[downandout]

I feel like you’re making a bigger deal out of this than necessary, unless you’re doing some shady stuff with our data.

Seeing this completely false sentiment repeated over and over again is getting exhausting. Only a tiny fraction of the companies avoiding EU traffic due to GDPR have any intention of “doing shady stuff with your data”.

GDPR is highly complex, and as of tomorrow, allowing EU traffic invites massive liabilities that most companies outside the EU won’t be willing to take on. While Instapaper likely will eventually relaunch in the EU because of its footprint there, the reality is that EU residents are going to be blocked from a large percentage of the world’s websites. The liability is just too great and the rewards too small for most companies outside the EU. You guys chose to make your traffic radioactive. These are the consequences.

[drusepth]

>I feel like you’re making a bigger deal out of this than necessary, unless you’re doing some shady stuff with our data.

This sentiment and the hilariously large fines (regardless of company size, even) on relatively-ill-defined requirements make the whole GDPR process feel like it was designed to bully businesses into compliance.

Some pieces of GDPR are definitely for the benefit of the end-user (at the expense of companies, who happen to be providing those users other benefits). It all feels really heavy-handed, though.

Not to mention a little reminiscent of the problems that occur with other "bans" (which, this effectively is). When you put heavy legal restrictions on doing X (where, in this case, X is storing and processing data that you assumedly use to provide a service for users), you're effectively hurting the legitimate businesses most (_especially_ small ones) while the real "bad guys" that are actually doing bad things with our data are going to continue ignoring the law. There might be some value in-between, but I doubt there's much.

[jdietrich]

>This sentiment and the hilariously large fines (regardless of company size, even) on relatively-ill-defined requirements make the whole GDPR process feel like it was designed to bully businesses into compliance.

>Some pieces of GDPR are definitely for the benefit of the end-user (at the expense of companies, who happen to be providing those users other benefits). It all feels really heavy-handed, though.

The GDPR isn't vastly different to the old Data Protection Directive, which has been in force since 1997. The panic over GDPR suggests that a lot of companies had simply been ignoring the DPD. If a bit of bullying is required to get businesses to obey the law, then so be it.

[noncoml]

> “bully businesses into compliance“

I am not sure I understand this sentence. That’s what laws do. “Bully” you into compliance. I think you might have meant something else?

[guitarbill]

> while the real "bad guys" that are actually doing bad things with our data are going to continue ignoring the law.

This is already happening without the GDPR (carders, dumps, etc), so I don't buy it. The black-market analogy (e.g. illegal drugs) also doesn't hold when applied to companies.

> the hilariously large fines (regardless of company size, even)

Oh no, proportional fines! How socialist!

The whole point is to make it somewhat independent of the company size, so bigger companies won't just swallow the fines. This is typically what Google et al do, they just factor it in to the cost of business. The GDPR wasn't written in a vacuum.

[drusepth]

>The whole point is to make it somewhat independent of the company size, so bigger companies won't just swallow the fines.

Ironically, it's the bigger companies that can still just swallow the fines and the little companies that just effectively vanish into bankruptcy.

[a3_nm]

> You guys chose to make your traffic radioactive

Er. I vote in an EU country, but I don't feel like I "chose" anything. GDPR was mostly developed by institutions (Council of Europe, European Commission) formed of people that were not directly elected by European voters. In any case, given that personal data management issues are not a prominent part of the political discourse (even in the EU), I'd be surprised if any of the people in charge were elected because of their position on data protection.

It so happens that European institutions have come up with GDPR, but I don't think it is fair to see it as a conscious choice from EU voters.

> the reality is that EU residents are going to be blocked from a large percentage of the world’s websites

I'd be interested in seeing supporting evidence for this rather surprising claim. I'd conjecture that the "vast majority" is the long tail of small websites who haven't heard about GDPR or don't care about it; so I'm not too worried.

[sambe]

Let's stop peddling the misconception that the EU operates significantly differently than any other Western democracy. The civil servants answer ultimately to the MEPs, who are elected. Most people either do not vote or do not engage, as is the case to a lesser extent in their national elections. You can still lobby your MEP when an issue was not part of their platform.

[s73v3r_]

"Only a tiny fraction of the companies avoiding EU traffic due to GDPR have any intention of “doing shady stuff with your data”."

Says who? If they weren't doing shady stuff, they wouldn't be pulling out of the EU. The excuses of being complex are just that, excuses.

[downandout]

Says who?

Says anyone with common sense. What percentage of sites do you think employ data scientists or would even know where to go to sell your data? Most sites do nothing more than throw GA on their website, and maybe some Adsense. You people decided to paint that as something evil.

That’s your decision to make, but just understand that most of the rest of the world wants no part of $20M potential fines and will simply take their ball and go home. This law will have the net effect of creating two Internets - one for the EU and one for the rest of us.

[eveningcoffee]

>Most sites do nothing more than throw GA on their website, and maybe some Adsense

That actually is a problem. GA is a clear violation of everyone privacy.

[s73v3r_]

"Says anyone with common sense."

Where "common sense" means "agrees with downandout, not the more traditional definition of "common sense".

[mort96]

Well, Instapaper is owned by Pinterest. Pinterest strikes me as a company of such a size that they'd have no problem finding some way to monetize the data gathered from their users.

[rcxdude]

Have you seen some of the lists of where your data goes that some sites have posted? It's frankly frightening how far your data gets dispersed after signing up for just one website.