GDPR has significant scope to enable DDOSing of commercial organisations with information requests - it will likely become a tool for political activism as the new information request system has no fee.
It also has potential to spawn new greasy organisations that facilitate mass requests for personal info on your behalf which could lead to some new PPI-style compensation claim situations.
It's a good step for custody of identity information but I'm not sure impact has been completely thought through.
> GDPR has significant scope to enable DDOSing of commercial organisations with information requests
Another way of looking at it is that it adds significant incentives for organizations to make user data more easily accessible to users. There's no reason information requests _have_ to be expensive operations.
Lawyer for the U.S. business I work at said that we can look at it more in the coming year since he suspects it won't come to life in its current form for the exact points you make.
Guess we will see. I'm all for individual rights and privacy, but there should also be options that are reasonably achieved by all parties.
I suppose that would depend on your view point. I am of the view that much of this data collection is something companies have no right to, especially when it's done to people who have not agreed to it ala Facebook's shadow profiles. From that viewpoint I say tough shit if you get swamped by these requests.
If we found that a group of companies had made a business model of dumping garbage in public areas through a legal loophole, Id hope that people wouldn't be saying that we have to figure out some solution that's reasonable for all parties when the government goes to stop that
>GDPR has significant scope to enable DDOSing of commercial organisations with information requests - it will likely become a tool for political activism as the new information request system has no fee.
@vecna (https://github.com/vecna, former Hacking Team employee turned privacy activist) is working towards that, and I think he wouldn't mind contributions.
Supposedly, this path is open to even non UK residents, since the processing likely happened in the UK.
"According to the UK Data Protection Act 1998 implementing EU Data Protection Directive 95/46/EC, any individual whose data is processed in the UK has the right to access it (Article 7), regardless of nationality. "[1]
Can't we do a little better? If this is 'So important' - why is it relegated to one small blog and why is it entirely up to us to mail this letter? Truthfully, I don't know what this 'high stakes' fight should resemble, but I hope it does not consist solely of a bunch of people mailing letters.
If you don't think it's important, and the fact that you put 'so important' and 'high stakes' in quotes implies that you very much don't think it's important, then you'll make much more of an impact if you instead post about why you don't think it's important. Otherwise you're just indirectly insinuating things without evidence, a la the "hey I'm just asking the questions" people on AM talk radio, /r/conspiracy, etc. Asking questions is great, but most people's interpretation of what you wrote is that you're not asking a question, but rather making a statement in the form of a question so that you're not obligated to present a counterargument to support what you're strongly implying.
Alternately that's not what you were trying to communicate, and instead you're just innocently misusing quotation marks, in which case sorry for misunderstanding your point. Anyway that's probably why you're getting downvotes from some people. Little details like the quotes can completely change the interpretation of what you're communicating.
