- cross-posted to:
- technology@lemmy.world
- world@lemmy.world
- cross-posted to:
- technology@lemmy.world
- world@lemmy.world
Europe’s most famous technology law, the GDPR, is next on the hit list as the European Union pushes ahead with its regulatory killing spree to slash laws it reckons are weighing down its businesses.
The European Commission plans to present a proposal to cut back the General Data Protection Regulation, or GDPR for short, in the next couple of weeks. Slashing regulation is a key focus for Commission President Ursula von der Leyen, as part of an attempt to make businesses in Europe more competitive with rivals in the United States, China and elsewhere.
If they can make GDPR more simple easier to comply with, it would do wonders.
The only part of GDPR that requires any effort is the ability to export and delete user data, which is good design in software any way.
Most companies breaking GDPR go out of their way to break it
One thing that’s symptomatic for anti-GDPR sentiment in general are “cookie banner” discussions. As if the EU had ever told anyone they need cookie banners! You absolutely don’t need them if you’re not randomly throwing around data. And people should know better, just from seeing titles on said cookie banners like “Your privacy is important to us and our 1234 partners” (and that’s not even exaggerated!). In addition, “cookie banner” is a misnomer too, as the thing you’re really setting up is not cookie behavior but data-spreading behavior.
As an addendum: At a former employer, we ran an online survey which we announced through a small notification on the page. I didn’t want it to be too annoying, so included a “go away” button in the notification. That button wrote an extremely GDPR-compliant cookie that simply stored the preference. One of my co-workers was careless enough to casually mention this to a high-ranking American employee who then questioned me whether we shouldn’t include that cookie on the cookie banner, etc. It took a while to set that straight.
That American was the same person who was responsible for combining browsing behavior on employer’s website with a third-party chat provider, so either AI or human agents could open a chat box on specific people’s screens and ask them creepily specific questions about whether they’d like to buy any of the products they’d been looking at on former employer’s site over the past months.
There are a lot of people who don’t even understand the basics of what GDPR is trying to do but whose job it is, to create GDPR-compliant things.
Actually, it’s quite easy to comply with. Don’t collect any data you don’t need in order to conduct legitimate business with the person you’re collecting data from. Delete collected data once you don’t need them anymore. And you’re done.
Maybe in your field? Tell that to healthcare workers. Don’t you want your doctor to know about your medical history and what medications you’re taking, without having to wait and see you first to be able to ask you? GDPR HAS to be revised.
There is a legitimate reason for the doctor accessing those data, so there isn’t a problem with the GDPR. No need to revise it for that.
I‘m afraid they‘re aiming to erase privacy instead, but I have hope I might be wrong.
If a proposal comes from Mrs VDL, you can always assume the worst, and the most corrupt option imaginable.
Its not that complex in practice. The problem is that there it’s industry is trying to make it seem more complicated than it is so you’ll have to hire one of those contractors.
Seems to me like the EU wants to pander to the USA to get market access. Alphabet, Microsoft and Meta are licking their lips.
It’s about the same with DORA.
What do you find hard to comply with? What would you “simplify”?