This site seems like a great example of how the EU forces productive folks to jump through all kinds of regulatory hoops. Hopefully it’ll help them navigate the complex legislation.
I'm sure in your country you can catch rats and serve them in "special stew", not bother about basic hygine, have under-counter cameras taking pictures up skirts, have no requirement to ensure that customers don't get electrocuted, etc, and you love it.
Most countries in the world though has governments which ensure basic rights, and if you want to do business in those countries you follow those laws, no matter how it may reduce your profitability
The fact that 'productive folks' have been engaged in a chicken race with the regulators since GDPR came along in 2016 is entirely on them.
The second shoe dropped with Schrems II in 2020, and the race to find plausible technicalities to keep doing the same thing continued. Still no real attempt at fixing the problems.
If they had followed the spirit of the law rather than trying to get away with dubious technicalities, there would be no mad scramble to fix things now when it turned out those technicalities were in fact hopeful thinking at best.
You're only on the watchdog's radars when you are a large company, in which case you should have an entire department devoted to complying to legislation anyway.
Somebody has been fined for reporting illegal parking to the city. Yes really, they say he has no legitimate interest in reporting people who park on the sidewalk in a way that's endangering pedestrians.
Go to https://www.enforcementtracker.com, which collects and publishes GDPR fine information. Type in "Private Individual" as a filter in the "Controller/Processor" column. I see twenty-ish results, mostly from Spain. My Spanish is rusty and non-technical, but I think some of those fines are about posting videos to social media.
> 2. This Regulation does not apply to the processing of personal data:
> (c) by a natural person in the course of a purely personal or household activity;
There is an exemption for private individuals conducting their personal affairs. But it still applies to private individuals acting in a public space. Article 4 also reinforces that a Controller may be a natural person.
I cant think of anything other than personal or household activities.
Unless youre talking about one-person companies. But then, I consider them companies, even if they are only one person.
This is one of those things where different countries take different approaches (or at least have different pointes of emphasis). But the classic example is a security camera you install on your own house (or these days, a doorbell camera). If it can only see your own property, that's a household activity and is not covered by GDPR. If it records video of people walking on the public sidewalk outside your house, then GDPR applies to that recording.
As noted elsewhere, most of the fines against private individuals have been issued by Spain. And my mediocre Spanish literacy leads me to believe several of those fines are for posting videos on social media.
Most countries in the world though has governments which ensure basic rights, and if you want to do business in those countries you follow those laws, no matter how it may reduce your profitability