I believe the issue is between what the consumer is prepared to pay (perceived price of privacy) and the real price of privacy what Facebook, Google and the likes make their profits off. Once the perceived price is lower than the actual price most are not prepared to spend a couple of dollars/month on a privacy protecting solution and privacy selling business will prevail.
Only when large amounts of people see this there will be viable business to provide services at those price levels. Currently the perceived price is close to zero looking at huge droves who are giving away their privacy for almost nothing.
GDPR is a sensitive topic, especially for Europeans.
It is bit similar to talking about “NHS sellout to the US” or “chlorinated chickens in Germany”.
And while it has reasonably well understood rules for European companies, in today’s digital cosmopolitan world it’s barely half the picture…
Here is the simplest way to make your website GDPR compliant: the first time a new user logs in make him/her click through a popup informing the user that all the data will be used at your own discretion… Done! You are GDPR compliant!!
And that’s exactly what Nextcloud is talking about when it claims it helps you.
Just edit the first run wizard PHP file to ask the users to give up their rights, in polite form
You can modify it from time to time and make users accept it again
If you are a multinational and your business model is to collect users data and “sell” them, that’s a different game… But those guys have $100M+ legal departments working on just that…
If your site “stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU” - from the linked article above.
That’s the theory…
If you don’t do that, your chance to get in trouble is probably as high as winning the next 6/49.
But at some point EU will make an example out of a foreign company to make the point.
The goal of this legislation is to slow down the FAAGs of this world that happen to be all US companies…
Once again, just ask your visitors to allow you to ignore the GDPR and you’re golden…