| German here. + I like the right to be able download my personal data dump on platforms - cookie banners are a total pointless waste of everyone's time - institutions and organizations use "data protection" and "privacy" as generic gaslighting argument for things they can't do and/or lack competence in and as an excuse for keeping their 20y+ old processes - consumer data is no way safer than before, just the means of collection have changed - the law is so interpretable (e.g. "what is exactly PII data? IP addresses? the evercookie? what is an evercookie?") that, without blindly copying implementations from other sites, you'll probably end up in a grey area - they started using GDPR for politically motivated unrelated prosecution. e.g. the first thing Italy did when ChatGPT went hype was using GDPR to quickly block the service. the case is only somewhat related because of scraped data for learning, however GDPR in my interpretation is about personal data. So all in all is it worth it? I guess no. But YMMV. |
PII is not even mentioned in the GDPR. It is a notion in US law.