GDPR

Sometimes, you’re trundling along through the digital forest, trying to navigate terms of service longer than Dostoevsky’s back catalogue, when suddenly… there’s a Larch. Unexpected. Tall. Mildly majestic. And utterly irrelevant to the rest of what’s about to happen. The Google fonts fiasco: Helvetica, but make it litigious In a plot twist worthy of Kafka, a German court (Landgericht München, civil chamber number three, for those playing Regulation Bingo at home) ruled that simply including a Google-hosted font on your website amounts to illegally handing over users’ IP addresses to Google. No consent. No justification. No shady disclaimer hidden in 6pt grey-on-grey legalese. ...

You’d think something called the General Data Protection Regulation might actually protect data. You’d be wrong. Along with its elder cousin, the ICCPR, GDPR was hailed as the Great Hope™—a beacon of digital dignity in a world run by surveillance capitalists. But instead of taming the beast, it handed it a clipboard and told it to tick some boxes. The GDPR officially kicked in at the stroke of midnight on 25 May 2018, like some sort of data privacy Cinderella. It was meant to give users the sacred gift of choice—to say yes or no to having their personal lives vacuumed up, analysed, monetised, and passed around like cheap party favours. What we actually got was an avalanche of “consent” banners and passive-aggressive pop-ups saying: “Agree or get lost.” ...

The GDPR—Europe’s magnum opus of regulatory overreach, drafted by people who clearly believe consent forms are the pinnacle of human interaction. Born from the ashes of the 1995 Data Protection Directive (which, admittedly, was about as fit for the digital age as a fax machine), this sweeping reform was supposed to “strengthen privacy rights” and “boost Europe’s digital economy.” Instead, it gifted us with pop-up hell, corporate panic attacks, and a cottage industry of “GDPR consultants” who’ve never met a compliance checkbox they didn’t adore. ...