A little over a year ago the European Union’s sweeping GDPR regulations were released. For some these laws were a sweeping victory for copyright holders in the war against Internet privacy. For others it threatened to take the fun out of the Internet by killing memes and throw it into pandemonium with billions of dollars in fines being doled out to individuals and companies alike. So one year later, how many of the predictions have come true? Wired Magazine took a look at this in a recent piece and we’ll add our two eurocents (not that the EU really cares much what we think).

Fines, Fines And More Fines

One of the major complaints from both private individuals and from major companies would be the fines involved should they be found in violation of GDPR rules. Of course the regulations included provisions that allowed for fines in the millions of dollars that would have the potential to break a company.

One year on the EU has not been doling out fines like a person doles out candy on Halloween as fearmongers claimed. That is of course not to say that there have been no fines issues, Google has been hit with a $56 million fine relating to its lack of transparency on how it collects personal data to be used with advertising dished out by French officials. Less than 100 fines in total have been issues, mostly by Germany, and most have been small in value. The top value of fines are actually reserved for habitual offenders and the law simply has not been in place long enough for that to happen.

Now American companies like Google and Facebook have been hit with massive fines by the EU but that is for seperate anti-competition issues and not related to GDPR. It is very easy to conflate the two though.


We here in the US don’t feel the need to comply with EU law. We are not a part of the EU (and we have bailed them out not once but twice in the 20th century) so who cares about their laws right? Well, companies that do business in the EU care and our government officials took notice.

Not soon after GDPR was enacted California introduced similar legislation and many have called for a similar nation-wide standard in the US. Of course you can argue that the government is only looking to give itself more power but we do have an issue with data privacy that is not being addressed by those in power with the ability to enact change.

A Fundamental Change To Internet Life

Companies doing business in the EU complying with EU laws was not the biggest complaint by Americans. GDPR threatened a fundamental change to life on the Internet that would create new hoops to jump through and new steps to take to get to the same end.

In reality it has had little effect. Most data privacy laws were already on the books so there was little to change in regards to that. The biggest thing was just gaining consent from customers for the collection of user data. You’ve seen the popups that tell you that the website is using cookies and that you either need to accept it to visit the site or decline it and leave it. You also probably receive a flood of emails asking if you wanted to continue receiving emails from that company. If you declined, your inbox has probably not been flooded by emails from those companies unlike American companies that do not seem to unsubscribe you from their mailing lists when you click the link.

Has GDPR Worked?

The main aim of GDPR was to protect Internet user’s privacy and copyrighted material. It seems that when it comes to copyrighted material the effects of GDPR have been overinflated but we are only one year in. Since few fines have been handed out it seems that protecting Internet user’s privacy has been somewhat of a success  but again it is only one year in.

It also intended to cut down on data breaches and increase reporting when a breach occurs. In 2018 41,502 data breaches were reported by 21 EU member states and it is believed that there were around 60,000 total across Europe. The most (per capita) were in the Netherlands, Ireland and Denmark.

Now take those numbers with a grain of salt. GDPR went into effect a few months into 2018 so undoubtedly some of those breaches occurred before it became law. While the number of breaches reported increased from 2017 to 2018 that could be attributed to the requirement to report the breach rather than trying to keep it secret and prevent it from becoming public. As far as data breaches we will probably not know GDPR’s effect until 2020 at the earliest.


Is there a reason to be skeptical of GDPR? Of course. For people who want the government to stay out of their business their lives will be changed and they will not like it. That will lead them to pushing all kinds of different ideas, many of which are nothing more than fear mongering and many of those “predictions” have not come to pass. But we are only a little over one year into this so the final verdict has certainly not been made.

It is probably inevitable that we will see similar legislation here in the US in the near future and like with all laws there are pros and cons depending where you sit on the political spectrum. The Internet has changed society as we know it and it is a matter of time before regulation comes to it, in fact it is already here with GDPR. Who knows, it could make the Internet better. We’ll see.

Comments are closed.

Scroll to Top