This is an interesting choice of counter-argument. Firstly three things:
1) Laws don't exist in isolation
2) Long standing law says theft is illegal and stores can take steps to limit it.
3) This new law (GDPR) says you can't take users details and use them unless necessary to provide your service.
With this new GDPR law it's the little guy, the user, that get protection from something of value being taken from them and exploited - their personal details.
So, extending the above counter-argument it is also true to say that like Walmart, the singular 'theft' of personal details might not be terminal for the user. But just like the law recognises the theft of material goods and it's potential harm (even in the case of a singal instance), it now recognises the 'taking' of personal data as harmful (also even a single instance).
Extending the argument further, the GDPR takes the stance that one entity has been taking something of value from another without true compensation for the value of that something.
When we realise that what has been taken from users has value and that users haven't been fairly compensated for that value, it becomes obvious that a set of entities have based a business model on profiting off another set without fair compensation.
The GDPR now limits that behaviour and business model to return balance to the 'contract' between the two parties. Users get to use a service by providing the minimum needed for that service to be provided.
1) Laws don't exist in isolation
2) Long standing law says theft is illegal and stores can take steps to limit it.
3) This new law (GDPR) says you can't take users details and use them unless necessary to provide your service.
With this new GDPR law it's the little guy, the user, that get protection from something of value being taken from them and exploited - their personal details.
So, extending the above counter-argument it is also true to say that like Walmart, the singular 'theft' of personal details might not be terminal for the user. But just like the law recognises the theft of material goods and it's potential harm (even in the case of a singal instance), it now recognises the 'taking' of personal data as harmful (also even a single instance).
Extending the argument further, the GDPR takes the stance that one entity has been taking something of value from another without true compensation for the value of that something.
When we realise that what has been taken from users has value and that users haven't been fairly compensated for that value, it becomes obvious that a set of entities have based a business model on profiting off another set without fair compensation.
The GDPR now limits that behaviour and business model to return balance to the 'contract' between the two parties. Users get to use a service by providing the minimum needed for that service to be provided.