This is a hypothetical, so let's say yes. So, do I need to filter out my users to avoid fines? That may seem noble and great in this particular case, but it's a slippery slope. The more regionally-specific regulations that are introduced causing more work for companies, the more the ROI per customer in that region may reduce. Once it gets below 0 with the threat of fines for a company, the users might be cut off.
It seems all good for this specific policy because most of us agree with it globally. But data protectionism and/or extreme regional deviations/regulations in law will reduce the globalism everyone shares. Other options (such as educating the populace or encouraging competition) can be more effective than restrictions.
This is something to think about as the EU grows smaller, not larger. Even today, small companies with fewer EU users may stop and think about providing access at the cost of, e.g., building a portal for them to manage cookie settings.
> This is something to think about as the EU grows smaller, not larger.
I guess we'll see what happens with Brexit, but I would argue that the EU is growing in global importance and leadership. With the USA's recent NSA scandals, isolationist rhetoric, and backing out of international environmental agreements, I think we're going to see the EU increasingly set the tone for international trade.
I'm sure there will be plenty of tech firms that choose to serve only US customers (in the same way that there are Chinese-only and Russian-only companies today), but competing "globally" will mean following the EU's lead.
I understand your concern; if restrictions become overly complex and regional compliance may start to limit innovation (e.g. EU VAT based on destination country).
That's a different type of restriction than respecting user privacy because you can't apply the same approach everywhere. A company could easily extend the same rights to all their users. If your offering needs to violate user privacy to exist, maybe it shouldn't.
>Other options (such as educating the populace or encouraging competition) can be more effective than restrictions.
This appears disingenuous.
1. Competition: In your example above respecting user rights nets <0 ROI. There can be no competition here that respects user rights, so how would this help the situation? Conversely, restrictions will encourage competition by protecting less profitable and wealthy ventures from predatory global competition solely focused on maximizing profit.
2. Educating: You're seeking to shift responsibility from experts to laypeople, then blame the laypeople for their lack of education. It's like suggesting we should eliminate building codes then educate people on proper construction. Basically you are advocating for schools and high-rises that collapse.
It seems all good for this specific policy because most of us agree with it globally. But data protectionism and/or extreme regional deviations/regulations in law will reduce the globalism everyone shares. Other options (such as educating the populace or encouraging competition) can be more effective than restrictions.
This is something to think about as the EU grows smaller, not larger. Even today, small companies with fewer EU users may stop and think about providing access at the cost of, e.g., building a portal for them to manage cookie settings.