The GDPR in Europe doesn’t allow you to use publicly available information without explicit user consent, especially if involves personal data.
Even doing some Google Analytics can in theory result in large fines.
The GDPR is really complicated. There's plenty of publicly available information you can use without explicit user consent. What's true is that many of GDPR's rules, particularly the disclosure of data sources and erasure requests, don't get an exemption just because the data is publicly available.
For example, while they can't just divulge my name & age in the news, the captions under pictures in news articles can often still have people's names & ages under them without explicit user consent. Tabloids would likely cease to exist if it were any other way. ;-)
Actors living in other countries with no contacts to Europe don't give two shits about GDPR. If I'm a hacker looking at tracking down particular users and committing phishing/watering hole attacks all the laws on the planet really don't matter. What does matter is the data you leak online and the tools I can use to process it.
Folks who deliberately violate laws are obviously not going to follow the rules, but that doesn't mean the GDPR & other privacy laws don't have teeth (in fact, they have specific rules about mitigations against bad actors). Even when businesses don't have contacts in Europe (and once you are a certain size, that gets less and less likely), GDPR is a thing.
cbsmith|2 years ago
For example, while they can't just divulge my name & age in the news, the captions under pictures in news articles can often still have people's names & ages under them without explicit user consent. Tabloids would likely cease to exist if it were any other way. ;-)
pixl97|2 years ago
cbsmith|2 years ago