|
|
|
|
|
|
by gnode
2543 days ago
|
|
|
There have been a few fines, including the large 50M EUR fine against Google. Despite this, compliance has fallen short of many peoples' expectations. Being presented with consent dialogues where it is not possible or practical to decline consent is still commonplace. Hopefully the rate of enforcement will further increase and compliance attitudes will improve. |
|
|
Indeed. Are the following two statements true or false?
1. Major data hoarders, including online giants like Facebook and Google and traditional data brokers like credit reference agencies, are still hoovering up huge amounts of personal data and processing it in ways that some or all of the data subjects don't understand and to which they can't therefore have given their informed consent (assuming they are aware of any processing and have given any consent at all).
2. Governments and organisations with ties to governments are still hoovering up huge amounts of personal data allegedly for purposes involving security with little meaningful oversight and little need to demonstrate effectiveness or proportionality.
Until statements like these are false, data protection and privacy law isn't really protecting people from the biggest threats anyway, and the main positive effect of the GDPR is just to give the regulators the ability to impose fines for things that were mostly prohibited anyway but now on a scale that is significant to large businesses. That in itself is probably no bad thing, but if that's all it achieves then it's far from clear that it's been worth the huge implementation costs and the uncertainty it has brought even to honest organisations.