“It’s the end of the world as we know it, and I feel fine.”
“Oh, c’mon now, I think you’re overstating things here just a bit!” you’re probably thinking by now. Sadly, I’m not. This is the first time that any law or regulation has had GLOBAL reach.
“There is nowhere to run to, no where to hide.”
It does not merely pertain to companies operating in Europe, no, it governs any company anywhere in the world that may at any time count an EU citizen as a customer or even merely a website visitor. That might be all well and good if it were merely a recitation of privacy best practices. But no, this regulation has teeth – velociraptor sharp and deep. The fines for violation of this regulation are specifically designed to put all small to midsize businesses into bankruptcy overnight. The fines range from 10 – 20 million Euro (12 – 24 million dollars) at a minimum! And that is for a single offence! To put that into perspective, according to IRS figures (2013 latest year available) 99.685% of all US business make less than 12 million a year in profit. Or stated differently only about 18,000 US businesses out of approximately 6 million could conceivably withstand such a fine. That is the recipe for serfdom. That is the recipe for what all regulations do to some extent (favor large businesses at the expense of the small) but at a scale that would all but ensure no one could ever again rise above the station they were born into by starting their own business. The least little misstep in following every little dot and tittle of this (and most assuredly future) regulation would leave the nascent entrepreneur crushed like a bug under the heel of Paul Bunyan. “But I’m in the US, they can’t touch us!” you say. Unfortunately our government will be all too willing to help out their EU cronies just in the same way that the EU has been complicit in enforcing the absurd US tax law known as FACTA (which basically treats any US citizen with an overseas bank account like a criminal). GDPR fines are the equivalent of the death penalty for jay walking.
The premise behind this regulation is itself flawed as well. When even someone’s name is considered “private” information I think we can say that privacy regulations have “jumped the shark” and entered full on SJW territory of head spinning absurdity. In short, there is no right to privacy. You do not have the right to walk through the public park and then insist that everyone who saw you must be beat over the head until they have no memory of you walking through the park. That is what this regulation does. It substitutes state violence for personal responsibility. If you don’t want some website to have your information, then don’t use the website, it’s that simple. If you don’t want some company to know where you live because they had to ship product to your house, then don’t buy from them. Don’t ruin society and the internet for the other 99% of us who don’t give a crap if some website stored a cookie in the web cache about the last visit there.
Privacy is a negative right – it is up to you protect it. Using the state to point guns at people to make them do what you want doesn’t count as you doing something – unless you think violence is the best way to solve problems.