Except the fine is 2% of your income or up to 20 million, whichever is higher, and a horde of lawyers is wringing their hands preparing for a horde of lawsuits similar to class actions.
I don’t think you grasp the gravity of the situation - the European Union is in chaos right now, I know multiple lawyers expecting their best year ever and even public institutions are severely worried. Companies are pulling their website from the EU for this reason (even Microsoft shut down two services for this reason).
Please understand - for many of us, me included, this is a make or break for our companies, careers or w/e. I don’t think many people in the EU (or with serious business in the EU) will want to take the risk. I, for one, do not condone risking every job in the company because third parties think it’ll blow over…
Depends on the industry really, and the software. A lot of older companies are not capable of being compliant due to their nature, but in general, agreed.
We are legally obliged to offer the ability to use our services while not using any personal identifiers (including IP’s) that are not strictly needed.
Is this strictly needed to use our services?
I would argue it isn’t…
Agreed. I think the forums not supporting the GDPR are liable to lose a lot of usage. If the lawyers get their way, people will be scrambling to get rid of anything not explicitely compliant.
To be fair, it’d be harder using ipv6. It could also be hashed with something else.
It’s a painful law but ultimately I think it’s possible. The simple proof ot that to my opinion is that so many businesses are in panic - as they simply had no clue how they were handling sensitive data. Scary if you think about it. But I digress.
I think you’re right on most of what you said, but there’s something else I’d like to note: You’re also legally obliged to offer your service with the minimal amount of personal identifier needed for basic usage. There’s a strong argument to be made that IP’s aren’t actually needed whatsoever, but serve to enrich the service. Which means it has to be optional, according to the new law.
Very much true.
And to be frank, if someone wants to avoid being seen by IP, they will be able to avoid it incredibly easily using proxies. Can be asked if simply adding a cookie doesn’t suffice to offer similar protection for less trouble. Could also store a hash of the IP * the 6 hour period perhaps, not sure if that’d help legally.
All this said and done, let’s pray to the ip god that the lawyers dont get their way.