Thanks for the link, but I don't think the raw legal document is the most readable form for a layperson. Here's a more structured version: https://gdpr-info.eu/
To elaborate on my original point: the GDPR establishes privacy and data ownership as human rights. The remainder just elaborates on what that means in practice and addresses when and how business interests might outweigh those principles.
If your business model is incompatible with the GDPR, this almost always means you're intentionally or carelessly violating someone's (typically at least your customers') privacy or their rights to own and control their data. Note that there are many cases where those rights can already be limited for business reasons -- we're only talking about cases where not even those exemptions cover your behavior.
That's why I'm calling such business models "abusive". You're intentionally ignoring your users' rights or you're intentionally neglecting to consider their rights.
I call them "defunct" because even if you exist outside the scope of the GDPR right now, you will likely eventually either enter that scope or have to cooperate with companies who do -- at which point your non-compliance will become a defect. If your non-compliance is inherent in your business model, that defect cannot be resolved.
Your link makes it more clear that this regulation is 99 articles across 11 chapters. Anyone familiar with the practice of law could tell you that the interpretations of various judges and bureaucrats will multiply the material to consider. It's true that most law in most nations is like that, but even if I don't completely understand the laws where I live and work, I (perhaps foolishly) have the idea that I'm part of a conversation about those laws. If my neighbor is unfairly harmed by a law, I'll know about it and will adjust my behavior and politics accordingly. When I have lived and worked overseas, I have understood myself to be a guest and have taken particular care not to violate local norms.
This thing is not like that, because it is a regional regulation intended to have global consequences. The Podunk Gazette of Podunk AL has no idea how EU regulations work or whom to lobby to get them changed. You're probably right that EU doesn't care about this newspaper, but they do care about e.g. LAT or WSJ. Where is the cutoff? Who knows?
This is true even if we stipulate that GDPR has the wonderful properties you claim, which I doubt. No one running a business wants to assume something like that.
> That's why I'm calling such business models "abusive". You're intentionally ignoring your users' rights or you're intentionally neglecting to consider their rights.
GDPR is not just about preventing abusive behavior, though. If I sell someone my data, arguably the buyer should become its owner in full extent - GDPR makes that impossible even if both parties are fully informed and willing.
What does it even mean to be "owner" of personal data? "Ownership" is a term that's intentionally not used in privacy law, since it doesn't matter all that much.
Yeah, that's exactly the problem - the clash of privacy and ownership laws that are basically contradicting each other at the moment; data can be owned, but not really, but really...!?!?
For other types of data, copyright breaks that model too, and other immaterial and material possessions come with various legal restrictions too. Ownership hasn't universally meant "can do what I like with it" for a long time, so maybe thinking purely about ownership isn't a very useful model if you want to know what you can do.
Copyright doesn't break anything, it extends the ownership framework. I don't agree with it, but it's clear enough. GDPR and other privacy laws introduce a completely new contradicting concept.
just VPN in though, if you really want to see
torguard has a nice interface to switch servers pretty easily, but note that it changes the traffic from your whole computer and not just a browser