dewme
It’s strange to me at a personal level that the EU would advocate for anything that puts people’s privacy at risk. When I worked on a customer loyalty program in the 90s the biggest pushback we received anywhere was from European governments who were concerned about our system (in the hands of our customers) maintaining personal information about what their customers were buying, like individual purchased items, frequency of purchase, quantity of purchase, and items that tended to be purchased together. We’re talking chips and bananas level stuff but the pushback was very hard.
The apps that exist today on smart devices are capturing, aggregating, correlating, trending, and applying machine learning to far more personal and broadly sourced information related to individuals including location information, financial information, credit information, aggregated data from other point-of-sale sources both online and brick & mortar, online search history, social media, public databases, shared genealogical information, etc. This is nearly fingerprint level stuff. And the EU is perfectly fine letting anyone with the ability to put up a “store front” that can tap into that sort of information with a pinky-promise that that they won’t share it, use it for nefarious purposes, or safeguard it in cardboard boxes stored in their bathroom?
What happens when a shallow pockets ISV with a homegrown storefront breaches your data? Are they going to provide any remedial action? Are you or a class action group going to sue them? For what, to make them sell their PlayStation to pay off the penalty from a court ordered settlement?
No thanks. I think I’ll stay in the garden.