[frereubu]

Something I often see in discussions about GDPR on HN is that the law is vague. A hugely valuable comment on a previous GDPR discussion (which unfortunately I've been unable to track down) pointed out a marked difference in style between US and EU law. In the US, laws are usually very detailed and explicit about what will happen in all cases. If that's what someone is expecting, EU law is indeed very vague - because the underlying idea is that judges are trusted to interpret law in the context of constitutions, precedent and so on. EU citizens are much more used to this kind of language, so many of the discussions on here are people shouting past each other because there's a more fundamental issue about the way laws are phrased. If you're in the US and want to quibble with the language, please bear in mind the broader context of EU law. And if you're in the EU please bear in mind that people in the US are used to much more explicit legal language. If we all did that some of the discussions on HN about GDPR might be more meaningful.

The other thing that seems to happen a lot is that people are looking for a stick - any stick - to beat GDPR with. The current top-voted comment - https://news.ycombinator.com/item?id=20279249 - is a prime example. These lists of fines often don't give context (which, to be clear, is a failing of the list too) and often when you dig into these things you'll find that the ruling is entirely sensible. People need to give a bit more credit to legal systems than to think "Someone was fined 2000 euros for using CC instead of BCC in his little mailing list newsletter of 150 people in Germany" could possible be true. If a fine seems ridiculous, do a bit of digging before you take a short summary at face value, and you won't be left with egg on your face when people point out what actually happened.