@hugo Yep, I get that reading and understanding the actual law is a bit of an undertaking, but so many people fall victim to thinking that the way companies keep to it, is in any way representative of what's actually written into the law.
Especially since you get the whole range of companies that:
- ignore it entirely.
- do a little bit to look good in PR and in court, but far from enough.
- completely overcompensate (especially with almost useless, cheap measures).
The one major criticism that I think could be assigned to the GDPR, is that it's not specific enough. There's a lot of room for interpretation and companies will always choose the loosest still believable interpretation.
That's also a strength of the GDPR, though, since that makes it very flexible for future changes in technology, and because the GDPR does define a very strong "common sense", judges will overthrow and punish these ridiculous interpretations over time.
@friend You are correct that the GDPR sets, as its name suggests, general principles.
You have more specific legislations that may apply in addition to the GDPR e.g. in some sectors, such as electronic communications, cookies & other trackers (in the ePrivacy Directive of 2002), or banking, etc.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!