GDPR is good for the citizen of Europe but it’s got major issues.
Let say a small Canadian mom and pop retail store decides to open and ecommerce website using Shopify and they are GDPR compliant. A European purchased from that website and later say they will like to be forgotten here is where it get ugly.
The store deletes all your info from their website and you as the customer is happy right.
Well it doesn’t just end with the store deleting all your details from their website because your details where sent to a third party payment processor and shipping app or software.
So tell where does GDPR fall in this situation?
A lot of Europeans are saying they will use a VPN to bypass sites that block them.
So you try to access a site and the site says “sorry we do not currently provide servicies to your location and using a VPN to get to our site will be a violation of our terms and services”. You still decide to use a VPN to access the site and later on request for the right to be forgotten and the company denies so you report them to the organization in charge of GDPR. Here are the questions
1) You used a VPN to mask yourself and now you reported to the GDPR authorities.How will you proof(especially for those who are not tech savvy) that you were an EU citizen accessing that website on said day and time, because you IP address is probably going to be a US , CANADIAN, Australia IP.
There is a small start up that started business after May 25th and they clearly block your ip and and say they do not service your region. Then you go report them and say they had data on you before the implementation of GDPR on May 25th.
1) Will the GDPR authorities send you a warning or fine you without even investigating if this is true or not?
2) let’s say they investigate and fine that the person who reported was just doing it to get the business in trouble what will the GDPR authorities do to that person?
A lot of people are going to use this GDPR situation to falsely accuse business and in such situations what will be the consequences for those who file false claims?
Each country has laws on how long you can keep customers information for tax purposes. So if a customers request the right to be forgotten and you deny and that customer reports you. Isn’t it going to be a waste of money and resources to the GDPR to try to fine a company for denying to delete such data?
I feel like the GDPR should have been focused on companies that collect people’s data for use on advertising purposes and not all companies. And a different set of rules for small business and regular companies becuase it will cost someone who blogs as a hobby a lot of money to go about this whole GDPR thing like hiring a lawyer, paying to get their website infrastructure GDPR complaint.
Also for all the EU citizens saying that companies should stop blocking and be complaint becuase they are loosing money EU’s large economy you are wrong. If you have the right to be forgotten as a customer then the company also a right to not want to do business with you. The EU economy is huge there are other up and comming economies that could be tapped in to by businesses.
from Technology https://ift.tt/2J8sWVh