Americans like to complain about the GDPR, but it exists to prevent exactly this sort of thing. Data cannot be retained longer than it's actually needed or required by law, and can't be sold without explicit permission. Law enforcement can't just buy data: they need to have legal authority to get it (though in many countries the bar for that is too low). In most cases the cheapest and easiest approach is to collect as little data as possible, and to delete it as soon as it's not strictly needed. This greatly reduces the compliance burden.
You obviously did not follow the recent drama in the EU related to Chat Control V2.
The EU wants LEOs to have access to the contents of your messages/emails/metadata and keeps extending the Chat Control V1 law in order to not have to delete the data that it already has.
You may not be able to buy that data outright but it will be out there and collected by the messaging providers on behalf of the EU.
It even had a data retention law that forced providers to keep up to 8 years of data related to their customers so that it could be handed over to LEOs.
The EU's stance on privacy is just lipstick on a pig. When you pick under the curtain of the privacy laws in the EU, you'll see that it's not better here than in the US.
> You obviously did not follow the recent drama in the EU related to Chat Control V2.
It is strange to say they wanted it when we have proof it is voted down and widely unsupported. A part of the EU government apparatus wants it, but taking that and saying the EU wants it is not honest.
I have talked about it around me a bit and most people who do not work in tech or who don't have a certain interest in online privacy or privacy in general don't know about it.
Of course when you ask the citizens of the EU if they are cool about being monitored at all times by the EU LEOs then they don't want it but the commission wants it bad. All this is due from the heavy lobbying that has been happening in Brussels.
The worst part is that this is happening while the EU is saying that it wants data sovereignty, and wants to become less dependent on the software coming from the US, but it's ready to get in bed with a US company in order to deploy this mass surveillance system who supposedly is very good at finding CP.
Nevermind the fact that it means that every bit of online communication will be analyzed and dissected by a corporation that is out of reach of the EU.
But the commission is not stupid, they carved themselves a nice little clause so that they can be exempted from such mass surveillance. I guess they understand that having all telecommunications monitored by a for profit company that is not from the EU could lead to some embarrassing data leaks, just like we saw with AT&T but they don;t care if it's our data that leaks as long as it's not theirs.
That is why to me GDPR is just a facade. You can't seriously say that you are pro privacy and pro democracy if you keep trying to recreate the Stasi on a larger scale.
CP is just a pretext to keep records on everyone. Good thing everyone over 40 in Eastern Europe still remembers the Stasi and its sister secret police agencies that collected data on everyone and tortured political prisoners. I suspect that climate activists are the next likely candidates for an eventual repression apparatus, so better beware.
Portugal and Spain also aren't found of their politicians from 50 years ago (their regimes fell in 1974, and 1975, respectively). To add to your point.
How does it look on one hand to say that the EU cares about it's users data and wants the users to be able to choose who it is shared with, has clear guidelines related to it's storage and levy fines on companies who breach these terms and then turn around and come out with Chat Control V2?
Something does not compute. Either you are pro privacy and you act like it or you are not.
It kills me to hear that Europe is pro privacy, because it is not true. Not if you look under the veneer and start peeling back the layers.
These sorts of data breaches should be a wake up call for any state actors who are planning on collecting massive amounts of data on their citizens.
It should make them pause and say, you know maybe we should not just give away all our data to Russia or China if they manage to break in our system.
Maybe the best way to avoid such data breaches is to not store the data in the first place.
The US also has laws that, in isolation, would suggest some sort of protection against universal corporate/government surveillance, but they’re no more effective here than in the EU.
They are talking about Americans on this site, who very often work at companies that GDPR is made to stop predating on users. Many European users here also works at such companies, so you often see it from them as well, but not as often since those companies are mostly American.
Ah got it, I totally missed that context here somehow. I hadn't noticed a habit of Americans here complaining about GDPR, but that's interesting given another common pattern here of libertarian ideas. An American complaining about a different countries internal policies doesn't seem particularly libertarian.
Well, that's kinda the point, but way too many website owners rather torture their users with barely compliant implementations than do what the GDPR intended: get rid of third parties.
I'm positive informed consent doesn't require cookie banners, but the advertisers opted to make it as annoying as possible so that everyone would click "accept" just to be left alone. It could be a browser mechanism that only asks once for all sites and have a whitelist.
Let's not pretend that the GDPR fixes this in any way. There are still EU data retention laws in place which force ISPs/carriers/... to store all kinds of data for a reasonably long time.
I don't know who Europe's biggest telco is, but if they got breached, the damage would be just as bad.
