Because our government is not really interested in protecting its citizens from abuse at the hands of corporations.
edit: you can see this clearly in the way they pay lip service to "breaking up big tech" (whether or not that's a good idea, this comment is not a statement of opinion on that subject) because it's politically sexy on both sides, while all these other, arguably more egregious abuses of consumer data are so far off the radar that most people probably aren't aware they're happening.
If the government showed an interest in abuse at the hands of corporations, it might start getting embarrassing questions about abuse at the hands of 3 letter agencies.
If it is, the stakes are much higher since they have real penalties if they fail to disclose the practice or lose control of that data. Anyone in the EU can send them a request under the GDPR to learn what’s collected, so it’s much easier to get caught.
GDPR and the tradition of not allowing why wire tapping / traffic mirroring without telling the subject (unless you are the government and have a warrant).
Wholesale data collection has become normalized in the US. For-profits, non-profits, it doesn't matter the industry, everyone is obsessed with capturing as much data as possible and believe it's just the standard way of business. No one outside of HN cares about PII or has an understanding of things like GDPR (it's just for the Europeans). Consumers are clueless or otherwise feel hopeless.
Just want to say for the sake of others reading that this comment is exaggerating + generalizing a bit.
Everyone is not obsessed with turning data into revenue. Most smaller tech companies (ie. Sub billions in revenue) are not in the game of monetizing data. My feeling is the market exists mostly between very well establish and very large companies (such as ISPs, advertising networks), but that same market doesn’t exist between newer / smaller companies that haven’t reached massive scale.
To anyone in the EU: is GDPR something that your non-technical friend will have heard of and knows what it is? Or is it similar to the US, where 75% of people probably haven’t heard of it or if they have, couldn’t say what the regulation does.
Everyone in the EU has heard of it, at least for the fact that everyone received a whole bunch of email that mentioned it on May 25th 2018. I'd say a lot of people know that "it's about privacy"; the actual understanding obviously varies.
No one heard about it, at least in Spain. My father asked me about it because he heard it on the news, but I'd say that 99% of my non-tech friends have no idea of what it is about. Anyway, I work for a large telco and they are very paranoid liabilities involving data. It's a behemoth, so you wouldn't expect them to be this careful.
As far as I remember, they still sell some anonymized data (they had some demos on how to plan public transport with location data) and I'd bet they are not doing much with DNS data.
> To anyone in the EU: is GDPR something that your non-technical friend will have heard of and knows what it is? Or is it similar to the US, where 75% of people probably haven’t heard of it or if they have, couldn’t say what the regulation does.
Basically everyone who is in EU needs to keep GDPR in mind. Especially if you are employed, then you need to keep in mind GDPR for the interests of your employer so that they are abiding the law, and won't get fined. It is actually legal people who know GDPR very well; not so much tech people. In a lot of Dutch companies a "functionaris gegevensbescherming" (FG; data protection officer) is mandatory, who basically deal with PII, and have known about GDPR (AVG) ever since it was announced it was going to be active (2 years before it was active). The Dutch professional association for the data protection officer was founded in 2003 [1].
On top of that, it was widely covered in newspapers, daily news, etc. If you are in EU and you have not heard about it you are living under a rock, or you're not a working adult (nothing wrong with either).
Anyone working in an office will have probably come in contact with GDPR. Blue collar workers probably not so much.
Maybe people will know it as the cause of cookie popup screens. But I'm also grossly over-estimating computer literacy among the general population so maybe not.
Anyone in the UK who does an office job has heard of GDPR. Most companies are having to update practices to comply with it. It's actually amazing how effective it's been at curbing the "let's just store everything" behaviour.
