I’m not the only one that doesn’t like the GDPR, but I’ll put my reasons here.
What counts as personal data
Under the GDPR,IP addresses count as personal data. Some sources just say IP addresses, while others say IP addresses only if it can be combined with other information to figure out who the person is. Aside from the fact that confusion about something as important as this means the EU needs to clarify things a bit more, IP addresses are never personally identifiable information.
Most computers out there are behind a router. The router has a public IP address and is connected to the internet. When a computer connected to the router want to access a website, the website only sees the IP address of the router. This means that if multiple people use the same router, then there is no way to figure out who did what on a website, with just the IP address. Also, how are websites supposed to know if a person is in the EU? What if they’re in the EU, but using a VPN in the US? What if they’re in the US, but using a VPN in the EU?
Companies will just block all people from the EU
If it’s too expensive for a company to be GDPR compliant, they’ll likely just not allow anyone in the EU to access they’re website and/or services. Blocking IP ranges is much cheaper than paying developers and wasting hours or days on adding opt-in forms. Also, how the f*** are companies supposed to store a user’s opt-in or opt-out without cookies?
The user on reddit said this best:
The GDPR basically requires that users opt-in to anything even somewhat related to personally identifiable information. All of which is useless, because 90% of web servers probably have their standard logs turned on. Also, what if there are two users on the same IP address, and one consents to being tracked, but one doesn’t? How, as a website owner, am I supposed to prove I only have the IP address of the one user that did consent?
Most blog owners DO NOT have the s***loads of money required to make their blogs GDPR compliant. Is the EU really going to sue every blog that isn’t compliant. Really? This also will lead to way less competition. If you don’t already have a business with tons of money, you won’t be able to become GDPR compliant. So, start-ups will need more funding, and have less money available to focus on their business because they spent all their money on making opt-in forms for their website. Opt-in forms are not that simple, they require a lot of backend and frontend code to work.
Seriously, if you enter your email on a form on a website, assume it will be stored. Why should I have to add a checkbox to make sure people understand that?
Privacy on the internet is not possible
The internet was not designed with privacy in mind, and it’s too late to change it now. If you want your privacy, then don’t use the internet.