The General Data Protection Regulation (GDPR) (EU) 2016/679 aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment within the EU.
The above is excerpted from Wikipedia's article , and edited.
Privacy online is a great big mess. The mess that has been growing in severity and complexity for decades. GDPR defines new consumer rights, so it makes new obligations for entities that would handle EU citizens' personal data.
Are they reasonable? Onerous? Opinions vary.
It's been a long time coming! Legislation strong enough to be effective here would have to cause collateral damage...
Types of consequences observed thus far:
## 1. Overcompliance, and weird interpretations of compliance
All those darn emails.
Just to be safe, when this form asks for your email address, it also asks if we can send things to... your email address :^)
## 2. Kicking and screaming
Devs who can't be bothered to comply so they withdrew service from Europe:
Yeelight has shut down some of its home automation features: https://twitter.com/internetofshit/status/999619364541394944
## 3. Defending and explaining
## 4. Strengthened consumer advocacy