No disagreement here generally. The EU had a good track record in terms of holding big tech accountable, and GDPR has certainly paved the way for similar regulation elsewhere (looking at you, California).
That said, EU bodies have recently shown much less determination: the recent Twitter fine under the DSA was a joke, born from fear of retaliation from the Trump administration which had been bought by Musk beforehand stands in firm support of American companies out of the pure goodness of their black hearts. The same goes for the so-called trade “deal” with the US and the “Digital Omnibus”, both of which caved to American business interests. And with regard to the EU’s ongoing dependence on the US - both technologically as well as militarily - that is unlikely to change in the short term.
There have been some wins from GDPR, but it’s woefully under enforced. I became very familiar with the GDPR when I did an internship in the regulatory risk department of a big bank when everyone was frantically trying to rebuild shit to ensure compliance. I think it’s a damn good piece of legislation, and it’s a shame to see it doing so much less than it could be.
i also think the idea of gdpr is good in principle but if a legislation is unenforced and/or unimplementable then it is effectively useless. and gdpr is a case of mostly unenforced because it is practically unimplementable.
for example no company can reasonably implement the right to delete users data (one pf the core principles) when requested… at least not in the extent as it is defined in gdpr (i work as a data engineering manager and trust me, we tried, in every company i worked for…). it is a similar task in scope as if an author of a typesetting font suddenly had the right to revoke your permission to use random letters from their font… and when they did it you would be expected not only to stop using it immediately, but somehow remove it from all of your existing documents including printed copies and copies you sent out to your clients and suppliers (dear supplier, could you, please, replace the invoice we sent you last year with this attached copy add shred the one we sent you originally? we replaced all instances of letter “a” with different font…).
We definitely encountered challenges, like rouge data sets from silod teams, rehydration of backups, etc. but we managed to comply with the right to be forgotten. And these are large companies. If someone as a data engineering manager admits to not being able to do it? Well thats either a resourcing problem, a negligence problem, or a skill issue.
You can joke about it, but European regulators in the tech space are doing important work that rolls downhill to much of the world.
It sounds like a very good thing to me that Europe is maybe going to force Tesla disclosures and/or force them to work out the bugs in their tech.
Explains a lot of the Musk meddling in EU politics
No disagreement here generally. The EU had a good track record in terms of holding big tech accountable, and GDPR has certainly paved the way for similar regulation elsewhere (looking at you, California).
That said, EU bodies have recently shown much less determination: the recent Twitter fine under the DSA was a joke, born from fear of retaliation from the Trump administration which
had been bought by Musk beforehandstands in firm support of American companies out of the pure goodness of their black hearts. The same goes for the so-called trade “deal” with the US and the “Digital Omnibus”, both of which caved to American business interests. And with regard to the EU’s ongoing dependence on the US - both technologically as well as militarily - that is unlikely to change in the short term.There have been some wins from GDPR, but it’s woefully under enforced. I became very familiar with the GDPR when I did an internship in the regulatory risk department of a big bank when everyone was frantically trying to rebuild shit to ensure compliance. I think it’s a damn good piece of legislation, and it’s a shame to see it doing so much less than it could be.
i disagree on a technicality.
i also think the idea of gdpr is good in principle but if a legislation is unenforced and/or unimplementable then it is effectively useless. and gdpr is a case of mostly unenforced because it is practically unimplementable.
for example no company can reasonably implement the right to delete users data (one pf the core principles) when requested… at least not in the extent as it is defined in gdpr (i work as a data engineering manager and trust me, we tried, in every company i worked for…). it is a similar task in scope as if an author of a typesetting font suddenly had the right to revoke your permission to use random letters from their font… and when they did it you would be expected not only to stop using it immediately, but somehow remove it from all of your existing documents including printed copies and copies you sent out to your clients and suppliers (dear supplier, could you, please, replace the invoice we sent you last year with this attached copy add shred the one we sent you originally? we replaced all instances of letter “a” with different font…).
Could you expand on some of these challenges? We haven’t had these issues in any companies I’ve worked at, but those were mostly on the smaller side.
We definitely encountered challenges, like rouge data sets from silod teams, rehydration of backups, etc. but we managed to comply with the right to be forgotten. And these are large companies. If someone as a data engineering manager admits to not being able to do it? Well thats either a resourcing problem, a negligence problem, or a skill issue.