It can go both ways. Just because a company has done something that deserves to be regulated does not mean the regulation itself is a good way of accomplishing that. For what it is worth, I think the EU for the most part is doing alright in some places with some severe missteps as far as encryption and privacy goes.
I've honestly been pretty happy with it. It gives developers the ability to push back on shirt practices with "do you want to lose access to the European market?" Having that in the tool belt is very handy
Counter-point: as a programmer and data engineering working with large and small companies, GDPR has been of massive help to me, as the clients have now the concepts coined and I can back my stances with legal texts when it comes to protecting people data.
Not really. The methods companies use to skirt around the EU regulation has been the actual disaster. Case in point: The EU never mandated the cookie popups that proliferate the web. They simply passed common sense regulation about user tracking. But there's too much money to be made tracking your every move on the internet, so along came the popups that convince you to allow yourself to be tracked. Every time I see one I'm reminded of how relentlessly exploitative the modern web is, not how mistaken the EU are.
I'd say those are unintended consequences and should have been taken into account. The effective result of the regulation appears to be just to have added annoying popups and close to zero change in company behavior.
You have third party data brokers in the US which has everyone's data and sells it to anyone, you don't have that in the EU. I'd say that is a pretty big change.
There’s an open question of who is to blame when poorly written legislation causes companies (with fiduciary responsibility to their shareholders) find ways to follow the letter of the law but not the intent and create end results that are worse for the public.
The American perspective tends to be that if millions of users are suffering because thousands of companies are interpreting the laws created by a single legislature, we should tell that one legislature to fix their shit. (Note: not that they actually do fix their shit, but that’s who we yell at)
The European perspective tends to be that the thousands of companies should each be individually yelled at to fix their shit (Note: not that they actually do fix their shit, but that’s who they yell at)
Neither way is all that effective tbh. But looking at the end results, I must say I prefer using the internet outside of the EU. I always use private browsing, and the implementation of EU rules when browsing the web in Europe makes this an absolutely insufferable experience. Pages and pages of legalese I have to click through to access a single google result - when guess what, none of that applies because I’m browsing in private. The natural response for me would be to then disable private browsing and let google store its “you clicked through our bullshit” cookie to make my life easier — resulting in the exact opposite of the intended effect of the law.
Like I said, neither side is perfect, but using the internet “privately” is actually much easier outside of the EU vs in it. To me, that means we need to yell at the legislature. Opinions may very.
I have forgotten the recent example, but there are sites that don't have a banner at all because they don't track users and others that see the Do-Not-Track header and replace the banner with a discreet acknowledgement.
Good point, a reasonable response to the who debacle would be to get the legislature to mandate that a HTTP headset similar to do-not-track must be configurable on a browser basis and all requests that hold it must be seamlessly executed as if the user had pressed the “do not agree” button previously.
For the rest of the universe, it has been a pretty good deal.