There’s so many lobby groups and national interests pulling in various directions that it’s not really surprising to have both simultaneously.
TBH I’m still surprised GDPR ever made it through against the cries of every corporation on earth.
Exactly, it’s not necessary. It’s bad / lazy design. You don’t expose the DB storage directly, you expose a frontend that handles all the authentication and validation stuff before accessing the DB on the backend. That’s normal Client-Server-Database architecture.
It’s a little more complex than that. If you want the app on the user device to be able to dump data directly into your online database, you have to give it access in some way. Encrypting the transmission doesn’t do much if every app installation contains access credentials that can be extracted or sniffed.
Obviously there are ways around this too, but it’s not just “use TLS”.
deleted by creator
They forgot the part of their TOS about “damaging the brand”.