| Agree, you're basically adding another middleman which now also has all your data. > Same with GDPR. I often ask companies to remove my data, and legally they should, but I highly doubt many of them do indeed scrap all my data Anecdotal: When GDPR came, the companies I worked with/in took it REALLY serious and spent huge amounts of money and resources to change ALL of their processes to label and clearly isolate data with customer-identified and identifiable content. Not necessarily because they had a change of mind about privacy, but because the risk and the penalty if found non-compliant was so high ("up to €20 million, or 4% of worldwide turnover for the preceding financial year – whichever is HIGHER (!)", PER incident!).
Some level of user-data privacy was already in place, but suddenly all understood the risk of not sufficiently isolating identifiable data (data which in itself is not personal information, but could be combined with other data to identify the user) So at least in my direct experience GDPR caused a huge shift in many company mindsets from "let's store now and review later" to "wait, what is this data?", and all departments which store data from the field had to start answering to a data protection entity within the company about all the data they have or intend to collect. It literally forced companies which always played with the idea of one day utilizing harvested data to create some undefined value in the future to challenge themselves. And many companies concluded "we don't know what type of data we have, it's too risky/expensive, scrape the servers and delete it". Those were all large international companies though, maybe smaller companies acted differently. And for sure your typical data-collecting companies (FAANG) are a completely different story. But the complexity for a small company with smaller processes to become GDPR-compliant is much lower, with the penalty risking to not just hurt you but immediately send you into bancrupcy. So for a small company especially in Europe it would be plain-stupid to not have GDPR-compliant processes... |