|
|
|
|
|
|
by BlueZeniX
1280 days ago
|
|
|
Everyone saying "muh GDPR" has no clue none of it applies to financial transactions. To get a PSD2 "Open Banking" license one needs to KYC every user and keep every transaction that passes through the system, for 5 years, including the KYC data. Being PSD2 licensed doesn't even make you a bank. Just imagine what an actual bank has to keep around... Also every business has to keep invoices and transaction data around for tax audits, usually 7 years. So you can GDPR delete request all you want, but the shop where you bought that thing still has to legally know you've bought it. |
|
|
Europeans often explain that they see the need for strong privacy laws because of their experience with totalitarianism (Nazi and Communist regimes). But most of those laws regulate private-sector databases and private-sector data collection, not law enforcement or intelligence; and many of them actually contain explicit exemptions for governments.
Clearly, governments have made lots of use of private-sector databases, so it's not as though they're not a risk if you're concerned about totalitarianism. But wouldn't it make sense to focus more on the state than on the private sector?
I know Europeans (especially in the 2000s) have been quicker than people elsewhere to endorse the idea that all state activities (including those of security agencies) need a legal basis and should comply with necessity and proportionality. So that's cool. But I still don't see how the intuition works like "the SD / Stasi / KGB were spying on everyone and that was awful, so we obviously see it's important to restrict ... private-sector databases! but not (as much¹) state access to financial, travel, location, and communications data".
¹ clearly there are some regulations, and they get fought over in constitutional and European courts, but there's also a ton of "we have to make sure the state can monitor people" initiatives all over Europe!