[ceejayoz]

I'm more inclined to blame the US government for a lackadaisical approach to privacy over here. I'd love GDPR-style protections for the apps and sites I use; implementing them on our apps was a pain, but made me jealous.

[systemvoltage]

I know people at PC Engines, a Swiss company and they had to deal with GDPR a couple of years ago. The owner just said fuck it and put this up: https://pcengines.ch/privacy.htm

I am pro-privacy, and generally agree with well designed and targetted regulations. There should be provisions for making it easy for GDPR compliance for the little guy. There are none.

[ceejayoz]

"Swiss law requires us to archive business data for 10+ years. This means that we do not have the right to 'forget' you."

This is a complete misunderstanding of GDPR, which carves out common-sense limitations for exactly this sort of scenario.

https://gdpr-info.eu/art-17-gdpr/

> Paragraphs 1 and 2 shall not apply to the extent that processing is necessary... for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject...

A criminal in the EU can't go issue a "right to be forgotten" request to the prison system, for example. They have a legitimate reason to decline it.