There is one thing that would make the GDPR easier: one single Data Protection Authority at Union level, with direct sanctioning powers.
No more asking Ireland first only to get Norway and Germany telling you the opposite.
this post was submitted on 03 Apr 2025
123 points (99.2% liked)
Europe
5144 readers
1614 users here now
News and information from Europe 🇪🇺
(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)
Rules (2024-08-30)
- This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
- No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
- Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
- No bigotry, sexism, racism, antisemitism, dehumanization of minorities, or glorification of National Socialism.
- Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
- If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
- Light-hearted content, memes, and posts about your European everyday belong in !yurop@lemm.ee. (They're cool, you should subscribe there too!)
- Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
- No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)
(This list may get expanded when necessary.)
We will use some leeway to decide whether to remove a comment.
If need be, there are also bans: 3 days for lighter offenses, 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.
If you want to protest a removal or ban, feel free to write privately to the mods: @federalreverse@feddit.org, @poVoq@slrpnk.net, or @anzo@programming.dev.
founded 9 months ago
MODERATORS
Yes this is the exact moment that we decide we want to be as similar to the US as possible. These neoliberals need to go.
gross why are they getting rid of the best thing they've done?
Preventing total exploitation harms corporate short-term profits.
Fucking assholes, taking away gdpr and pushing for chatcontrol.
what the fuck
Don't do it, you really don't want to try and race us to the bottom when we have a solid head start.
If they can make GDPR more simple easier to comply with, it would do wonders.
The only part of GDPR that requires any effort is the ability to export and delete user data, which is good design in software any way.
Most companies breaking GDPR go out of their way to break it
One thing that's symptomatic for anti-GDPR sentiment in general are "cookie banner" discussions. As if the EU had ever told anyone they need cookie banners! You absolutely don't need them if you're not randomly throwing around data. And people should know better, just from seeing titles on said cookie banners like "Your privacy is important to us and our 1234 partners" (and that's not even exaggerated!). In addition, "cookie banner" is a misnomer too, as the thing you're really setting up is not cookie behavior but data-spreading behavior.
As an addendum: At a former employer, we ran an online survey which we announced through a small notification on the page. I didn't want it to be too annoying, so included a "go away" button in the notification. That button wrote an extremely GDPR-compliant cookie that simply stored the preference. One of my co-workers was careless enough to casually mention this to a high-ranking American employee who then questioned me whether we shouldn't include that cookie on the cookie banner, etc. It took a while to set that straight.
That American was the same person who was responsible for combining browsing behavior on employer's website with a third-party chat provider, so either AI or human agents could open a chat box on specific people's screens and ask them creepily specific questions about whether they'd like to buy any of the products they'd been looking at on former employer's site over the past months.
There are a lot of people who don't even understand the basics of what GDPR is trying to do but whose job it is, to create GDPR-compliant things.
Actually, it's quite easy to comply with. Don't collect any data you don't need in order to conduct legitimate business with the person you're collecting data from. Delete collected data once you don't need them anymore. And you're done.
I‘m afraid they‘re aiming to erase privacy instead, but I have hope I might be wrong.
If a proposal comes from Mrs VDL, you can always assume the worst, and the most corrupt option imaginable.
Its not that complex in practice. The problem is that there it’s industry is trying to make it seem more complicated than it is so you’ll have to hire one of those contractors.
Seems to me like the EU wants to pander to the USA to get market access. Alphabet, Microsoft and Meta are licking their lips.
It's about the same with DORA.
What do you find hard to comply with? What would you "simplify"?
It's really not that complicated. I don't see what they could do to "simplify" it and not ruin it.
My first reaction was disdain, but I think we at least need to wait for the actual proposal to form an opinion.