[cdancette]

Self regulation, really?

Startups could never self regulate and never will. And a few bad startups can be enough to do massive damages.

Look Cambridge analytica: this startup alone made the case for regulations like GDPR.

As a user, I really am pleased with gdpr, so that "do-no-evil" startups stop selling my data around and not caring at all about my privacy.

[existencebox]

(For the record, and to confuse my own statement, I actually generally agree that self-regulation isn't historically effective. I'm just also not sold on GDPR as a US resident/am as nervous as heavy regulation as I am of a lack thereof, and when I read your post it begged a devils-advocate counter to your statement from a different angle.)

As a user, I'm _not_ pleased that the law has devoided me of a choice to participate with businesses under a previously acceptable business model, and without any input/say on my part, assumes my agency to chose which businesses I interact with. I accepted it as my responsibility to know that some may be selling my information, and to make conscientious choices accordingly. This not even touching on that the law does precisely nothing against the sort of data incidences that I have the most issue with (Equifax).

[DanBC]

> As a user, I'm _not_ pleased that the law has devoided me of a choice to participate with businesses under a previously acceptable business model, and without any input/say on my part

Which business model do you think is killed by GDPR? Can you point to the bit of GDPR that you think causes that change?

[existencebox]

Since GDPR began to come into force, I've seen an increasing pivot from ad-based revenue models to subscription/pay per view based models, I imagine motivated in part by the fact that if you have to acquire non-implied consent, so you might as well force that friction point to fully onboard a user, and part as well by fears as to how targeted advertising will continue to provide a revenue source given the new requirements. It's fair to say that this may be an overreaction, but historically these sorts of experiments don't get reverted, once the infrastructure is in place. I personally do not find the benefits offered under GDPR to be worth losing what was previously a "relatively free" ecosystem. Others can disagree with whether they are OK with the prior state of affairs, but this is not the law I would have written to change it, and as I said before, a lot of my frustration comes in from having 0 say in the matter, (or deriving 0 benefit) yet being exposed to the friction of the legislation.

(One can also observe that this may serve as a regulatory moat protecting e.g. large ad networks that have enough scale to merit the overhead/costs of global compliance infrastructure, but not new startup networks. We've seen similar problems in recent HN writeups re: starting a bank; where something much more consensus, financial security, can still serve to overreach and serve incumbents more than it protects users.)

As a meta comment, I notice you are _very often_ present defending GDPR in threads where I've stayed quiet in the past; to the point that as someone who almost never notices names on this site, I've noticed yours before this interaction. Can I be curious about why you advocate this so comprehensively while also answering your question? (because, frankly, even the advocates I know personally agree that there are costs and risks involved, and that the letter of the law itself also left a lot up in the air)

[DanBC]

> I imagine motivated in part by the fact that if you have to acquire non-implied consent, so you might as well force that friction point to fully onboard a user, and part as well by fears as to how targeted advertising will continue to provide a revenue source given the new requirements.

Again, please can you point to the actual part of GDPR that forces people to gain consent before targetting ads?

Here's the UK regulator, the Information Commissioner, saying that legitimate interests (one of the lawful reasons for processing data) might be ok for marketing.

https://ico.org.uk/for-organisations/guide-to-the-general-da...

> As a meta comment, I notice you are _very often_ present defending GDPR in threads where I've stayed quiet in the past; to the point that as someone who almost never notices names on this site, I've noticed yours before this interaction. Can I be curious about why you advocate this so comprehensively

It's because almost all of the people posting against the GDPR will post things that just aren't in GDPR. They haven't read any of the regulation; they believe things that are not true and they spread those incorrect statements. Some of this is unintentional - they've read a bad blog and they beleive it. Some of it is intentional - fuck the EU.

I don't mind people being against GDPR if they've read it and are against things it's actually doing.

[anoncow]

I have read the GDPR. The point is not what this law directly impacts today. The point is what laws like the GDPR open up the industry to.

[DanBC]

Sure, if we elect Hitler next year we're all fucked.

I'm not sure how that's an argument against GDPR today, especially since it's built on long standing EU traditions and law.

[true_religion]

Personally, I am not against the gdrp but rather against the idea that I cannot opt out of laws created on another continent.

I don't trust their enforcement because they aren't my government. If I lived in the EU, I would at least know my countries government is the one enforcing the law, but as a non EU resident I don't know who will enforce it. I don't have a home country to give me recommendations, protections or support.

[lokedhs]

The fact that the sites do not provide you with the ability to continue the previous model shows that your personal data isn't that valuable in isolation to begin with.

The previous business model worked because your consentual sharing of private data was supported by thousands of others who did not consent to said sharing.