[yourenotsmart]

Are companies expected to follow laws the day they get signed, even if it might take over an year to implement compliance? Think about it. Because here's what happened:

> The penalty is the result of a 2018 complaint by French privacy rights group La Quadrature du Net, which filed numerous lawsuits against Big Tech companies on the behalf of 12,000 people shortly after the GDPR was established that year.

This privacy group waited for the law to get signed, and promptly sued every big company that clearly handles user data.

Do you think finding everyone a billion or two would help them come up with a time machine and go back in time to implement a law before it exists so they're compliant by the time it's signed? Curious.

[ithinkso]

You'd think that if this was a legit defense they would use it in court, instead of "There has been no data breach, and no customer data has been exposed to any third party" clinging to anything irrelevant, as I'm sure they don't hire incompetent lawyers waiting for an online poster to come up with a solution

I think GDPR discussions are always heated on the 'EU vs US' line because of different approach to trust in the govt. In the EU people tend to (surprisingly maybe) trust politicians more because they at least want to be re-elected and distrust corporations/billionaires because they want to increase profit. In the US, I think, it's different, there is a distrust in the government because they are here to get us and more trust (surprisingly maybe) in corporations/billionaires because they are just like me working hard to earn money

[denton-scratch]

The GDPR was enacted two years before it came into force. Companies trading in the EU had plenty of time to come into compliance.

LQDN didn't "wait for the law to get signed" - it was signed ages ago. They waited until it was enforceable.

It's worth pointing out that the GDPR is an EU "regulation". It doesn't have to be ratified by member states, and they don't have to implement some kind of compliant national legislation. This is very different from the previous EU privacy legislation, which required member states to enact suitable laws, which many of them were apparently reluctant to do.

The GDPR came into force the day the regulation was issued. It's just that "came into force" means that the 2-year breathing-space provided for in the regulation began at that time.

[Edit: changed 3 years to 2 years]

[Symbiote]

"The GDPR was adopted on 14 April 2016 and became enforceable beginning 25 May 2018."

They had two years from when the law was made.

[input_sh]

If we're talking about GDPR, it came into effect on 25 May 2018, after being adopted by the European Parliament on 14 April 2016.

That's two years, one month, and 11 days for implementation. Those additional days are days after it was published in the EU's Official Journal. It's not EU's fault that companies waited until 2018 to give a fuck about it.