[hugoroy]

Hi - author of the post here.

The points in the post are really about GDPR basics. I'm not actually trying to explain or interpret anything. Instead, I am mostly paraphrasing, if not merely quoting the GDPR directly (and linking to the authoritative source - check for yourself).

The more blatant example is probably the first one, about "data use" v. "data collection".

There's just no way that the statements about GDPR "missing the point of data collection" can be characterized as a misunderstanding of the text itself. The text has explicit references to data collection all over, including in the definition of the most important word, i.e. "processing".

So I think that, as these examples show, it's not really about misunderstanding on the other side of the Atlantic. I think it's more about baseless misconceptions and myths being thrown out here and there. Ask yourself: Why?

Edit: typos

[pjc50]

> as these examples show, it's not really about misunderstanding on the other side of the Atlantic. I think it's more about baseless misconceptions and myths being thrown out here and there. Ask yourself: Why?

That's just how discourse works these days. The bigger and scarier the strawman, the more people click on it.

[tannhaeuser]

So I have asked myself: why? But after 10 minutes I didn't come to a conclusion :) so could you share what you're after or give me a hint? Are you suggesting there's an anti-EU/anti-GDPR/anti-whatever campaign of sorts going on that makes people biased, or, more realistically, an intent to discredit GDPR by US advertisers who fight against similar legislation in the US? That may very well be the case, but I haven't noticed on HN specifically where the pro-GDPR camp seems to be (slightly) in the majority if I'm not mistaken. Or maybe you're criticizing snake oil businesses selling GDPR compliance solutions which aren't (as discussed elsewhere in the thread), betting on people being too lazy to read the GDPR when the GDPR law text is quite understandable as you rightly point out? Genuinely don't understand the general direction of your suggestion.

[rsynnott]

> Are you suggesting there's an anti-EU/anti-GDPR/anti-whatever campaign of sorts going on that makes people biased, or, more realistically, an intent to discredit GDPR by US advertisers who fight against similar legislation in the US?

I mean, in one sense, _obviously_. Most of the fearmongering around the GDPR comes from the ad industry (and to some extent from other impacted industries like the shadier parts of the debt collection industry, but they're much smaller and less noisy). I doubt there's an origanised conspiracy to discredit it as such, but most of the anti-GDPR talking points do ultimately come from the ad industry.

And this isn't that surprising, arguably. For most companies, the GDPR essentially means, at most, "your business model is fine, but your process is flawed; fix it". For large parts of the ad industry, it means "your business model is flawed; change it". Note that a lot of the ad industry complaints are around consent; either that it has to be asked for in the first place or that it's too hard to give accidentally. Well, yes, that's the point.

[Nextgrid]

> I'm not actually trying to explain or interpret anything. Instead, I am mostly paraphrasing

Yes, this is what I meant - apologies if this was worded poorly (edited it now). I was indeed referring to American's (wrong) understanding/interpretation of the GDPR you are referring to rather than your own article's interpretation of it.

> I think it's more about baseless misconceptions and myths being thrown out here and there. Ask yourself: Why?

Indeed it is, however misconceptions/myths can be referred to as misunderstandings. I'm sure there are business interests at play and why there's a lot of bad advice being thrown around in an attempt to demonize the GDPR and make it seem more annoying than it actually is, but if we were to only assume good faith then I think it's fair to call it a misunderstanding.

[p_l]

Locally (Poland) I had a feeling that a lot of the misconception was fueled by people trying to sell consulting on GDPR, when majority of the situation could be summed up as "remember the GIODO (polish PII protection agency) rules that you ignored so far? Now they have teeth".

But if you sold it as something more complex than "PII is like nuclear waste, you want to avoid it", then you couldn't sell high-priced "GDPR transformation services" or get lots of ad views on your spiffy web page :/

[Nextgrid]

Agreed.

There is a lot of money to be made in GDPR-related consulting peddling non-compliant snake oil. GDPR compliance is actually quite simple, however it is often detrimental to the business, so it's near-impossible to do "honest" GDPR consulting because you'd be telling your client things they don't want to hear and they would rather go to someone else that tells them what they want to hear, even if they don't actually solve the underlying problem of compliance.

That's the only reason I can think of why non-compliant consent management solutions (such as TrustArc) are thriving despite even a casual read of the regulations would immediately point out that they are not compliant and thus do not help to achieve the desired goal of GDPR compliance.

Unfortunately there is no enforcement at present so there's nobody out there to set the record straight and scare companies into compliance (potentially getting them to sue the consultancies for their non-compliant solutions).

[p_l]

At the same time, looking at all "parties" trying to track me on random website, my core question ends up being "why the everloving fuck why?".

A lot of actionable data for many a business can be safely separated from PII. Simultaneously I have hard time understanding why a simple website might need 20-50 different tracking services, all 3rd party. In my experience, that's the typical kind of business that was targeted by dishonest "GDPR consulting".

For majority of businesses that I talked with, GDPR compliance could be handled by implementing a set of rules that fit, normal font, on A4 page. There are few that truly required more, but those also had that data as crucial data, and that's where good honest consulting could do a lot of good.