[xp84]

You can be skeptical but I’ve worked at multiple small businesses since GDPR and CCPA came to be, and each of them has zero interest in “selling your data” - everyone just wants to run ads and track which ones work. And yet complying with GDPR has been onerous and costly in every one of them. And did nothing to benefit our customers or website visitors. The only winners are the lawyers and firms that specialize in selling “compliance as a service” basically.

[metalman]

zackly right. two words ,in this case "unacceptable risk", which is absolutely impossible to define, so then, ha ha!, there needs to be deciders, whole heaping flocks of deciders, who them imediatly throw up a paper screen of "privacy concerns", and with luck the holey grail of beurocrats "national security" and then they can get to work destroying there budget, so they can seek further grants, and invent internal auditing procedures that have ancient bizantines crawling from there graves to see such wonders. smaller sub beurocracys can be built on one word, such as "saftey", and of course there is no upper limit, but two well placed words, and zam!, your in!