Yes, of course they should be illegal. Why should US companies have the right to harvest our private information for profit and cause damage by mishandling it without oversight?
So sending a single email to a single EU customer from a non-EU server amounts to "harvesting your private information for profit" and merits a $20 million fine?
I have no problem with the GDPR that you wish you had, by the way. My problem is with the one that exists. It neither stops the wholesale harvesting of information nor actually benefits privacy.
I have no problem with the GDPR that you wish you had, by the way. My problem is with the one that exists. It neither stops the wholesale harvesting of information nor actually benefits privacy.