The GDPR is not completely new, though; it's a reformulation and extension of the existing Data Protection Directive, which was implemented back in 1995.
For people and businesses in the EEA, the GDPR is much less of a change, because we already had to comply with data protection law. The rest of the world may be less prepared.
Stop spamming every single comment on this thread. Your question is irrelevant and misdirected - I've literally started my argument by saying that "there's currently no case law surrounding GDPR".
Your argument is that there is no case law so you get to claim whatever imaginary consequence you want. That’s fine but then other people may debate your conclusions.
You’re also claiming people are rightfully concerned. Where is that right coming from? From past experience? Or is they just baseless concerns?
> "Your argument is that there is no case law so you get to claim whatever imaginary consequence you want."
No, that's not my argument at-all. That's just your personal interpretation of my words.
> "You’re also claiming people are rightfully concerned."
I'm not "also claiming". That was the sole claim from the very start.
> "Where is that right coming from? From past experience? Or is they just baseless concerns?"
It's literally in the comment:
(1) Some elements of the GDPR are up for interpretation.
(2) There's currently no case law surrounding GDPR.
If you take both of these facts into account - it is perfectly plausible for people to be concerned, as there's no telling how things will play out in a court of law.
on what experience about gdpr case law is the linked article basing his statement?
all those claims about warning shots and leniency and goodwill of the regulator are completely unfounded. the linked article makes the claim, the linked article should substantiate the claims, and we maintain a healthy right to remain skeptical of those claims until some meat is added to them.
The DPA (Datatilsynet) in Denmark operates in the exact way stated in the article. I've fairly sure it's the same in Sweden, Germany, UK, and most of the EU. It is in stark contrast to the US.
I'm not going to link cases, because they're in Danish. They are available from their webpage, and the most resent ones are linked on the frontpage. The last few cases large companies was not in compliance and the didn't get a fine, but they are expected to address the issues, and if they don't then they will get a fine.
That's supernice for you in supernice Denmark. Now what about all the other EU countries? What about in 5 years time if things become less supernice. 10 years time?
They, and other DPAs have multiple decades of history of doing it this way. I trust that more than random people on the internet deciding that GDPR is bad because the DPAs theoretically could do it.
We have plenty of cases serving as prior judgements, and if a DPA suddenly act with a disproportional reaction, there is multiple levels of courts that can and will reverse the decision - nationally and EU level as well.
I know it's kind of hard to imagine coming from a US perspective, but it's "supernice" as you say for pretty much everyone in pretty much every EU country. Based on decades of precedent behaviour.
Here are two recent decisions from the UK. The ICO has a maximum £500,000 fine available.
In one a company was handling sensitive personal data (medical data). They're required to register with the ICO. They did not do so. The sceptics would claim they got huge fines. They didn't. THey got a letter asking them to register, with no further action taken. ICO released a statement.
In another the Crown Prosecution Service lost data in the same way they had previously lost data: they sent unencrypted DVDs through the mail and those DVDs got lost. The DVDs contained victim interviews from children who had been sexually abused. It's hard to think of worse: very sensitive data, transmitted in a stupid easily fixed manner, and a repeat offence. Even this didn't attract the biggest fine. They got a £350,000 fine.
The national regulators have been operating the previous regime for twenty years, so there IS plenty of experience and history to look at. The UK's ICO has made quite clear that the style will not change, as have bodies in other countries.
> "This post is an attempt to calm the nerves of those that feel that the(ir) world is about to come to an end"
This post is actually a single person's viewpoint, a mere speculation of how things may or may not turn out to be. Your mileage may vary.