No need to be snarky or insulting: I was trying to ask for a sincere assessment of that law.
> do this in service of capital
Sir, this is ycombinator.com
If the intent is that no database with an individual-level breakdown falls under GDPR IID protections, I presume that far more processes and declarations would have to be applied to circumstances where there never was an intent or a credible option to de-anonymize them. This is not how it is enforced, understood, or applied today.
The large companies that you criticize so readily would have an issue automating the paperwork or building hashing solutions that divert the problem, but their privacy-respecting competitors would fall under a lot more paperwork and legal risk than they could handle.
Thankfully, there are solutions: a lot of people are now handling internal data processes with the same open-source tool, dbt. That platform could help change standards if they knew current patterns do not respect the letter of the law. But their lawyers seem to think otherwise.
> do this in service of capital
Sir, this is ycombinator.com
If the intent is that no database with an individual-level breakdown falls under GDPR IID protections, I presume that far more processes and declarations would have to be applied to circumstances where there never was an intent or a credible option to de-anonymize them. This is not how it is enforced, understood, or applied today.
The large companies that you criticize so readily would have an issue automating the paperwork or building hashing solutions that divert the problem, but their privacy-respecting competitors would fall under a lot more paperwork and legal risk than they could handle.
Thankfully, there are solutions: a lot of people are now handling internal data processes with the same open-source tool, dbt. That platform could help change standards if they knew current patterns do not respect the letter of the law. But their lawyers seem to think otherwise.