Because it ends up abused by marketers, and frequently ends up facilitating crime as well. GDPR as a law came out directly from the last decade of mass surveillance economy.

So what? It was part of the agreement when you consented. The same way that when you go to a club, a strip club, or a casino you know you 'll be exploited in a way. Sounds like advocating for overreaching laws that "save you from yourself" and keep you away from harm / drugs etc.

It's a bit ironic that you brought up mass surveillance because GDPR explicitly exempts the police and security services from its reach.

Edit (i can't post a reply): - consent should always be required, but if you don't consent i shouldn't be legally required to service you. GDPR is more than just consent hence the overreach

- The NSA has more data than any single actor on the internet, we can't possibly claim that private surveillance is worse. The NSA may have a better profile of me than any private actor even though (and especially because) i m not american. And their profiling can harm something that businesses generally don't care to harm: my freedom

> It was part of the agreement when you consented

I didn't consent to shit. GDPR is the response to rampant abuse of personal data without obtaining proper consent. You're still allowed to use my data if I consent, you only have to obtain an actual, informed consent.

> The same way that when you go to a club, a strip club, or a casino you know you 'll be exploited.

What kind of clubs are you visiting? :o. Are you sure they're legal?

> It's a bit ironic that you brought up mass surveillance because GDPR explicitly exempts the police and security services from its reach.

It isn't, because adtech surveillance dwarfs government surveillance. Also, the police and security services are doing something valuable for me, even though they do it imperfectly. Advertising industry exists only to fuck me over. It's a cancer on society.

> It was part of the agreement when you consented.

That's a big point in GDPR, I think -- there never was consent. It's the same as why terms and conditions aren't legally binding: nobody actually considers there to be a valid agreement when they click next. In a sense GDPR is just enforcement of people's expectations, and ending predatory practices that were misusing them.

Replying to your edit:

> consent should always be required, but if you don't consent i shouldn't be legally required to service you. GDPR is more than just consent hence the overreach

Yeah, and in a world where companies were not abusive, it would work that way. As it is, we both know perfectly well what happens - companies have leverage over users, and they'll use it. They'll make you consent to every kind of data abuse and sharing to use the service, exploiting the fact that giving up privacy doesn't feel like it's hurting at the point the data is being taken. GDPR is designed to remove that leverage - to make it unable for companies to extract arbitrary consents on the threat of refusal of service.

This only really affects you if your business model was baiting users with "free" services, spying on them, and selling that data to adtech industry.

> The NSA has more data than any single actor on the internet, we can't possibly claim that private surveillance is worse. The NSA may have a better profile of me than any private actor even though (and especially because) i m not american. And their profiling can harm something that businesses generally don't care to harm: my freedom

Sure, so NSA may have pulled in your e-mail history at some point in time. But it's mostly sitting there. NSA doesn't care about you unless make yourself important to US national security. Adtech surveillance, on the other hand, track you constantly, through pretty much every device you have, every site you visit, and makes use of your data all the time. And all in all, this data might at some point finds its way to NSA too, already nicely packaged. NSA vs. adtech is kind of like choosing high potential loss but very rarely, vs. low loss all the time. I'd say the expected loss is worse with adtech, but I'm still happy GDPR will make the life difficult for both.

Legitimate question; if you're not American, why do you think the NSA would be impacting your individual freedom, or perhaps the freedom made available by the state(s) of your citizenship(s)? Or were you more referencing that it is violating your privacy?

there is international law which allows the US to affect me and my freedom even in my home country. It would be up to the local courts to decide. And of course when i visit the US, as well as my freedom to do business with US companies. Also, in this case the tracking is both without my consent , and without the protections that american law provides to americans.

> Sounds like advocating for overreaching laws that "save you from yourself" and keep you away from harm / drugs etc.

I understand you probably move in tech/libertarian circles so it doesn't seem like this, but the majority of the world population is in favor of laws protecting people from themselves and keeping them away from harm.

Now what is overreaching or not is a matter of opinion, and hence politics.