Hi Chris,

On 07.01.20 19:06, Chris Mair wrote:
well, your data source is not at all exhaustive. It looks like a quick shot
at an ad by someone...

Well, I agree the article is a kind of product placement, but I find the content interesting.

At least to start a discussion about an evaluation of the GDPR effects on privacy.

I miss-interpreted the lack of more data as a limitation of fines given. This was a mistake. Thank you for pointing this out.

About the GDPR: I think there is indeed a problem and a law is required.

However, I don't think the GDPR is a particularly well made law. 

First of all the scope looks way too broad. Why isn't there some sort of 
lower limit, so small orgs or small companies (in unrelated industries)
can be exempted?

I have seen you comment about the California rule, which frees small companies and orgs from the obligations. I am curious to see, if big companies will be able to exploit such regulations as a sort of loophole.

If not, than the EU could update the GDPR as well.

Then, the definition of "personal data" is also too broad. Why should a 
name, a street address or an IP address be personal data (disclaimer:
I know IP addresses were added by the EU court, not the GDPR text).
There used to be these things called phone books...

Yes, but every citizen had the right to not be included in the phone book.

I think the GDPR is ideal for the citizen but it is probably too much a challenge to be implemented correctly by most orgs/companies.


Finally, everything related to transferring data outside the EU is a complete
mess. Basically it says "Ok, don't move the data outside, unless the new 
place has this adeguatezza thing, that we - the law makers - can change at
a moment's notice" [*].

I'm afraid this can be easily abused. Too me, this looks like legal infrastructure
to quickly be able to raise a great firewall of China here in the EU too.

Can you elaborate on this? How does this help to implement a great firewall?

There is also a chilling effect: people will opt to host data here for no
other reason than uncertainty.

Do you have data about this?

It reminds me of the Netzwerkdurchsetzungsgesetz in Germany, which
has a similar problem ("you're required to remove hate speech, where
hate speech is defined by who ever happens to control government right
now"). Seen German (or Italian, or European, for that matter) history,
this might not end well :/

I think this opens a completely different topic.

But if I get your point right, you are afraid about definitions defined by governments, because they can be adopted to political needs. Well maybe international organizations like the UN, where multiple governments have to reach a common consensus, could be used to define the definitions like what is "hate speech" and what is not. But as I wrote, this opens a completely different discussion.

Best,
Patrick