[ocdtrekkie]

Fundamentally, I think we need two key concepts:

- US equivalent of GDPR: A law that would guarantee us the right to control data about us, be informed of data collected on us, and request a copy or delete that data. The critical impact here is to protect our privacy with regards to corporations.

- A generally-defined right to privacy: The EU enshrines privacy as a fundamental human right, the US equivalent would be for us to define a general right to privacy as an amendment to the Constitution. Much like the original Bill of Rights, I would like a right to privacy which is more solidified than the implied one built on other existing rights, but open to interpretation enough to allow for it to adapt to changing situations in the future. The core concept here is to protect our privacy with regards to the government.

[dalbasal]

Parts of the gdpr are good. Imo, these are mostly the data security elements (leak reporting to users and legal barriers data selling).

The consent/privacy elements are near useless, imo. In practice, they amount to a "we value your privacy" notice. I don't think individually "negotiated" consent for users visiting a website or downloading an app is useful or privacy promoting. It just amounts to "tick this box to use this app," most of the time. Other times, there is a UI actively directing the large majority of people away from the rational choice.

[ocdtrekkie]

I disagree wholeheartedly. In many cases the "tick this box to use this app" is not GDPR compliant, and once more enforcement is done, you'll see this pattern diminish or go away. Businesses will eventually transition away from surveillance capitalism, as it becomes increasingly less profitable and it's visibility makes products using it increasingly less appealing to consumers.

Furthermore, GDPR is already in effect in the EU, and multinational companies already have to follow it. There's no reason for us to fail to implement all of GDPR, since so many already have to implement all of it anyways.