You mean a law with 13 chapters and 99 sections is vague? Who would have thought?

> I've seen a lot of people make this claim, but I find it hard to believe that basically every website on Earth is violating GPDR with the nag screens

It's not hard. It's enough to look at those screens.

And the reasons are simple:

1. Too many devs believe, like you do, that it's the law that is bad, and not, you know, leeches and parasites who collect and sell personal data left and right.

This is not helped by the fact that most devs outsource this to parasites like OneTrust, and Digital Advertisment Alliance, and Interactive Advertising Bureau, and... who promise you to provide you with "GDPR-compliant dialogs" which is a blatant lie.

So, you get a proliferation of dialogs like these: https://twitter.com/dmitriid/status/1347577262682607616

Do devs like you care? No. Because "law bad I read it on HN".

Oh, aand don't forget "analysts and experts" like Startechery who argue that GDPR is a disaster because Facebook has a trove of private user data it collected without consent, and potential new social networks in Europe cannot collect private user data wholesale https://stratechery.com/2021/the-webs-missing-interoperabili...

2. Too many devs couldn't be arsed to read anything about the law even though it's now been 6 years since it was introduced.

There are people in this thread who are in all seriousness stating that a 13 chapter law is hard, and vague, and complex, and long. Newsflash: human activity is complex, and vague, and long. And GDPR is one of the simpler and more concise laws out there.

Moreover, data protection laws have existed in European countries for literally decades. Where were you and other bemoaners? Oh, right, you either didn't know or ignored or broke those laws. Well, EU countries got together and said, "okay, our national laws are clearly not enough, we'll create an all-encompassing law that is applicable to the whole of the EU and specify what you get for breaking it."

Another half-decade passes and cue in developers who still couldn't be assed to not siphon and sell personal data, and who blame the law.

> find the law vague and feel like they

like they couldn't be bothered to read even the smallest bit of info on the law, didn't do it before GDPR (when other data protection laws existed, and those laws still exits today), and haven't bother to read and understand anything about the law in the 6 years since. Does your business even pay taxes, or "nah, the law is too complex"?

All laws are vague. Because human activities are too complex to properly define and describe. Is GDPR vague? Yes, for some activities. Is it so vague as to be unimplementable? No, for the absolite vast majority of cases. Does the ad and tracking industry care? No. Do you care? No, you believe what the ad and tracking industry tells you.

1. All of your language around this is unnecessarily emotional & aggressive 2. Developers don't make all of these decisions about website content, compliance, privacy & legal requirements- business owners & attorneys do. We don't have nag screens because all of the frontend developers in the world just simultaneously decided on their own accord that they're a requirement- these compliance decisions are made higher up the organizational chain. I simply don't believe that all of the businesses, inhouse attorneys and other decision makers on planet Earth haven't read GPDR and have it wrong, but you alone have the right interpretation. Seems unlikely eh?

> All of your language around this is unnecessarily aggressive

Because it's been 6 years, and we still hear the same tired bullshit over and over

> but you alone

Not just me alone. Those leeches you're so busy defending? Well, guess what is eventually happening to them?

https://techcrunch.com/2021/11/05/iab-europe-tcf-gdpr-breach...

However, it's telling that you yourself didn't spend a single minute actually reading what the law is about.