IMO, the problem with GDPR is the same problem we have with a lot of European laws. There's nobody who's incentivized to enforce compliance.
If you were able to sue for GDPR violations, either on your own or in a class lawsuit, you would have an incentive to prove that the violation has indeed occurred. As long as your lawyer was working on commission, they would share that incentive.
As it stands, all you can do is file a complaint with your GDPR office and hope it makes a difference. You don't get any money from that, so hiring a lawyer to get such a complaint right is an expense you will not get reimbursed for. More importantly, the person investigating your complaint is probably on a salary, not a commission, so they don't personally care about how successful they are.
Compare that to the ADA[1], for example, where you literally get legal firms looking for disabled Americans, finding places that don't comply with the law and suing them. Enforcement was partially privatized, and the free market, as it often does, found a better and more efficient way of enforcing the law than the government could dream of.
> Enforcement was partially privatized, and the free market, as it often does, found a better and more efficient way of enforcing the law than the government could dream of.
I'm not a fan of this. You're replacing one kind of dark-pattern wielding, stain-on-underpants-of-society, predator with another!
You will spawn industries of failed lawyers going after the easy money, i.e. clueless everyday people who inadvertently misconfigured wordpress and can't afford a lawyer when they get threatened with court cases if they don't pay the extortion fees.
Just like asshole copyright lawyers under Germany's shitty jurisdiction extending their disgusting and threatening attacks on everyday citizens around Europe who dare to have a personal webpage without being experts in copyright law. As with ad-tech, also not the kind of enterprises we need to have in our society. Also wouldn't shed a tear for that industry to just die.
If you do this kind of thing you need to directly target the companies enabling the illegal behavior, not the website owners.
You can actually sue under the GDPR and get compensation.
Article 79 explicitly gives data subjects "the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation"
Article 82 states that if someone has "suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered".
Everyone and their dog who has been getting away with bad behavior is going to take that stance as a stalling tactic. It might be true, but either way it's going to have a lot of bad-faith weight behind it, so we need to make our strategy robust to that inevitability.
I'll default to skepticism but keep my mind open to proposals that are concrete and specific.
Yeah like instead of having them on the street, they could have a shop and you could tax them a lot and make sure people know what they are getting into.
Same with sharing personal data - maybe not a bad parallel :)
If you were able to sue for GDPR violations, either on your own or in a class lawsuit, you would have an incentive to prove that the violation has indeed occurred. As long as your lawyer was working on commission, they would share that incentive.
As it stands, all you can do is file a complaint with your GDPR office and hope it makes a difference. You don't get any money from that, so hiring a lawyer to get such a complaint right is an expense you will not get reimbursed for. More importantly, the person investigating your complaint is probably on a salary, not a commission, so they don't personally care about how successful they are.
Compare that to the ADA[1], for example, where you literally get legal firms looking for disabled Americans, finding places that don't comply with the law and suing them. Enforcement was partially privatized, and the free market, as it often does, found a better and more efficient way of enforcing the law than the government could dream of.