I do. GDPR is a landmark regulation in a time when Americans just roll over to mass data collection. When it's just a usual 6 o'clock news blurb in the States, the European Union has decided to take action.
Sure, the walled-garden monopolies can keep flexin', but this reg at least puts a line in the sand when there weren't any.
Sure, it's not perfect, but GDPR least tries to achieve some common sense goals. Here's a decent site that explains it more in depth: https://gdpr-info.eu/
Here's some obvious things the reg tries to solve.
Q: What's the most fundamental rule in security?
A: Don't keep data you don't need.
Q: How do you not creep people out with creepy on-fleek ads?
A: Tell them all the weird data you're collecting that they don't even know they are providing you.
Q: How do users get back some power from companies that monetize their data?
A: When a user tells you to delete all their data, you delete their d4mn data -- not 30 or 90 days later, not just partially -- all of it, right now. A delete button actually does what it says.
But what about the US?
Americans indirectly benefit. But we'd do well to strike up the debate for our own laws. Somehow it's become cool to adopt highly invasive tech without questioning what it's collecting. Most folks don't even know the half of it, or else they wouldn't sleep at night. How's that okay?