Whether it was poorly drafted legislation remains to be seen. The "unintended consequences" people are talking about here are minor, what matters are the intended consequences such as the augmented rights europeans have over their data, their privacy, etc. I personally don't give a shit about the annoying cookie popups, I'm just glad I can finally delete my account and email address from various websites when I want them gone.
GDPR has given me a ton of rights over my data that I should have, and everybody should have. It has given me access to my own data. It has given me the power to delete it. This shit is important, and now it's law. That there's cookie popups because the companies in question suck? I don't care. If it makes you close the page, that's a positive side effect IMO. This shit must be bad for conversion in order for businesses to start getting a clue. It's a version of the "tax on privacy" that a lot of people on HN like talking about.
Regarding #2, I dispute that for the same reasons. GDPR is achieving its goals of securing user data in europe. Companies are scared straight into following it so far.
There are issues with it (especially a lack of compliance material). None of them point to "the authors had no idea what they were doing".
In other words, no, GP isn't "right" just because you have to click off some annoying popups. That's not the only thing GDPR does.
Edit: Lacking replies, I'm going to assume those downvoting this comment are the usual no-privacy-apologists who are annoyed they now have to put legalese in front of users and don't ask themselves why they have to.
I agree with you that an important and useful part of the GDPR is deletion of your data. Good examples: No advertising and spam. Prevention of later hacking and theft of your data like e.g. credit card numbers or private messages. You have revealed your true identity on social media and want to remove your posts.
But maybe GDPR gives a false sense of safety and security and control:
- What is technically possible ? When I cite you, must my posts be deleted as well ?
- Who controls what companies do outside of the EU or even within the EU ?
- National police and secret services in the USA and EU might be more interested in the data than some US company. They have no moral problem with installing spyware on your computer.
- Banks and maybe even insurance companies have already the right to know much about you.
IANAL so I can't address most of your questions, but
> When I cite you, must my posts be deleted as well ?
You mean for comments and such? What I write on a site's comment section falls under copyright law, with the usual attribution reservations etc. So no.
> Banks and maybe even insurance companies have already the right to know much about you.
I shouldn't have used the word "privacy" in my comment. I think calling GDPR a privacy law is a shortcut a lot of people take (myself included), but it really is a data protection law. (It's even in the name!)
GDPR doesn't talk about privacy very much. In fact, I just searched the full english text of the law: There isn't a single instance of the word "privacy".
In other words, it doesn't so much say who can and cannot store and analyze your data. Instead, it lays out your responsibilities if you are storing/analyzing personal data, and your (consumer) rights as someone whose data is stored/analyzed somewhere.
Most people click on the option that gives quick access to the content.
If it creates more than 2 seconds of distraction, I might even close the page.
There is no reason to trust the EU legislature regarding the internet after something like this:
https://juliareda.eu/2018/08/censorship-machines-gonna-censo...