> predictable that ultimately people would blame the regulation instead of the companies
It was predictable this would result in disclosure/consent spam.
> No need to prove compliance if GDPR doesn't apply
If you are in the EU, GDPR applies. It may not be relevant. But you’re subject to it and its regulatory arms. (And if you have a competitor in the EU, it’s known practice you can waste time and money with requests and complaints.)
Both laws’ aims are noble. But they require tweaks. Starting with the cookie banners would be smart.
> If you are in the EU, GDPR applies. It may not be relevant. But you’re subject to it and its regulatory arms.
I think you might be missing that I'm talking about this from the companies perspective, not from the perspective of a person inside EU.
If the company doesn't store any "personal data", GDPR has nothing to do with it. It's strictly about "personal data" as defined here: https://gdpr.eu/article-4-definitions/
> (And if you have a competitor in the EU, it’s known practice you can waste time and money with requests and complaints.)
Happen to have any quotes/sources for this? Would be the first time I've come across it myself. I'm genuinely interested in if it's being misused like that.
> If the company doesn't store any "personal data", GDPR has nothing to do with it. It's strictly about "personal data"
You’re still obligated to respond to requests, even if it’s no response. And data regulators will still follow up on groundless complaints.
DMCA is strictly about copyright violation. If you’re not violating copyrights it should have nothing to do with you. But that isn’t how things play out in reality.
> have any quotes/sources for this?
No, just anecdotal. Every Magic Circle firm, however, will happily file complaints in multiple jurisdictions for you.
I’ll admit I’ve used GDPR a touch vindictively after a customer service interaction went poorly. Lots of requests, wait for a minor fuck-up, escalate to multiple data regulators because I technically have multiple nexuses. European equivalent of copying your state AG on a letter, except the burden to respond is on the company.
I built a GDPR request deletion system for a company right as GDPR came into effect. In the first year the only requests that came in were from privacy advocates and competitors.
I don’t know if after that it saw more natural usage but I doubt it.
It was predictable this would result in disclosure/consent spam.
> No need to prove compliance if GDPR doesn't apply
If you are in the EU, GDPR applies. It may not be relevant. But you’re subject to it and its regulatory arms. (And if you have a competitor in the EU, it’s known practice you can waste time and money with requests and complaints.)
Both laws’ aims are noble. But they require tweaks. Starting with the cookie banners would be smart.