(no title)

You shouldn't have to guess where your personal data is going, and how it's being used. When the GDPR was first coming into force, I remember getting bombarded with all these notification emails from all these companies coming out of the woodwork that I didn't recognize. But I don't think I've ever been notified by email, SMS, phone or smoke signal since then.

The biggest flaw of the GDPR in my opinion is that it leaves the definition of what's considered personal identifying information with too much wiggle-room for creative interpretation. Maybe it's hard to pin down exactly, but there's often too much emphasis on the word "identifying", as if it's otherwise OK to gather every intimate online detail and build a profile that is a unique identity in and of itself. It's even worse when real-world decisions can be based on it without your knowledge.

I recently had my own rude awakening learning about these data brokers and risk analysis services. The matter itself was relatively trivial, but I didn't realize the extent of this before and the scope of what personal information they're gathering. And it doesn't matter if you think it won't affect you, since you've done nothing wrong. From what I read elsewhere, even exercising fundamental consumer rights may be held against you. https://news.ycombinator.com/item?id=21440526