I’m not the only one that doesn’t like the GDPR, but I’ll put my reasons here.
What counts as personal data
Under the GDPR, IP addresses count as personal data for some reason. Some sources just say IP addresses count as personal data, while others say IP addresses count, but only if it can be combined with other personal information to figure out who the person is. Aside from the fact that confusion about something as important as this means the EU needs to clarify things a bit more, IP addresses are never personally identifiable information.
Most computers out there are behind a router. The router has a public IP address and is connected to the internet. When a computer connected to the router want to access a website, the website only sees the IP address of the router. This means that if multiple people use the same router, then there is no way to figure out who did what on a website, with just the IP address. Also, how are websites supposed to know if a person is in the EU? What if they’re in the EU, but using a VPN in the US? What if they’re in the US, but using a VPN in the EU? See what I mean yet?
Companies will just block all people from the EU
If it’s too expensive for a company to be GDPR compliant, they’ll likely just not allow anyone in the EU to access their website and/or services. Blocking IP ranges is much cheaper than paying developers and wasting hours or days on adding opt-in forms. Also, how the f*** are companies supposed to store a user’s opt-in or opt-out without cookies? If a user doesn’t want to store cookies, then what way is there to store that decision?
This post on reddit said it best:
The GDPR basically requires that users opt-in to anything even somewhat related to personally identifiable information. All of which is useless, because 90% of web servers probably have their standard logs turned on, which stores IP addresses. Also, what if there are two users on the same IP address, and one consents to being tracked, but one doesn’t? How, as a website owner, am I supposed to prove I only have the IP address of the one user that did consent?
Most blog owners DO NOT have the s***loads of money required to make their blogs GDPR compliant. Is the EU really going to sue every blog that isn’t compliant. Really? This also will lead to way less competition in the long run. If you don’t already have a business with tons of money, you won’t be able to become GDPR compliant. So, start-ups will need more funding, and have less money available to focus on their business because they spent all their money on making opt-in forms for their website. Opt-in forms are not that simple, they require a lot of backend and frontend code to work.
Seriously, if you enter your email on a form on a website, assume it will be stored. Why should I have to add a checkbox to make sure people understand that?
Privacy on the internet is not possible
I’m fine with restrictions on selling user data, but what’s wrong with storing it? Most website owners use analytics so they can see how people interact with their site, not for some evil scheme to sell all your data. The GDPR is way too ridiculous, and it will hopefully be replaced before everyone just blocks the EU.