Unfortunately the GDPR is largely toothless if a company without an EU presence chooses to ignore it.
I live in Ireland and my data is in the databases of several US data brokers. Thise conpanies can't be forced to to comply with the GDPR because they simply do not have an EU presence. You don't have to search far to find stories from people people who made complaints to their local Data Protection office about such issues only to be told there's nothing that can be done.
HN rants about it because it’s not a good solution. It identified a problem but caused an idiotic fallout (cookie banners) and failed to actually put in a framework to enforce that companies aren’t just lying.
> failed to actually put in a framework to enforce that companies aren’t just lying.
That's not true. I work in an European company and we were contacted by the agency to give a complete list of partners that we use, reasons for why it is justified, which routines we have for deleting old data etc.
I guess in theory we could have lied and made up data, but only an idiot would risk lying to the government. Everyone at my company took it seriusly and tried to provide as accurate data as possible. There were also several follow up questions that had to be answered.
The mindset of lying to the government to "protect" your employer seems so far fetched. Why should an employee lie to the government? If it turns out that the company was in violation of GDPR the worst case scenario for the company is a fine. If the government finds out you are lying, the employee faces jail time. The trade-off is simply not worth it.
Maybe it's easier to lie to the government in some countries, but not in my country. The government agencies actually checks and verifies your claims.
The lie doesn’t have to be intentional. All it takes is a really simple accidental debug logging flag to collect what amounts to a GDPR violation.
The point is that no effort was made to implement a technical solution to protect privacy. So it’s upsettingly trivial to violate the GDPR unknowingly and any company that is even a little unscrupulous (of which there are hundreds) can easily ignore the law.
> The point is that no effort was made to implement a technical solution to protect privacy.
And you want the government to do that?
Why haven't the companies who at every turn shout how privacy conscious they are haven't done that?
It's now been 8 years of GDPR. Why hasn't the world's largest advertising company incidentally owning the world's most popular browser implemented a technical solution for tracking and cookie banners in the browser? Oh wait...
Yes, it’s their job. Building codes have technical specifications and don’t allow people to opt out. Airspace is very tightly regulated with technical specifications.
> Why hasn't the world's largest advertising company incidentally owning the world's most popular browser implemented a technical solution for tracking and cookie banners in the browser? Oh wait...
Because the government is the thing that is supposed to produce useful regulations, not an advertising company.
GDPR is like trying to solve smog by passing a law that says people can opt out of smog by staying out of the city. No regulations to actually reduce smog.
