyone would just accept those terms in exchange for free services they already have invested into. Now we just have an extra annoyance. Has anything substantially changed?

[idrios]

Just a few hours ago there was an article on the front page about yet another tech giant getting hacked and losing contact info on hundreds of millions of users [1].

A GDPR in the US should have the power to audit companies and ensure compliance, just like the FDA does with health-tech companies.

On the user side you might only see the effects of GDPR in the form of cookies that were added as a quick-and-dirty solution for companies that have built an infrastructure whose revenue model requires collecting user information. On the other side, law also gives a vector for the government to step in and demand changes to companies that are fast and loose with user data.

If we'd had an effective GDPR in the US, the Equifax breach that lost everyone's social security number may have been prevented and they might have faced some kind of real repercussion when it did happen. Instead, data companies still get to privatize gains and externalize losses.

[1] https://news.ycombinator.com/item?id=18117322

[JumpCrisscross]

> GDPR in the US should have the power to audit companies and ensure compliance, just like the FDA

This is wanton overregulation. All we need is strict liability for data loss. After a few years of watching cases play out in the courts, we can revisit to see if more onerous regulation is required.

[idrios]

I think auditing needs to be part of it too. Otherwise what's to stop companies from just never disclosing data loss? The way I understand it, right now companies intentionally don't look for data breaches so they can claim ignorance if anything comes to light.

[icebraining]

accept those terms in exchange for free services

Such exchanges are illegal under the GDPR. Consent must be freely given; if access to a service (that doesn't require that data, or that use of the data) is dependent on it, then it's not valid.

[vsl]

That was OP’s point. Some people, like me, want to freely accept such terms. I don’t give a damn about some cookies tracking. What I do give a damn about is making my own choices.

The entirely predictable consequence of making this trade illegal is that I can’t even access information on sites that have minuscule EU revenue, are too big to be afraid they might become a target, and can’t afford to provide me their services for nothing.

The Great European Firewall is a thing now.

[jorisw]

The GDPR is about a lot more than that, which can't be simply covered by a one-click TOS.

https://www.itgovernance.co.uk/articles-of-the-gdpr

[vsl]

Well, you can’t even access some major news sites from EU...

[jnurmine]

European news sites work fine without problems for Europeans.

What does one in Europe gain with reading, say, American news sites which have a mostly local (e.g. American West Coast) focus?

Sure, one may find more entertaining news in a way, and get perhaps another perspective, but I would say that this perspective is obtainable via other means. It is usually even spelled out in the news articles themselves, but perhaps not explicitly. So what does a European really lose by not being able to read, say LA Times, or a news provider from Kentucky?

Not trying to troll.

After the GDPR I noticed I was not able to read some sites. First I was a bit annoyed, then realized the links I tried to access were to some random US news sites. I realized I should be interested in more local happenings versus those in a remote place that is beyond a vast ocean. Also, I wanted to know in more detail what world events mean for me and my area, since that is where I live. And I want to avoid political paint in my news, as far as possible.