Maybe it’s just me, but the more I read about GDPR the more I see that it is really vague and a ‘let’s figure it out as we go’ approach.
As mentioned in Webflow’s blog and confirmed in a few other articles I compared it with, personal data can be anything as obscure as name, email address, and even social media handle (lol), basically anything that leaves a breadcrumb trail of who you might be. This is also known as being public domain, or stuff that is and has always been available outside of the internet in the real world. Why it is valuable now, who knows. Phone books have been printing this information and giving it out for free since forever.
Strait from the ICO, just take a look at the wording:
The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis.
Basically it says you need consent, or maybe you don’t, or if it’s too hard to get it, figure something else out and we’ll decide if it’s lawful later.
This one is a real gem too:
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Hey, maybe it identifies a person, or maybe it doesn’t, but we can still bury you fines for up to 20 mil euros or 4% global supply, whichever is more.
I get what GDPR is trying to do, but it looks like it is framed on gray area and leaves way too much open for interpretation, and it isn’t reciprocal for both websites and users.
Curious what everyone thinks. Webflow says they are excited for it, but I remain skeptical until the language is cleaned up.