Rather than "afraid", I'm mildly annoyed by the regular posting to HN of various error messages that Europeans get when visiting various sites that DGAFAGDPR. Why don't they send those errors to the European regulators instead? Those people seem better-placed to do something about the errors.
From what I have read here on HN is that companies are forced to have users opt in to targeted advertising business models which will make almost all advertising business models unprofitable.
Unsurprisingly, companies are deciding that EU users are not profitable customers without targeted advertising and thus not worth serving these users causing them to block all EU users even if some EU users would accept the previously agreed upon terms of targeted advertising in exchange for the content they wish to receive.
This is a terrible precedence of anti-choice in my opinion since the EU has forced upon all EU people the inability to accept a business model of targeted advertising in exchange for content and thus causing many companies to leave the EU altogether.
> companies are forced to have users opt in to targeted advertising
Well, that sounds good to me. If user wants targeted advertising, he should show that desire, i.e. opt in. It's privacy by default.
> EU users are not profitable customers without targeted advertising
So, they can't find profitable business model without stealing users' data? Well, then let them fall. And yes, I do mean stealing, if it is done without users' explicit consent.
> the EU has forced upon all EU people the inability to accept a business model of targeted advertising
It's not the EU that forced this, but rather companies which don't care even enough to provide basics of privacy.
Btw, I also don't think companies blocked EU users, because the targeted advertising model became unprofitable; rather it's because they don't want to spend time and resources to figure out what they would need to change.
The part of GDPR that I find unreasonable is the requirement to appoint an EU representative. It makes small companies with no presence in the EU Hire someone in the EU if they want to comply, which could be necessary if they sell to companies that do have an EU presence. Granted, a single person can act as a representative for a few companies, but the estimate is still around 20,000 Europeans that need to be hired for this strictly unnecessary position. It's wasteful and stupid.
> It makes small companies with no presence in the EU Hire someone in the EU if they want to comply, which could be necessary if they sell to companies that do have an EU presence.
It simply does not.
Paragraph one of the Article 27 which states the requirement for a representative is followed by
Paragraph 2:
The obligation laid down in paragraph 1 of this Article shall not apply to:
a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1).
If you're wondering what is "special categories of data", they're reasonably sensitive data,
Art 27. 1: Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
Which is again, exempt, under Paragraph 2 of the same Article, which states:
2.
a) Paragraph 1 shall not apply if one of the following applies:
the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.
It's not at all that simple [0]. In particular, it's not at all clear what occasional means, since GDPR doesn't define it clearly and a simple dictionary definition would mean that something as simple as an Apache log would not qualify as occasional and would require an EU representative.
Every incorporated entity in the US is required to have a registered agent physically located within the entity's state of incorporation as well. It's a pretty low bar to meet.
