Consequences
One problem with all of this is that the average person (including me) does not understand all of the possible consequences of sharing data with a third party. The requirement to gain active consent from you to share your data is good, but if you are not fully cognizant of the consequences of doing so, then you are making the decision in the absence of knowledge - which is often called gambling.
Someone wanting your data is likely to offer all sorts of shiny trinkets in exchange, the value of which will be less than the value of your information (there is no such thing as a free lunch). That value is often either invisible to, or unobtainable for, the data subject. It is in the data aggregator's interest to encourage ignorance of what value they can derive from your data, all the while distracting you with ephemera and frippery. In that sort of environment, 'consent' is meaningless. Having the right to be forgotten is all very well, but if, for all practical purposes, it cuts you off from your social network, then few other than the most needy cases will use that right.
I suspect the GDPR will have a few high profile 'kills', and end up having far less effect that the doomsayers predict, as the data aggregators will have some very well paid clever people working on how to operate in the new environment: and the experts they employ will definitely be more adept at juggling within the regulations than the average user will be at comprehending the regulations and the consequences of their own actions. It is an unequal contest, and the GDPR has by no means levelled the playing field - it has simply banned some of the most egregious violations of the social contract.
Biting the hand that feeds IT
