I think the legal implications people talk about are overwrought. Regulators are more interested in chasing down people who open flaunt the law, rather than repressing startups that can’t cross and dot their legal t and i’s.
My personal experience with the ICO has shown their quite lenient to mistakes, if you can show that you’re your honest best, and getting better.
No point crushing companies that are trying, better of getting the ones that just don’t care.
I certainly hope so. I'm not sure about Germany though. I have a feeling they're much more sticking to the rules (My company is based in Germany, but I'm not German, so it's kind of an outsider's observation).
But it's not even just about getting to a point of getting fined or under some kind of investigation or audit. It can be all those clever customers who would use some automated service or a template, just to waste your time ... At least that's what the original post is about, but I hope it won't be too common.
If the law relies on the regulator being in a good mood and be sensible, it is a badly written law. The law should give the regulator strict mantinels, not be subject to broad leeway in interpretation.
Around here, regulators are prone to scoring easy points by going after the small, naive fish. All it takes is the wrong incentives: the department needs to show results, so it gives bonuses, or establishes quotas for successfully handled cases. Bam, your small business is now investigated because a government employee needs to meet a quota and correctly guesses you can’t afford competent legal defense.
My personal experience with the ICO has shown their quite lenient to mistakes, if you can show that you’re your honest best, and getting better.
No point crushing companies that are trying, better of getting the ones that just don’t care.