Nah, that's not incompetence, it's by design: The actual violation of the GDPR was committed by the local shop owner. The owner also is responsible for any fines. The shop owner could have chosen a data-protection-compliant solution, but choose not to do so.
The platform did not violate any local laws - it's outside the jurisdiction of the GDPR. They chose - and are within their right to do so - to cooperate with a legislative framework that is data-protection-averse (the US CLOUD act). This makes them incompatible with the EU, which they must be aware of. So why bother them?
When looking to solve a problem you find ways to solve it as good as possible with the minimum effort.
The problem is 93689 German shops violating the law. Laws are written to accomplish goals. Execution is sometimes hard/impossible. You have to find ways that work, keep the eyes on the goal.
We have big institutions like government and shopify that should abstract their smaller components. These are not always constructive abstractions but they usually work just fine.
Apparently here a customer filled a complaint about 1 shop with the government. Government should to the best of its ability detect those issues before such complaint comes in. Given how big shopify is in Germany that becomes remarkably easy!
Are they seriously going to wait for a customer for each of the 93689 shops to bother to fill a complaint and then take up the issue with each of those 93689 shop owners?
The tax money would be better spend by giving it to shopify to fix the issue. That might not be legal but it would sure be cheap! They could also communicate to the list of shop owners that they are to stop using the platform. That would be more work but quite doable.
Could send the draft to shopify first and give them some time to resolve the issue if they desire it. Surely losing 93689 clients at once is worth some internal dialog.
He is suppose to be busy selling coffee so that he can bring in more tax revenue.
The idea was to keep the personal data in the EU. To what extend does all the current expensive busy work accomplish that? Not at all?
> (The government) could also communicate to the list of shop owners that they are to stop using the platform.
They just did. It's called a fine.
> He is suppose to be busy selling coffee so that he can bring in more tax revenue.
He is to bring in tax revenue AND follow the law. If the government was just interested in tax income, drugs, racketeering and murder-for-hire would be legal as long as they filed taxes on that income.
The platform did not violate any local laws - it's outside the jurisdiction of the GDPR. They chose - and are within their right to do so - to cooperate with a legislative framework that is data-protection-averse (the US CLOUD act). This makes them incompatible with the EU, which they must be aware of. So why bother them?