[j2kun]

Many people are complaining about some fines, but here are some others I see that are evidence of this working extremely well:

- A police officer was fined for using his department's tools to get someone's private phone number for his personal use

- A rental agency was fined for leaving renter's private data (ids, etc) open to the public for six months after being notified of the vulnerability

- A company was fined because they were continuously filming their employees at work without explanation

- A political candidate misusing private citizen data for campaign purposes.

- Rental car companies tracking drivers by GPS without notifying them

- Hospital staff having fake doctor profiles to view unrestricted patient data

This is convincing me that GDPR is a great success.

[Matticus_Rex]

All but maybe one of those looks like it was illegal prior to GDPR, so I'm not sure GDPR is what you're praising.

[claudius]

GDPR unified and clarified all the different directions and laws active in EU member states before. So while most of those indeed were illegal before in one or more member states, all of them are illegal now in all member states. As such, GDPR does not really extend privacy protection de jure but merely helps enforcement by unifying protections de jure and hence allowing for a more efficient enforcement de facto.

[stordoff]

Which one, out of interest? I can imagine all of them being illegal in some member state.

[Matticus_Rex]

Depending on the circumstances (I didn't actually look into it) the rental car tracking could have been done in ways that were at least arguably legal under EU law (though at least several member states had legislation that would have covered that).