The problem is any regulation is that it increases the startup costs for smaller businesses.
So as more regulation comes in it will just end up cementing the large players in place as they can absorb the costs of any regulation, while smaller businesses will have higher startup costs (which lets face it were next to nothing).
So while you maybe rejoicing now that shitty companies have gone for now, regulation will just make it harder for these massive companies to be toppled as it makes it harder for smaller companies to comply.
The EU are trying to have article 13 pushed through and any site that has user generated content will have to have some sort of upload filter to check for copyrighted content. That is going to cost money to implement and since Youtube hasn't really be able to achieve it, the only people that will be supplying the software will be the likes of Google, Microsoft etc ... So again it will just make it harder to the small business and help the large businesses.
Also a lot of these regulations make are making the web a shittier place. Every time I go onto a site now, I have the stupid cookie and GDPR notice plaster in front of what I want to look at. I already protect myself and don't care about their attempt to track me. It is just an irritation that nobody pays attention to and it achieves the opposite of what it was intended to achieve.
We need regulations because people will go as far as they can to make more money.
Businesses were upset when their country banned child labor while their concurrents' country didn't, same when weekends, vacations, reasonable work weeks were introduced. What about safety requirements, food quality inspections, &c.
Self regulating markets are a myth, just look at the US insurance and health industries if you want a proof.
That's also why in healthy countries you get a lot of free passes when you start a business: lower tax rate for a few years, 0% loans, advisors paid by the state, &c.
> regulation will just make it harder for these massive companies to be toppled as it makes it harder for smaller companies to comply.
Why did no one topple apple, amazon or google in the last 25 years? If anything the lack of regulations when they started allowed them to become the de facto monopolies we all know today.
Some of those companies aren't even 25 years old. They didn't get toppled because they were the young upstarts growing into incumbents.
The problem isn't supporting privacy and data rights, it's doing so in a way that creates unintended consequences which actually worsen the market and UX for consumers. There are better ways this regulation could've been written, but it wasn't. That's the issue.
I'm of the opinion that privacy regulation is a good idea, but it's trivially true that it's an additional burden for start-ups. The Is it worth it? question is a legitimate one.
And now those who cannot/do not know how to protect themselves will be unable to start a business on the internet in the EU. Do you think these two groups have to be mutually exclusive?
Without the people who start business type X, we won't have competition in business type X. Therefore a law that makes it hard to start businesses of type X will affect you whether or not you ever intend to start such businesses.
This applies for any X that you care to name, including "internet".
If you believe that you can both pass regulations that make businesses of type X harder to form, and enjoy the benefits of having new businesses of type X around, then there is probably a big flaw in your thinking.
In case of GDPR, X is "businesses abusing people's data", which essentially boils down to "adtech". We don't need more competition in adtech. We need adtech to die.
No, X is "businesses that handle people's data". For whatever reason.
The goal is to regulate adtech. But the effect is to impose regulatory costs on every company that wants to have a discussion forum on their website. (And the upcoming copyright bill is even worse.)
In the case where X is what you describe, then fine. If they can't start their company and simultaneously treat my private data with respect and care, then I don't care for them to exist.
The cost of business going up isn't necessarily a bad thing, if we're getting something valuable in return (IMO we are). The question is whether or not the increased cost is prohibitive, and you have not provided any evidence to suggest that's the case.
> The question is whether or not the increased cost is prohibitive, and you have not provided any evidence to suggest that's the case.
The thousands of companies that just block EU citizens rather than comply seems to suggest that they feel the cost is prohibitive.
As for more direct hard evidence I believe this would fall into the "unseen" category in Bastiat's That Which is Seen, and That Which is Not Seen and is, in effect, calling on someone to prove a negative.
> The thousands of companies that just block EU citizens rather than comply seems to suggest that they feel the cost is prohibitive.
They block EU because they deem compliance not worth the effort (now), usually because they get more than enough from their US markets. This doesn't mean the costs are prohibitive. Thousands more companies didn't block EU citizens. Some companies (notably news sites) even started to offer a superior product to EU citizens (e.g. plaintext news).
Also, even with those blocking EU or shutting down, nothing of importance is lost. These companies have competitors that are less abusive, who do fine.
Handling other people's personal data is a serious responsibility. GDPR imposes regulatory costs, in the same way that health and safety or environmental protection legislation imposes regulatory costs. It's not creating any new costs, it's just properly pricing an externality.
Adtech ought to die. Ideally, I would want to pay for Google and Facebook the same way I pay for Netflix and Spotify. In exchange, I would want them to treat the data about what I do online with the same respect with which my doctor treats my medical history.
The model where Google provides a service and users pay for it is more efficient and more societally healthy than the model where Google provides a free service, a million companies pay to place ads on it, and pass the cost of their AdWords budget onto users who get a 'free' service.
It is a model where consumers get better products, and where millions of creative minds aren't wasted making web pages uglier (or ruining cities with billboards, for that matter). It is a model where competition is also a little easier, because an alternative search engine can undercut Google's prices and carve itself a starting market niche, even if their service is not quite as good as the established competitor; instead of the current model where first you need to be better than Google in every way, and then you have to fight the network effect.
I have no clue how to get to world to switch to this model. It will require that elusive white whale, an online payment mechanic that is truly as frictionless as cash. And it will almost certainly require legislation rather than mere market pressure, because people can see their monthly Google bill but cannot see the vast costs of the marketing industry which they pay for every day.
>The model where Google provides a service and users pay for it is more efficient and more societally healthy than the model where Google provides a free service, a million companies pay to place ads on it, and pass the cost of their AdWords budget onto users who get a 'free' service.
That's cool and all, but people can't pay for it. These fees would add up quickly and you'd basically never go beyond your few webpages that you're paying for, because everything else costs money.
I probably would never have cared about the internet or anything related to computers, if websites had required people to pay. That would not have been an option for me or most people I knew growing up.
Everyone who cares strongly about this issue (not nearly as big a cohort as hn thinks) is against targeted ads. If they ever get their way and laws really end Google/Facebook's business model as GDPR intends, the much larger cohort of people who care more about not paying for services will start caring.
I've started 2 startups in the UK since GDPR (well, 1 that happens to sell 2 different products), not really affected me one little bit.
But then again, they're not scummy companies.
Soooooo, bullshit.
I had to put in like a few hours thought into what data I was collecting and how long it was appropriate to keep it.
I happen to know quite a lot about GDPR because I dealt with it at a client I was previously working with, if you want to make it extremely complicated, you can. But you don't have to.
In one we actually track user's behaviour to make better recommendations, but we're open about it and they can disable it if they want. We also delete that data if they delete their account.
It's just a different mindset, it's their data, not yours. You're open about what you're doing and if they want you to delete it, you delete it.
There are no costs because no one is enforcing it.
> In one we actually track user's behaviour to make better recommendations, but we're open about it and they can disable it if they want.
If I understand well this is opt-out instead of opt-in... If you would be slapped some percent of your revenue for this you would feel the costs. Not only the cost of fine, but also of reading and implementing GDPR more carefully. But data protection authorities don't have enough resources to audit even 1 / 100 000 of companies that ignore GDPR up to this level of detail. So you can live in happy ignorance that you are implementing GDPR.
That not to say that GDPR doesn't help in general. The issue is that it will be a dead law or a law that hits randomly some very, very small percentage of companies breaking it.
Having a law that no one implements properly is just a recipe for abuse of power by authorities. "Show me the man and I’ll show you the crime" is well known to people living under the Soviet rule. (And, No! EU is not the Soviet Union. But some DPA are in post-soviet republics with people that were raised in this mentality.)
"I happen to know quite a lot about GDPR because I dealt with it at a client I was previously working with,"
There we go. You already done the time investment at someone else's expense.
So thanks for proving my point.
My comments weren't about GDPR but about regulation in general. Any regulation requires more work which makes it difficult for smaller players. You had to do the extra work.
Should we ban food inspections too, since that means smaller players have to do more work? How about automobile safety testing, it's such a hassle for auto makers. Why not get rid of building codes and prohibitions on lead in children's toys while we're at it.
I imagine the anti-GDPR-folks might argue that overly onerous restrictions have been harmful to smaller players. Temperature requirements effectively made Peking duck illegal in California, until a lawmaker representing the Chinatown area proposed a law specifically exempting it: https://www.sgvtribune.com/2015/08/22/peking-duck-is-so-impo...
Because that knowledge is worth thousands to tens of thousands of euros in lawyer time. And you're still not guaranteed to get it right or be covered.
Your example is like saying that everyone that wants any kind of job should know multi variable calculus. When people protest that that's putting too much of a burden on people, you bring up that you got a job just fine, because you learned multi variable calculus in school.
Their example is like saying if you want to open a restaurant you better take the two day course on food safety. Equating GDPR compliance with multivariate calculus is just a gross exaggeration. Yes there are risks, you get those with every venture you start. You're pretty well covered with the technical due diligence we as a sector should have put upon ourselves in the first place and you can externalise the rest easily, just like people do with many other regulations like taxes/finances.
We should really separate the protection of scummy business models and down to earth stuff like data takeout / account deletion and transparency as to what companies do with user data. The latter is neither rocket science, nor should it be particularly hard for any startup that's over the "my company is a fancy slide deck" stage.
But it's not just that. Read the rest of the thread how much time and effort people had to spend at various companies for compliance. It's not just about data takeout and account deletion.
So the regulation causes problems for people that haven't done anything wrong.
A lets be clear here. People aren't dying, it mostly ads and shitty data collection. I think it might be better to actually educate the public (which govs are doing) as to some of the pitfalls of the internet rather than regulating the crap out of it.
While this is true it's exactly that, which turned the world (and by extension the world wide web) into a fucking dystopia. Brexit, without the whole concept of targeted ads and the data collection that goes with it would have not been possible.
Yep, I think add tech is utterly and totally evil. And all that to make a buck, or a billion.
I, for one, think that's a disastrously high price to pay for a few successful tech companies.
People aren't dying,
Actually I disagree here. When you look at the consequences of the technology in countries like Myanmar, The Philippines, Brazil, Cambodia and others and the likes of Mr. Zuckerberg and his ilk giving exactly zero fucks (unless it becomes bad PR) I'm afraid you're definitely wrong on that one.
> Brexit, without the whole concept of targeted ads and the data collection that goes with it would have not been possible.
However nobody mentioned all the people that didn't bother voting because they were at Glastonbury which was on at the same time.
I very much doubt that is true. The UK has been a bad fit in the EU and there has been a sentiment for years that we don't want any EU interference. For example many don't want "The EU monopoly money" (not my words mind you) and generally the public is Euro-sceptic.
The papers and politicians were trying to find a scapegoat because quite frankly it didn't go the way they wanted. Much like Trump's victory claiming that Russia hacked the election (there were like a few thousand placed on facebook, which paled in comparison to the Democrat's budget).
Many of the people that voted out were of older generations that don't pay attention to tech. So I find it dubious how much influence the likes of Cambridge analytical really had.
> Actually I disagree here. When you look at the consequences of the technology in countries like Myanmar, The Philippines, Brazil, Cambodia and others and the likes of Mr. Zuckerberg and his ilk giving exactly zero fucks (unless it becomes bad PR) I'm afraid you're definitely wrong on that one.
Like exactly what? You haven't qualified anything here. You just claimed I am wrong because of what? What adverts, what is happening? This is a very vague claim.
I suspect much like the vote to leave the UK it will be very spurious evidence.
Like exactly what? You haven't qualified anything here. You just claimed I am wrong because of what? What adverts, what is happening? This is a very vague claim.
Vague claim? Not at all.
I was asking myself if I should actually bother to even answer, but then decided to invest a couple of minutes into some very basic DDG searches. You can find some results below.
Let me assure you that there's a ton more, if you just bother to open your eyes.
I close my argument here, since anything else would be either counter productive or violate site guidelines.
But please don't accuse me of sprouting vague claims or not qualifying my arguments just because you seem more interested in a timely Uber or a cheap stay and fuck all the consequences.
If your business case depends on either abusing or being careless with other people’s personal data, how are you not a scummy business ? That’s basically all the GDPR requires of you, don’t abuse people’s personal data and be careful with it. Both seem like common decency to me.
if you were _already_ complying before GDPR existed (because your business model isn't scummy), then GDPR compliance _should_ cost very little, if at all.
If you weren't complying at all, then adding compliance is very costly after the fact. If you cannot make your business work without complying, then the business must die, as there's no natural right for a business to exist.
if you were _already_ complying before GDPR existed (because your business model isn't scummy), then GDPR compliance _should_ cost very little, if at all.
But unfortunately, that isn't really how it works. Under GDPR you could still find your privacy policy now isn't written in the correct terms, or your previous consents or notices weren't worded properly and might not stand up any more, or your methods of storing data don't make per-person permanent deletion straightforward. And all of this remains true even if you were compliant with all previous data protection legislation (at least here in the UK) and even if you weren't doing anything sketchy with the data and have no plans to do so in future either.
If nothing else, you probably need non-trivial amounts of management time to understand the new rules, some extra legal advice that you're going to have to pay for, and an update of your key documents to make sure everything uses appropriate structures and wording to comply. That alone could already be a significant cost for a small, bootstrapped business, and that's without changing anything about the actual data you're collecting or how you use it.
Businesses that don’t have security issues when handling private data, obviously.
I agree with the GP, in that ease of starting companies should not be the primary goal, setting security and privacy on the back seat. It shouldn’t harder than it needs to, not easier at any cost.
No-one seems to have suggested that it’s the one thing we should optimise for, but it is important. Small businesses are the foundation of economies, and every extra overhead ultimately damages those economies and so needs some justification that is of greater value, financial or otherwise. One year on, it’s still not clear to me that GDPR has achieved that greater good, and I write that as someone who is a very strong believer in stronger privacy laws in principle.
Because if you do poorly on the small business front, then they can't grow into bigger businesses. How many EU tech companies do you know of compared to American ones?
Many, but I'm european so it probably doesn't count (;
If you make it harder for companies for protecting people it's still a win. I recently visited SF, "the center of innovation" for the startup world. I saw 2 people defecating on the street in 2 weeks, countless peeing and had to jump over homeless at some points to walk the street. If that's the cost for startup and innovation, please don't bring it to EU.
I'm European too and I really wish people from Europe didn't have an attitude like yours. Some parts of Europe are incredibly poor, but of course we have a much smaller homeless problem, because if you're truly without shelter then you simply die in winter.
I'm from Spain and there are homeless people in Spain, just a lot less than in the US. But it's not because they die in winter, it is because you don't become automatically poor if you lose your job, or if you need an operation, or if you study at university. It's safety nets that avoid people losing everything and becoming homeless.
So as more regulation comes in it will just end up cementing the large players in place as they can absorb the costs of any regulation, while smaller businesses will have higher startup costs (which lets face it were next to nothing).
So while you maybe rejoicing now that shitty companies have gone for now, regulation will just make it harder for these massive companies to be toppled as it makes it harder for smaller companies to comply.
The EU are trying to have article 13 pushed through and any site that has user generated content will have to have some sort of upload filter to check for copyrighted content. That is going to cost money to implement and since Youtube hasn't really be able to achieve it, the only people that will be supplying the software will be the likes of Google, Microsoft etc ... So again it will just make it harder to the small business and help the large businesses.
Also a lot of these regulations make are making the web a shittier place. Every time I go onto a site now, I have the stupid cookie and GDPR notice plaster in front of what I want to look at. I already protect myself and don't care about their attempt to track me. It is just an irritation that nobody pays attention to and it achieves the opposite of what it was intended to achieve.