And I give less than zero shits about any startup whose business model necessitates violating my privacy--if privacy laws create barriers to entry, that's absolutely fine. The rights to privacy that some new laws could give us is simply more important than that.
A legal regime that does the former without doing the latter? Sign me up. One that does both? Well, I guess I do still get privacy laws, but are they worth a damn if the latter is among their effects?
The GDPR is very expensive. Every data processing activity needs to be auditable, every customer relationship needs a data processing agreement (and each new custom one needs to be reviewed by legal), we now pay fees to all sorts of data protection authorities. On top of that, it forced us into a new, more expensive insurance policy.
What fees? In the UK you have to register with the authority (as UK companies did before) and that fee had a max of £2900 per year for companies with a turnover greater than £36million or more than 250 members of staff
Orgs under that limit pay £35 - £60 depending on size. Non profits pay zero, companies who only process data for things like staff admin pay zero, there are other exclusions