Newton's third law is: For every action, there is an equal and opposite reaction. Everything has a cost.
I like my privacy and so I like the idea of Internet privacy laws like GDPR. But, the complexity of the laws may not have helped with privacy and instead raised costs.
Once your company is big enough to be a target, you will need to hire full time lawyers and privacy experts just to handle GDPR. Plus, think about all of the money you put into paying for website redesign and GDPR tracking/tools. This means, a widget you used to sell for $50, is now $100 to offset all the extra resources put into GDPR and other such laws.
If you are a small business you just try to figure out the laws for yourself and you may or may not get it right. There are a lot of myths out there about what you have to do.
Some things companies do are done not necessarily because a law states that you must do that, but out of an abundance of caution.
It’s obvious that these laws increase cost which is likely passed on to the customer. This might be okay if GDPR worked. But, does it?
GDPR also means the Internet is once again full of pop ups, banners, checkboxes, reminders, and so on and so forth about GDPR. Yay, more things to click on. And, does anyone really feel safer?
Since all of this GDPR stuff I don’t use the Internet any differently. It feels like it was designed more for people who don’t know what a cookie is. No, not the sweet. See, that’s what I’m talking about.
If they didn’t know before, they still won’t know if there’s a banner in their face. It’s just more thing to click through and shrug off to get to what you want. Just like the software agreements we all thoroughly read and have our lawyers read before using any software. Right?
The laws seem as though they might have been written by people who don’t quite understand things like Internet cookies. And the fact that, of course websites collect analytics. So that they know people are visiting their site and from where. Usually, nothing nefarious is going on (unless you are one of those huge, scary social sites).
The laws could be much simpler. They could simply say if you sell people’s data, that’s wrong. And if that is found out, your site is shut down and you get a fine. That’s a very quick, poorly thought out example to quickly make the point that, the laws could focus a little less on, “click here to agree,” type stuff.
The laws also could be less vague. That would help immensely. I don’t have experience writing laws but I figure if you’re going to have such a life changing law, make it super clear. Otherwise good lawyers will win in court and then the law doesn’t do anything but make things cumbersome.
As the post title states, these are just some thoughts. I’m obviously not a GDPR expert. Plus, the laws are here to stay and so we’ll all just have to continue to deal. The only hope is that maybe as time goes on the laws are made better and clearer. Because right now, I don’t think they help protect privacy. In fact, the bigger threat is simply hackers.