> Rest is just making life of web developers/admins/tech company owners harder.
Seriously? People spend tons money and time to track users. If you want to be GDPR-compliant, simply don't save unnecessary userdata and if you still feel the urge to do so, give users the option to control it. It's that easy. Any problems you get from it are of your own making.
> Especially with these European intentions I frankly believe this is more of a political war against US and US-based companies
We created the GDPR, but then knee-capped it with safe harbor. Then Schrems sued and the courts dropped it, but the EU simply reinstated it under the name privacy shield. Then Shrems sued again and after having to have a legal battle again, it unsurprisingly turns out that it's still illegal. I can't see how you think of the EU as anything but overly lenient.
Many just want analytics and GA is the most convenient option. Though with GDPR now website owners (many offering free content and hosting a site where a user explicity browses into with their own will) need to learn law to make sure they are compliant, which obviously shouldn't be the case for such a simple task.
I'm not going into anyone's house and force them to give me their data, I'm collection anonymous data from people who, with their own will, visit my website/use my service. Don't want me to collect your anonymous data? Sure, don't visit my site/use my service then. No one forces anyone. Regulating what tech I can use on my own website? This is ridiculous.
> Many just want analytics and GA is the most convenient option. Though with GDPR now website owners (many offering free content and hosting a site where a user explicity browses into with their own will) need to learn law to make sure they are compliant, which obviously shouldn't be the case for such a simple task.
The problem is that we made collecting user data the easy task while ignoring privacy protection. The fact that Google spend billions to make spying easy does not mean it should be legal. And it's really easy to be compliant - don't collect data. You don't need it to host your website, you really don't.
> I'm not going into anyone's house and force them to give me their data, I'm collection anonymous data from people who, with their own will, visit my website/use my service. Don't want me to collect your anonymous data? Sure, don't visit my site/use my service then. No one forces anyone. Regulating what tech I can use on my own website? This is ridiculous.
And you're absolutely free to ask people for consent for collecting their data or to simply block visitors from the European union. You can also not collect data or do so in compliance with the GDPR, by the way. All ways are perfectly viable.
But just because I opened a link in my browser does not mean I consent to anything - by that logic, ransomware is perfectly fine, because you visited their website and downloaded their software. This is ridiculous.
GDPR is not merely a list of bad things not to do. You aren’t compliant unless you follow slow, expensive processes to continually demonstrate compliance.
I'd really love to see a quote on the section you're referring to. The GPDR has some processes for larger companies (i.e. DPOs), but they're neither expensive nor slow, and small companies have a lot more leeway.
The most egregious I know of is https://gdpr-info.eu/art-36-gdpr/, which calls for an 8–14 week delay that may or may not apply to any launch. I don’t even think the entire EU must agree on what the conditions will be.
Apart from “a natural person in the course of a purely personal or household activity” I don’t know of any size exemptions.
Seriously? People spend tons money and time to track users. If you want to be GDPR-compliant, simply don't save unnecessary userdata and if you still feel the urge to do so, give users the option to control it. It's that easy. Any problems you get from it are of your own making.
> Especially with these European intentions I frankly believe this is more of a political war against US and US-based companies
We created the GDPR, but then knee-capped it with safe harbor. Then Schrems sued and the courts dropped it, but the EU simply reinstated it under the name privacy shield. Then Shrems sued again and after having to have a legal battle again, it unsurprisingly turns out that it's still illegal. I can't see how you think of the EU as anything but overly lenient.