I usually don't like new tech regulations.
One reason is that technology changes so fast that new regulations tend to protect yesterday from last Thursday.
Another reason is that lawmakers tend to know little or nothing about tech. One former high U.S. government official once told a small group of us, roughly, "There are two things almost nobody in Congress understands. One is technology and the other is economics. So good luck."
Still, I had high hopes for the GDPR (the EU's General Data Protection Regulation), which famously went into effect one year ago. I suggested that we re-brand 25 May "Privmas Day" (hashtag #privmas), since I expected the GDPR would go far toward protecting personal privacy online, which prior to that date had been approximately nil. Back in 2017, I said (onstage, in front of thousands) the GDPR would be "an extinction event for adtech in Europe."
Here in Linux Journal, I put up an FUQ for the GDPR (the U meaning "Unanswered"), meant to provide guidance toward new developments that could give each of us many new forms of agency online, as well as some privacy. Because I really did expect the GDPR to encourage both.
Alas, mostly it hasn't. Worse, most of its early effects have been negative. For example,