While there are byzantine parts, I think it has been a net positive for the user.
People focus mostly on the cookie popups, but forcing companies to delete data after the user stopped using the service for too long, or even giving a legal stand on users requesting their data to be deleted wouldn’t have happened any other way I think.
In a lot of european countries GDPR came on top of other existing customer protection, but it helped make companies think about compliance as needed for continued business, instead of something akin to properly filing random local paperwork.
People focus mostly on the cookie popups, but forcing companies to delete data after the user stopped using the service for too long, or even giving a legal stand on users requesting their data to be deleted wouldn’t have happened any other way I think.
In a lot of european countries GDPR came on top of other existing customer protection, but it helped make companies think about compliance as needed for continued business, instead of something akin to properly filing random local paperwork.