The General Data Protection Regulation (GDPR) (EU) 2016/679 aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment within the EU.

The above is excerpted from Wikipedia's article , and edited.

Privacy online is a great big mess. The mess that has been growing in severity and complexity for decades. GDPR defines new consumer rights, so it makes new obligations for entities that would handle EU citizens' personal data.

Are they reasonable? Onerous? Opinions vary.

It's been a long time coming! Legislation strong enough to be effective here would have to cause collateral damage...

Types of consequences observed thus far:

## 1. Overcompliance, and weird interpretations of compliance

All those darn emails.

Just to be safe, when this form asks for your email address, it also asks if we can send things to... your email address :^)


## 2. Kicking and screaming

Devs who can't be bothered to comply so they withdrew service from Europe:

Jackson Palmer has , a side project. He blocked EU connections to it, and explained how .

Yeelight has shut down some of its home automation features:

## 3. Defending and explaining

## 4. Strengthened consumer advocacy

## Etc.