Most people, whether in government or in business, can't give a flying fsck about GDPR or whatever. They just want to get their primary job done, and to them stuff like GDPR is just legal red tape that's imposed on them and that serves no value whatsoever, merely serving as roadblocks slowing them down from doing their real job. They don't want to understand the intricacies of GDPR, they just want to get it over with as quickly as possible, which means slapping a cookie banner on the site, checking the "I am now compliant" checkbox that the GDPR officer nagged them with, and calling it a day. They don't want to go through the trouble of researching a couple of weeks what the best user-friendly way is of being GDPR compliant when they can just install a cookie banner in 5 minutes.
Sounds familiar? If you're a developer in a large corporation then I'm sure you have also been annoyed by the tons of security and firewall rules, and most of you would rather work around them than trying to understand why they exist and how to best comply to them both in mechanics and in spirit. Just like you're not deliberately trying to be evil and breaking the company's security, they're not deliberately being evil and trying to violate privacy.
Most people don't give a fuck about anything that isn't related to their current task. However, there are laws, and company must give a fuck about it and do such UX so that those that don't give a fuck are not fucked on spot.
Most people, whether in government or in business, can't give a flying fsck about GDPR or whatever. They just want to get their primary job done, and to them stuff like GDPR is just legal red tape that's imposed on them and that serves no value whatsoever, merely serving as roadblocks slowing them down from doing their real job. They don't want to understand the intricacies of GDPR, they just want to get it over with as quickly as possible, which means slapping a cookie banner on the site, checking the "I am now compliant" checkbox that the GDPR officer nagged them with, and calling it a day. They don't want to go through the trouble of researching a couple of weeks what the best user-friendly way is of being GDPR compliant when they can just install a cookie banner in 5 minutes.
Sounds familiar? If you're a developer in a large corporation then I'm sure you have also been annoyed by the tons of security and firewall rules, and most of you would rather work around them than trying to understand why they exist and how to best comply to them both in mechanics and in spirit. Just like you're not deliberately trying to be evil and breaking the company's security, they're not deliberately being evil and trying to violate privacy.