Why should I care about the GDPR?

Marina WeisbandWho should the GDPR protect me from?

As the operator of a blog and an online platform, like most of my colleagues, I have been more or less panicked about the GDPR, which comes into force on May 25, in the last few months. Data protection declarations want to be updated, order data processing contracts want to be concluded. But first and foremost: It is good that users can now get information about the use of their data in a form that they can understand. It is good that they are made machine-readable so that users can use them for their own purposes. The EU-wide standards that have been required for a long time are finally here.

"Primarily legal uncertainty"

It is a pity that the pending regulation primarily means legal uncertainty for almost all entrepreneurs, artists, doctors, teachers and bloggers.

When is data "particularly sensitive data"? Which communication do I have to encrypt? What is all data processing? And how can or are my students allowed to access US-based platforms?

For the sake of fairness, it must be said here that some of these uncertainties also arise from the fact that offers were not always compliant with applicable data protection laws before. The remaining uncertainty will only be settled over the course of many years and many court judgments. It takes precedents and nobody wants to become one.

"The internet may get smaller soon"

As a result, many online offers have already announced their closure. This can of course be dismissed as scare tactics, but I believe that it is more about blog operators who genuinely do not have the time, energy and money to risk possible disputes with warning lawyers.

Small services from the USA that are not GDPR-compliant are more likely to block IP addresses from the EU than to undergo the complex compliance process. As a result, the Internet could soon become smaller for us EU residents. Please keep this point in mind for a minute.

Data protection before the state?

But none of that is my main point. My main point is: who should the GDPR protect me from?

First and foremost, I want my data to be protected from the state. The state is the only one that can kick in my door with armed people if it doesn't like what I'm doing. Amazon and Google won't do that, at least not legally. But the state is precisely the authority that wants to tap more and more of my data. Does the GDPR help me against being monitored in public spaces? Does she help me against having to get naked for a HartzIV application? Does it protect me from excesses of the police state like the Bavarian Police Task Act?

No. The historical success of data protection - the GDPR - does not apply to this most important field.

Protection from the "nasty, big private companies"?

What the state promises to protect us from with the GDPR are the nasty big private companies. Facebook, Google, etc. They have to make their data processing transparent and deliver data, which is absolutely great. You are being put under pressure, that too is correct. But they also each have a legal department and a market monopoly the size of which won't bother them much. Facebook immediately used the updated data protection declaration to reintroduce facial recognition.

If small US services were to exclude EU customers rather than complying with the GDPR, Google and Facebook have even less competition. A fragmentation of the Internet, as I outlined earlier as a possible consequence, would secure the European market for them. Because honestly - we are all more likely to accept the data protection regulations of a service where all our friends are than those of a new, smaller service. Even if these provisions don't really suit us.

Decentralized data storage is unfortunately becoming problematic

The worst thing, however, is that social networks with decentralized data storage, for example diaspora, have enormous legal problems with the GDPR and the right to erasure because their data is not even managed by an entity. But that is exactly the kind of ministry I had so much hoped for. Because social networks always have an urge to monopoly - where everyone is, you want to be yourself - and only decentralized storage prevents the concentration of power.

If we are really concerned with data protection, then, according to the General Data Protection Regulation, we must also talk seriously about data protection vis-à-vis the state, as well as about new and decentralized concepts for communication on the Internet. Otherwise it is really not worth the effort and the uncertainty.

This is a longer online version.