I’m not the only one that doesn’t like the GDPR, but I’ll put my reasons here.

What counts as personal data

Under the GDPR, IP addresses count as personal data for some reason. Some sources just say IP addresses count as personal data, while others say IP addresses count, but only if it can be combined with other personal information to figure out who the person is. Aside from the fact that confusion about something as important as this means the EU needs to clarify things a bit more, IP addresses are never personally identifiable information.

Most computers out there are behind a router. The router has a public IP address and is connected to the internet. When a computer connected to the router want to access a website, the website only sees the IP address of the router. This means that if multiple people use the same router, then there is no way to figure out who did what on a website, with just the IP address. Also, how are websites supposed to know if a person is in the EU? What if they’re in the EU, but using a VPN in the US? What if they’re in the US, but using a VPN in the EU? See what I mean yet?

Companies will just block all people from the EU

If it’s too expensive for a company to be GDPR compliant, they’ll likely just not allow anyone in the EU to access their website and/or services. Blocking IP ranges is much cheaper than paying developers and wasting hours or days on adding opt-in forms. Also, how the f*** are companies supposed to store a user’s opt-in or opt-out without cookies? If a user doesn’t want to store cookies, then what way is there to store that decision?


This post on reddit said it best:

And as a consumer, I also hate it. I hate it that I now am going to have to go through all sorts of legal stuff when I just want to do something simple on a simple European website. "Check this box to consent to this. Check this box to consent to this. Please check this box. Don't forget to log into your account at least once every x days, or we will delete your data to comply with legal requirements! Please check this box saying that you consent to our use of cookies on our system. Please read this page in its entirety so that you understand your rights before registering. Please check this box to allow us to retain this data." For example... just to even make a post on blogspot...I gotta read through all sorts of blurbs and check agreement boxes to indicate that I'm compliant with EU law in my blog, and that as a user, I understand EU law and how it applies to me. As a US citizen. What's not wrong with that picture?!

The GDPR basically requires that users opt-in to anything even somewhat related to personally identifiable information. All of which is useless, because 90% of web servers probably have their standard logs turned on, which stores IP addresses. Also, what if there are two users on the same IP address, and one consents to being tracked, but one doesn’t? How, as a website owner, am I supposed to prove I only have the IP address of the one user that did consent?


Most blog owners DO NOT have the s***loads of money required to make their blogs GDPR compliant. Is the EU really going to sue every blog that isn’t compliant. Really? This also will lead to way less competition in the long run. If you don’t already have a business with tons of money, you won’t be able to become GDPR compliant. So, start-ups will need more funding, and have less money available to focus on their business because they spent all their money on making opt-in forms for their website. Opt-in forms are not that simple, they require a lot of backend and frontend code to work.

Common Sense

Seriously, if you enter your email on a form on a website, assume it will be stored. Why should I have to add a checkbox to make sure people understand that?

Privacy on the internet is not possible

The internet was not designed with privacy in mind, and it’s too late to change it now. If you want your privacy, then don’t use the internet. Besides, what’s the last privacy policy you actually read? All the GDPR does is mess everything up for smaller companies.


I’m fine with restrictions on _selling _user data, but what’s wrong with storing it? Most website owners use analytics so they can see how people interact with their site, not for some evil scheme to sell all your data. The GDPR is way too ridiculous, and it will hopefully be replaced before everyone just blocks the EU.