>what's really missing in all this GDPR and privacy discussion is a technical way to enforce it.
The GDPR isn't solving a (purely) technical problem. It applies even if you're using a pen, paper, and a filing cabinet just as much as if you're running a global social media platform.
What's the technical solution to showing compliance with "data protection by default and by design"?
What's the technical solution to ensuring that "only personal data which are necessary for each specific purpose of the processing are processed"?
These are inherently organisational issues, not technical ones.
The GDPR isn't solving a (purely) technical problem. It applies even if you're using a pen, paper, and a filing cabinet just as much as if you're running a global social media platform.
What's the technical solution to showing compliance with "data protection by default and by design"?
What's the technical solution to ensuring that "only personal data which are necessary for each specific purpose of the processing are processed"?
These are inherently organisational issues, not technical ones.