> What are you proposing as a plausible ambiguous interpretation of "declared"?
Is your argument that the GDPR can be one line because "data" already has an established meaning in existing law? The GDPR is large because all these things needed to be defined, and there are tons of edge cases, not because the lawmaker figured they'd add some extra fluff in there.
It's not being verbose or well-defined which is the problem. It's that the law isn't a single well-specified requirement but rather many independent ones that each have to be complied with separately, including by people who weren't doing anything untoward to begin with.
If you weren't doing anything harmful then your preexisting behavior shouldn't become unlawful.
Here's the GDPR in one sentence for you: "do not process data from people that haven't consented to that processing".
The rest of the text is about specifying the terms of art processing, data, people, and consent.
> If you weren't doing anything harmful then your preexisting behavior shouldn't become unlawful.
Exactly. Except that you do not get to define harmful, the law does. If you weren't processing any PII, then your preexisting behaviour did not suddenly become unlawful.
Is your argument that the GDPR can be one line because "data" already has an established meaning in existing law? The GDPR is large because all these things needed to be defined, and there are tons of edge cases, not because the lawmaker figured they'd add some extra fluff in there.