GDPR is great news for consumers. Every single internet user should rejoy. I’m so glad that the EU is leading privacy protection worldwide1 and I hope more countries will follow suit.
The main problem with it, which is also a huge problem of VATT/MOSS (aka how to tax digital customers in EU), is that they don’t consider the hassle they create for small businesses. Small businesses will suffer and lose a lot of time and money (not directly, but for lost productivity, time spent researching and writing policies, money spent on lawyers, …) in the process. Big companies won’t care, they can just pay a third party to do it for them, but most small companies can’t afford a 4/5 figure bill for someone to handle it for them so they’d need an employee to deal with those kinds of issues.
You are also pushing small companies into the embrace of bigger ones that know how to handle these kinds of issues blocking innovation and focusing all the power among the few small companies who have the money to do it right. For VATT/MOSS you are forced to use digital stores instead of selling directly to customers if you want to avoid all the hassles (and most likely lose a 30% cut). For GDPR you might be tempted to give all the data to a hosted database like Firebase so they handle all GDPR for you providing you a drop in framework that handles everything. The result: A third party company unnecessarily has your data, but at least you are informed about it. Sounds good right?
EU is also leading in fighting loot boxes, thanks to Belgium. That said the article 13 is a disaster, as always legislators have little idea on how things work in practice. We have seen it time and time again with encryption. ↩