Those businesses seem to all be doing fine. They just implemented one of those annoying pop ups that you have to agree to before you can see their site, and they’re still doing all the same things with your data. But with your “permission” now.

All the other businesses, though, the ones who were never planning to do anything bad with your data. Those ones still all had to do a bunch of work and show that same stupid notice that drives their customers away. And they’re a lot less able to defend themselves against the mean spirited user behaviour outlined in the article.

And for added fun, the eu now knows that it can pass silly laws like this as often as it likes, and the whole software world will need to devote a team to do a full sprint implementing another piece of user hostile code that doesn’t help their business.

I’m not a fan.

> another piece of user hostile code that doesn’t help their business.

That's entirely their problem. Compliance with the law wouldn't require user-hostile "code" (I think you meant UI) if the business model wasn't user-hostile in the first place. It wouldn't hurt their business if their business was reasonable.

If the business is user-hostile then why do the users use these services instead of paying for services that aren't "user-hostile"?

True. Users prefer "free" services. I can imagine that some do prefer paid services, but the majority expects things on the Internet to fall from the sky.

That said, I think your point doesn't prove those businesses good to have.

> though, the ones who were never planning to do anything bad with your data. Those ones still all had to do a bunch of work and show that same stupid notice

If they're not planning to do anything bad with the data (that is, only use the data for what they need to work with the customer) they don't have to show the notice. It's that simple. RTFR

It was the same with old cookie law, btw. If you weren't using third-party trackers, you didn't have to put a cookie notice.

The vast majority of those pop-up notices are not GDPR-compliant, JFYI. I really do hope the law enforcement comes after them.

Digital advertising grew by 17% in 2018 according to IAB / PwC report

>“Since 2016, newspapers in Belgium and Italy have removed articles from their archives under [GDPR]. Google was also ordered last year to stop listing some search results, including information from 2014 about a Dutch doctor who The Guardian reported was suspended for poor care of a patient.”

>All consequences seem entirely acceptable.

...I am not sure I agree with your worldview.

> including information from 2014 about a Dutch doctor who The Guardian reported was suspended for poor care of a patient.

FWIW, according to the Guardian article they reference, that case was not about getting the fact that the doctor was investigated and temporary suspended (that's public record), but a website taking such records and publishing a "blacklist of doctors unfit to treat patients". It's more a libel-like case than a privacy one.

> "The judge said that while the information on the website with reference to the failings of the doctor in 2014 was correct, the pejorative name of the blacklist site suggested she was unfit to treat people, and that was not supported by the disciplinary panel’s findings.

The court further rejected Google’s claim that most people would have difficulty in finding the relevant information on the medical board’s Big-register, where the records are publicly held."

https://www.theguardian.com/technology/2019/jan/21/dutch-sur...

>It's more a libel-like case than a privacy one.

Definitely not libel-like; libelous statements are by definition false.

"These doctors are unfit to treat patients" could very well be libel then? That (based on the article) seems to have been the core of the decision.

That seems like an opinion to me, not a false statement...

IANAL, but I think you could definitely make the argument that it's either true, or not possible to prove one way or the other.

That statement sounds to me to be synonymous with "this doctor does not / should not have their license"; given that a court actually decided otherwise, this looks libelous to me.

When did a court decide it was libelous? As far as I understand a court decided it fell under Right to be Forgotten, which surely extends beyond libel laws.

This is a circular argument. The courts decided it falls under the law in question, but that isn’t a justification in itself for the law in question.

'detaro quoting The Guardian upthread:

> "The judge said that while the information on the website with reference to the failings of the doctor in 2014 was correct, the pejorative name of the blacklist site suggested she was unfit to treat people, and that was not supported by the disciplinary panel’s findings."

Again, IANAL, but what I’m reading does not seem relevant to libel. Namely, the pejorative title of the website has nothing to do with the claims they’re making.

If the doc had a libel case, why the hell did they not go for that, instead?

It's impossible to judge whether those articles should have been removed without knowing their content and context.

Removing the article about a doctor being suspended for poor care is perfectly reasonable if he was later cleared of wrongdoing.

I mean, the context is actually available. They link to the original news story. It's definitely not impossible for us to know.

Couldn't agree more. It's a biased presentation of the facts, and could easily be reframed. Take "compliance costs are astronomic", for instance, could just as easily be rephrased "Companies spend more money than ever to ensure the safety of customer data". I know that's certainly the case where I work: it's been a massive amount of work, but it's great for our customers. If it weren't for GDPR, I am certain that management wouldn't have allowed us to do it.

Cleaning up a shitty system is expensive, and there are bumps in the road. It's still worth doing.