Do you know what the phrase "throw the book at them" means.

It means you have a rich set of laws, which punish various offenses which look fine on paper, but in practice everyone violates just to do their regular job, so they're widely not enforced.

But if you want to fuck someone in particular, you can easily find them in violation of a dozen or two of them, and put them in jail for a long time or fine them substantial amounts.

You threw the book at them.

This is basically what most of EU's data privacy, cookie and so on laws are about, in practice.

It's interesting how you can take a collection of seemingly or genuinely good-intentioned rules and use them to basically rule as a king, but there you go.

And it's not a good thing.

That not really how, at least some, European countries work. Laws are written and companies are generally expected to follow them. We’re try to catch up, going from an society where rules are followed, without the need for actual enforcement, to one where companies don’t follow the law unless the court makes it unprofitable.

You'd think that if this was a legit defense they would use it in court, instead of "There has been no data breach, and no customer data has been exposed to any third party" clinging to anything irrelevant, as I'm sure they don't hire incompetent lawyers waiting for an online poster to come up with a solution

I think GDPR discussions are always heated on the 'EU vs US' line because of different approach to trust in the govt. In the EU people tend to (surprisingly maybe) trust politicians more because they at least want to be re-elected and distrust corporations/billionaires because they want to increase profit. In the US, I think, it's different, there is a distrust in the government because they are here to get us and more trust (surprisingly maybe) in corporations/billionaires because they are just like me working hard to earn money

The GDPR was enacted two years before it came into force. Companies trading in the EU had plenty of time to come into compliance.

LQDN didn't "wait for the law to get signed" - it was signed ages ago. They waited until it was enforceable.

It's worth pointing out that the GDPR is an EU "regulation". It doesn't have to be ratified by member states, and they don't have to implement some kind of compliant national legislation. This is very different from the previous EU privacy legislation, which required member states to enact suitable laws, which many of them were apparently reluctant to do.

The GDPR came into force the day the regulation was issued. It's just that "came into force" means that the 2-year breathing-space provided for in the regulation began at that time.

[Edit: changed 3 years to 2 years]

"The GDPR was adopted on 14 April 2016 and became enforceable beginning 25 May 2018."

They had two years from when the law was made.

If we're talking about GDPR, it came into effect on 25 May 2018, after being adopted by the European Parliament on 14 April 2016.

That's two years, one month, and 11 days for implementation. Those additional days are days after it was published in the EU's Official Journal. It's not EU's fault that companies waited until 2018 to give a fuck about it.

> Do you know what the phrase "throw the book at them" means.

It's perfectly reasonable to throw the book at them, because unlike their competitors they don't seem to have made even a token effort to begin compliance.

If they didn't have the book thrown at them, people would complain that the law is toothless.

I've worked for two companies that had to implement GDPR, in both cases the legal departments were extremely serious about it and we had to do a lot of work to comply. Why should Amazon get a pass?