It will become interesting with GDPR, when customers start to revoke their consent to exchange data with credit scoring companies.
I was only referring to the remark about credit scoring companies which I believe to be wrong
In what way is the law used arbitrarily? I would like some sources for this claim.
The thing that may feel arbitrary is simply the fact the laws in Europe actually enforce privacy, whereas a company, and people, form the US expect that these laws are teethless.
Across international boundaries where those laws may be difficult to enforce because other countries are not in sync with them? Hell yes. Call me cynical, but...
In Germany where data-leaks (which are a symptom of insufficient data protection) at telecommunication providers seem to happen on the regular, with no (reported) punishment as a result, yes I think that is a bit naive.