Whenever I encounter the label “made in EU”, “Germany”, “Estonia”, “France” … in the footer of a web project, which implies enhanced data-protection, apparently, I wonder:
How can it be so? There’re some data-protection laws, yes. But one can’t control a hosting provider 24h/day. One can’t know whether an employer there copies all data on his memory-drivers.
Can’t the police, if need be, seize a server as easily as it would in any other country on Earth?
Don’t the majority of all of countries in Europe share information with the intelligence of US by the agreements of the 5 eyes, 9 eyes, 14 eyes? Whereas the 2nd and 3rd world countries don’t.
How is it better than a label “made in South Africa”, “Thailand”, “Costa Rica”, “Egypt”, “Kuwait”?
I can see how “made in Germany” or EU makes a project worse in terms of privacy and data-protection. How could it make it better, though?
All law compliance is voluntary on the threat of consequences, that is a bad point, because since all compliance is voluntary, then you are saying that all laws are largely useless.
My personal experience, in my country, is that GDPR is working fine, just as fine as any other law. There are always some people who break laws, and there are always resource costs to catch and fine/prosecute the law breakers. As long as the observable majority are law abiding, the law works as well as it can.
Outliers don’t make the law moot, or GDPR “nothing” as you stated in your earlier post, and no amount of reasoning you attempt to give can convince me otherwise, as my personal experience and observations differ from what you are attempting to peddle.
FYI: no gov offices are laughing at GDPR in Finland, if they did, another separate branch of gov would fine them. What you are saying is that due to the fact that corruption exists, your govs are not taking the law seriously. That’s a separate issue and affects everything, not just GDPR, and again, doesn’t make GDPR moot.
Yes, but this only muddies the waters to mention. You’ve forgotten what I said previously. I’m not saying it’s voluntary on the trivial basis that all actions are voluntary. I’m saying compliance is voluntary because (as I have established and you failed to counter) the GDPR is not being enforced for the most part. You have ONE fine every THREE WEEKS by each DPA. How is your math not sorting that out? I will lay it out here:
52 weeks/yr ÷ 3 weeks × 23 DPAs × 5 years = 1993 + ⅓
That’s absurdly deadbeat on the DPA’s part. As one individual I am personally encountering violations at nearly that rate just on my own as one person. On average the DPA in one country is doing enough workload for one single victim. Scale that to a nation of people and the result is they’re doing fuck all.
My anecdotal experience reflects that of others and in fact mirrors the big picture. But you need not take my word for it. Read about it (“Fines are few and far between…Enforcement is, at best, patchy and inconsistent.”). Though I must say your lack of awareness makes your background questionable. You should know about the lack of enforcement problem if your career is tied to it. After all, your own numbers reflects this you’re just neglecting to do the math.
You’ve tried shifting the focus onto the revenue from the fines, which is irrelevant to the probability of getting a fine. The absurdity of that attempt is that “Meta…. accounted for 80% [of last year’s total fines], with its largest fine reaching €405 million.”
They do when the statistical outliers actually reflect cases of fines, as opposed to the cases of inaction. Again, 1 fine every 3 weeks for a whole country. That’s what makes the law moot from an enforcement perspective. You throw out the outliers and you’re left with no enforcement in the remaining dataset.
I didn’t exactly assert corruption. That’d be slightly overstated. There is certainly a conflict of interest when gov agencies are accountable to DPAs of the same country. You can use your own judgement as to whether to outright assert “corruption”. Either way, that’s only a factor when the GDPR offender is a gov agency. Lack of enforcement is bigger than that. As I said, the law itself is the problem because it’s not motivational. Again, there is no enforcement clause to force DPAs to honor article 77 reports. That’s the problem which you continue to ignore. It also doesn’t help that “DPAs complain about a lack of budget and personnel. While German DPAs employ around 1200 staff, Belgian, Croatian, and Romanian DPAs average only 50.” (from the same article) So the other problem is that the GDPR does not require member states to allocate sufficient resources for the workload – though that problem would take care of itself if there were a penalty for member states who fail to uphold art.77.