[rglullis]

I was talking about the reality of the US, but even if I was talking about Europe: how does the GDPR even enter this equation here? I was never asked for consent to have my face recorded when I get into a shop in Germany. Were you?

[ragall]

Security recordings fall into the category if legitimate need, and have to be deleted after a short while.

[rglullis]

How is that enforced?

[carlos22]

Its not. Especially when using US Cloud services. And people do that. Hell even government run schools us GDRP-violating software and force the students to BUY them. The law is nice, the reality is different...

[ragall]

It doesn't need to. Those recordings are "radioactive" and can't be used in any legitimate fashion except by intelligence agencies.

[rglullis]

Plenty of data brokers operating outside of the EU who wouldn't mind the "toxicity" of the data they buy.

[ragall]

Or, I should say, things are enforced after the fact, through the possibility of criminal charges or civil lawsuits. Enforcement doesn't mean that crime is made impossible, just that there is enough deterrent.

[rglullis]

Except there isn't enough deterrent.

The big companies are still mining user data, they are just forced to use some extra dark patterns to trick people into compliance. Would-be criminals are not going to stop being criminals because of the threat of fines. And TLAs are not going to wait for due process to acquire access to data legally.

All that GDPR does is give the illusion that people are being protected and CYA for politicians and bureaucrats when asked "what are you doing about evil Zuckerberg?"

[ex-aws-dude]

of not if

[ragall]

The editing window is too short, unfortunately.

[ex-aws-dude]

Stop correcting people when you can't even spell worth a damn yourself, you're just adding pointless noise to discussions.

I don't want to have to read your noise.