(Portugal) Edward Snowden is on record saying the GDPR misses the point and will be a "paper tiger" until big fines are commonplace. ZDNet reports as follows:
“This is a good piece of legislation in terms of the effort they are trying to do. Is GDPR the correct solution? I think no and I think the mistake it makes is actually in the name; the General Data Protection Regulation misplaces the problem,” Snowden told the Web Summit tech conference in Lisbon.
“The problem isn’t data protection, the problem is data collection,” he said.
Snowden was speaking via a video link from Russia, where he is now living after leaking details of secret US government surveillance programmes to reporters back in 2013.
“Regulating the protection of data presumes that the collection of data in the first place was proper, was appropriate, that it doesn’t represent a threat or a danger, that it’s ok to spy on everyone all the time whether they are your customers or your citizens — so long as it never leaks, so long as only you are in control of what it is that you’ve stolen from everybody,” he added.
Snowden said that while GDPR is a “good first effort” that the bar was set pretty low before: “What I’m saying is that it’s not the solution, it’s not the good internet that we want.”
One of the most significant features of GDPR is that organisations can face a maximum fine of 20 million euros or four percent of worldwide turnover — whichever is greater. While some large GDPR fines have already landed, Snowden said: “Until we see those fines being applied every single year to the internet giants, until they reform their behaviour and begin complying not just with the letter but with the spirit of the law, it is a paper tiger that actually gives us a false sense of reassurance,” he said.
(Privacy press clipping sourced via ZDNet)
Edward Snowden is underwhelmed by the GDPR, arguing the focus should be on “data collection” rather than “data protection”.
To Snowden’s view, large and regular fines are necessary to reform behavior by significant players on the internet.
Snowden may not have the full picture on the provisions of the GDPR. The rules on legal grounds for processing cover the issue of collection with Articles 5 and 6.