[DisjointedHunt]

The GDPR delegates the specifics of the requirements to the DPA of member countries.

The French CNIL, for example, has already fined Google and Amazon $100M+ for this very issue: https://www.huntonprivacyblog.com/2020/12/14/cnil-fines-goog...

GDPR is a nightmare and a case study in how regulations can terrorize entire industries or the abilities of individuals to innovate freely. Just read the chronology of events in that link above and try playing devils advocate that the CNIL did not amend those laws to specifically target these two companies. It's scary.

[alisonkisk]

They amended "rules", not "laws", which is what rulemakers do when they discover behaviors that violate the law (subject to interpretation, as intended) but not the rules.

[DisjointedHunt]

^Are you seriously making this argument? It seems you either have not read the linked story, or you don't understand that the CNIL issues guidelines that are the "law";

The decision to overrule an earlier revision by the Counseil D'etat alludes to the guidelines themselves as a measure of "Soft law".

Regardless, making an argument on the semantics of a word instead of the glaring arrogance on display where Government agencies or lawmakers can retroactively change the rules to seemingly target individual companies is ridiculous.