[michaelsjoeberg]

it is the opposite.

established companies have no issues with fees, or legal requests.

gdpr is to protect the established companies from competition.

it is basically a reverse china ban. because china-style banning of competition is still considered bad in the eu.

[falcolas]

I imagine you could apply this same logic is applied to taxes, employee rights, not discriminating while hiring or firing, and hundreds of other similar laws under which your company must operate? What makes the GDPR so much worse?

[hartator]

Yes, it is. It’s the reason why low regulation locations do much better than heavy regulation ones.

[michaelsjoeberg]

to follow up: https://www.wsj.com/articles/eus-strict-new-privacy-law-is-s...

"GDPR, the European Union’s new privacy law, is drawing advertising money toward Google’s online-ad services and away from competitors that are straining to show they’re complying with the sweeping regulation."

[Gravityloss]

So you consider it a big burden to a startup, to do business according to the GDPR? I'm no expert on the matter.

[relics443]

Yes. Besides for the administration costs incurred (which is probably the real killer), the list of death points are:

1. Adding a dialog as the first step in an onboarding funnel that's already difficult to get users through

2. Handling non-consent. WTF! So if the user doesn't give consent to something that 99% of the population doesn't understand, I'm not allowed to prevent them from using the app. And so my engineering team needs to waste critical hours figuring out things like how to deal with crashes, or maybe how in the fuck we're supposed to fallback to not using services that we're built on (e.g. Firebase)!

3. Dealing with the fallout of #1 in the form of bad reviews that are the kiss of death to startups

[DmenshunlAnlsis]

Handling non-consent. WTF! So if the user doesn't give consent to something that 99% of the population doesn't understand, I'm not allowed to prevent them from using the app.

This is like a living, breathing example of why GDPR had to be written the way it was, so that arrogant techbros couldn’t rationalize their way around to screwing everyone over for a quick dollar. It’s also a perfect example of why you get zero sympathy. “But maaaa, it’s hurting my funnel!” Good.

[relics443]

Did you read any further? If I can't prevent them from using the app, then I have to solve an impossible problem. Namely providing a fallback for core services that the app is built on.

[Maarten88]

You do not need any consent for essential services. But you do need to make sure that those services do not sell your users personal information to third parties, and make sure you can comply with other GDPR requirements (right to be forgotten etc) by getting a data processor agreement with that core service. You are responsible for what your suppliers do.

If you would have built your whole app on "free" services for which your users pay with their personal information, that would be problematic under GDPR. And rightfully so.

[relics443]

So now the EU is in charge of how I decide to build my app, and is trying to dictate what suppliers I can use?

What if I decide that crash reporting is an essential service (it is), and the EU's lawyers decide that it's not? Who is going to pay my legal fees, and potential fine? I should be on the hook because some schmuck uses a service that I provide for free (which essentially means I'm paying for it with my time), and is upset that I may not be handling his data in the way that the EU says I should be? The sane solution would be to allow me to tell this individual that he cannot use the app if he doesn't consent. But here comes the EU telling me that I must allow him to use the app.

[michaelsjoeberg]

imagine a random person with a game since 10 years, perhaps not maintained anymore, suddenly need to comply with eu regulation, which is aimed at something completely different (data harvesters).

this is likely a big and unnecessary burden to most startups.

i believe in less regulation in general so my opinion could be biased.

[freeflight]

That argument could just as well be reversed: New startups can build their business from the ground up in such a way that it conforms with GDPR to give them a competitive edge.

While bigger businesses, with very established monetization models that don't comply with GDPR, are now in a pretty unfavorable place and have to scramble looking for alternative monetization models, forcing much bigger changes.

[wooter]

this is totally illogical and false with a basic understanding of economics. by definition the new startup is DOA without capital for compliance/proof of compliance/mandated features whereas the bigger business has capital.