So the General Data Protection Regulation has come into effect. I first learned about this from Strant on Discord about a month ago, and after a discussion with him I was tentatively in favor, because it replaced the "right to be forgotten" with a more limited "right of erasure, because it required companies to disclose data breaches within 72 hours, and because I assumed that it only applied to companies that do business in Europe.
However after learning more about it, I'm absolutely appalled by this regulation. For one thing, 72 hours already seemed generous to me, but I realized that companies aren't necessarily required to disclose data breaches to users at all, negating what I thought was one of the strongest parts of the law.
Meanwhile, instead of regulating the activities of European companies with regards to their client base, which would be the normal thing, it regulates the activities of anyone worldwide, with regards to European citizens. There's so many worrying implications for how this could apply to US citizens, though obviously we'll have to see how this pans out, but it's still clear that the European Union is trying to apply its laws to the actions of United States citizens acting in the United States, and requiring things which are clear violations of the First Amendment.
Now, I'm hopeful that Congress will pass something like the SPEECH Act to cover any foreign law which would violate the First Amendment rights of American citizens and/or that Supreme Court would hold that foreign judgments from the GDPR are unenforcable, but in the mean time, many US companies, and even private individuals are attempting to comply with the GDPR due to chilling effects.
Meanwhile, it appears that law does not apply to the data of non-EU citizens (or at least non-EU citizens not resident in an EU member state), even if collected by EU companies.
As an American, I resent the idea that I'm obligated to follow EU laws for a personal website hosted in the US, but that I do not have the same rights as EU citizens when it comes to EU companies. I know that I'm going to catch flack for saying this because the intention is different, but this law reminds me of the unequal treaties that Europe (and the US) imposed on Asian countries in the ninteenth century: our citizens are untouchable in your countries, but your citizens don't get the same rights in our countries.
All-in-all, I've gone within a week from "I guess that on the balance this seems like a decent law" to "I am super pissed, fuck you European Union!"