The market was working fine.
GDPR puts the citizen/customer in power of their own data. They can ask for their data, they can ask for it to be deleted, they have (however shitty the UX) control over where it goes. They can contact large corporations and request these things and be heard out.
I don't know how to explain it any other way: These things are fucking important.
As for your organization's GDPR expert who doesn't know anything about anything, this sounds like a "your organization" problem. Replace GDPR with some other acronym such as HIPAA, PCI or even SEO or PHP, it's still your organization's fault for hiring someone who doesn't know their stuff. How is that GDPR's fault?
Edit: Yes, keep downvoting facts. GDPR isn't just cookie warnings, how is that controversial?
I believe that thought is treated as an axiom by some and an under-tested hypothesis by others.
It's kinda like other rights such as free speech. Some people don't need/use it. Some specific people might arguably be better off without it. But Everyone needs it; as in, it needs to be available to everyone for it to work.
Internationally, reasonable disagreement on rights seen by some as fundamental is to be expected.
It's also worth pointing out that the right to bear arms, by its origin, should probably be called the "right to revolt". While this is still a controversial issue for governments (governments don't want revolt), it's less controversial for citizens.
Larger arguments are in the space of tradeoffs. What could companies be doing with the engineering resources devoted to GDPR compliance (including compliance with the consumer-frustrating applications of the law, like the cookie walls)? Since the US doesn't have a GDPR compliance law (and companies in the US only comply when they want to do business in the EU), we'll probably see with time whether the inefficiency introduced is worth the tradeoffs in a highly-competitive world of software services.
I'll give you though that the addition of human processes in there present more security risks. I'm doubtful about the addition of safety risks though.
I dunno, this all seems like an extension of the risks we already have. More data, what of it? If an account with sensitive data is compromised, you're most likely fucked regardless of whether the hacker gets a hold of that data.
It also doesn't matter if people aren't educated and don't care.... or simply don't care if they are educated.
It's not clear to me that any progress has been made by GDPR in those areas.
Before the sale was executed, as a EU citizen I was informed that my consent was required for the transfer of my personal data to the new owners.
I did not consent. My data is not in the hands of the new owners. And under GDPR, I was able to request all the data they had on myself in order to make an archive of it before the execution of the sale.
None of this was possible a year ago. Know your rights, use them, you'll get to appreciate them.
But I think it might be a case where Troy notes, you're educated on the topic, and like cookie tracking, you probabbly could have dealt with cookie tracking before GDPR too on your own.
I'm not at all sure that applies to more than a handful of people. If that's the case, GDPR is not helping most people.
Most people don't know how to read nutrition labels either; they're still there and it's a good thing they're there. Do you think they should be removed simply because people don't know how to read them?
I can make the same argument as to why I believe open source is important. Most people don't know how to read source code.
I've seen nutrition labels reworked repeatedly.
Privacy laws aren't going to be helpful if most people don't know. Even if I opt out on say my phone... it doesn't matter if they get much of the same data form my friend's phone, about me...
I think there's a lot of GDPR banner waving and it's really not helping. People think any criticism of GDPR is a suggestion that it shouldn't exist. You can belive in the ideas, and think GDPR has failed too.
> People think any criticism of GDPR is a suggestion that it shouldn't exist
Untrue; what I do repeatedly see though is people who think that just because GDPR has flaws, the whole thing needs to be ripped to shreds and we were better off without it.
You can't say "I liked it better before GDPR because cookie warnings".
I think many people specially on HN understand the implications of using cookies and also understand the privacy concerns by 3rd parties taking their data. What I don't understand is why there are people who assume almost everyone has absolutely no idea or concern about any of these things and therefore advocate for pushing horrible and half-baked regulations like GDPR unto the dumb masses.
What it is however is a major step up from before. It's an excellent start. You won't do any better by scrapping the whole thing and starting over. You can improve it.
Explain to me why you're better off without it.
GPDR is both imperfect and awesome.
I'm not saying cookie warning is 100% the result of GDPR but it as sure as hell is a side effect. We must be careful about possible outcomes of our actions no matter how noble our intentions. Go ahead downvote!
The idea that, because it's about you it's therefore yours, is wrong.
You don't want these rights and protections in the US? Well good news, you don't have them. They still apply to us however.
Almost no cookie warnings meet the law and many of the ones that do could use a different lawful basis and not show a dialog at all.
So what do you do if your website literally cannot function without cookies?