[Tomte]

> A College student working on a side project with no revenue are treated the same as some massive multi-national.

And why not? The result/harm is the same.

It doesn't matter a bit whether a company's web site is handing its visitors' data over to Facebook or a "private site" does.

The side project or the private site always have the option of not participating in the adtech frenzy.

But of course they want to participate (free money!), even if they find out much later that almost no money is coming their way.

[manigandham]

No, it's not the same. The lack of proportionality is precisely why the UK/EU is such a hard place to conduct business.

These rules don't stop anything about ads, they just make them less targeted. Not a big deal, but it will increase the costs of serving users and thus decrease the total amount of commercial projects started.

[Tomte]

I find it funny to claim that the US could be more proportionate than the EU.

Less targeted ads are exactly what we need. That's what the regulation aims for!

Your argument is like claiming that unfortunately, due to car dafety regulations, we cannot enjoy as many fatal accidents as we once did.

And to make my point of view clear: not all businesses deserve to exist. We as society decide which business models and behaviours are okay. "Decrease the total amount of commercial businesses started" cannot ever be a persuasive argument.

[manigandham]

This issue isnt about privacy...

Nobody reasonable is arguing that it's a bad idea to let customers control their data. The actual issue is that the rules are vague and thus create a lot of confusion and waste that affects all companies, while not providing any real protection against the massive conglomerates that abuse data in the first place.

[knuththetruth]

>The #1 complaint about ads is that they are not relevant, so this does nothing but increase that problem.

The #1 complaint about advertising is that in 2018, it has evolved into a shadowy, insecure brokerage of surveillance data that it obtains using all kinds of under-handed tactics. If the GDPR curbs this in the slightest, it will be a net positive for people of Europe.

[manigandham]

It will not curb it. Facebook and Google who control 90% of the ad industry will already have consent from billions of people by the end of the day, and the increased regulation will only increase their market share as the safe and reliable avenue for advertisers and further strengthen their monopolies and data activities.

[Tomte]

Facebook certainly doesn't have full consent under the GDPR.

They are playing games, and don't respect the requirements that the GDPR puts on "consent": focussed, freely given (non-punitive), fully informed.

[solomatov]

>Less targeted ads are exactly what we need. That's what the regulation aims for!

I have nothing against targeted ads. I am against targeting ads and collecting/distributing my data without my explicit consent. E.g. mobile companies selling my real time location because there's some obscure sentence in their 90 page terms of service.

[ajuc]

> I am against targeting ads and collecting/distributing my data without my explicit consent.

Which is exactly what GDPR is designed to stop. You're welcome - the rest of the world.

[takeda]

And this is exactly what GDPR does, you then have an option to opt-in.

I wish regulation like GDPR would also be implemented in US, but really unlikely.

[dennisgorelik]

Please learn from the experience of dealing with side effects of GDPR in EU first, before trying to push it to the US.

The side effects would include:

1) Reduced number of services available to EU customers.

2) EU users will be trained to click "Agree" without reading, because web sites would ask them for permission very frequently, and users do not have time to read web site policies anyway.

[kekumu]

> EU users will be trained to click "Agree" without reading, because web sites would ask them for permission very frequently, and users do not have time to read web site policies anyway.

From what I've read, opt-in is only supposed to be used when there's an actual voluntary choice, and "allow us to share your data with 3rd party trackers or we block you" doesn't count as a real choice.

It should be treated in the same way as opting into marketing emails. Totally optional. Not opting in shouldn't totally break a site.

[hk__2]

> 1) Reduced number of services available to EU customers.

That’s not a bad thing. If services that don’t want to protect their users’ privacy can’t operate, that’s a good thing.

> 2) EU users will be trained to click "Agree" without reading, because web sites would ask them for permission very frequently, and users do not have time to read web site policies anyway.

How does this have anything to do with GDPR?

[takeda]

> 1) Reduced number of services available to EU customers.

because everyone knows that it is better to not make no money at all, than just a slightly less than normal because your ads are not targeted.

> 2) EU users will be trained to click "Agree" without reading, because web sites would ask them for permission very frequently, and users do not have time to read web site policies anyway.

Sure, and it is their absolute right to do so, but other people finally have some control over their data, I especially like the fact that finally user can also remove/change the data about them.

[solomatov]

>And this is exactly what GDPR does, you then have an option to opt-in.

I mostly like GDPR. Ability to opt-in and being of charge of your data, i.e. removing it from a service if you want to, and the right to export and move it to another service are great and long due.

What I don't like is that it's a principle based regulation and thus it can be applied arbitrarily and selectively.

[ajuc]

> UK/EU is such a hard place to conduct business

is it though? According to https://en.wikipedia.org/wiki/Ease_of_doing_business_index#R...

USA is 3 positions behind Denmark which is in EU, and just one ahead of UK.

[solomatov]

It's not the same. There're companies which intentionally collect and exploit private data. There're companies which are just behaving negligently with users data. There should be different penalty for intentional and negligent violation.

[askmike]

And there is! The law applies to all but fines/punishment are handled on a case by case basis.

[solomatov]

And there's a lot of room for choosing the fine/punishment. There should be some rules, i.e. fines for intentionally violating privacy of millions of people should be very different from fines for unintentional violation of privacy of 10 people.