[nolemurs]

The tone of this article makes it sound like it's a bad thing that Facebook and Google won't be much affected by this law, but I don't really think it is.

The reason the big players aren't much affected is that they've already had to make huge privacy changes in response to GDPR. They've already paid those costs.

A lot of what you see about privacy is uninformed fear mongering. This article is a good example: it seems to take it as a given that anything that doesn't substantially increase privacy protections is a bad thing, but no reasons are given, and the costs aren't weighed. In reality there's a balance to be had here and we need to be looking at both sides. I'm not saying there's nothing to fear, just that there's a real disconnect between what the media's afraid of and what we should actually fear, and there's a very real danger of legislative changes doing more harm than good.

GDPR actually provides some pretty substantial privacy guarantees and I think we should wait to see the effects of GDPR play out before we go fiddling with the system more.

[tylerhou]

The article concludes with a paragraph which basically echoes your sentiment. I don’t see much of your claimed “fear mongering” at all:

“The good news is that while the activists missed their big, showy target, they hit the often sketchy data arbitragers who do the real dirty work of the advertising machine. Facebook and Google ultimately are not constrained as much by regulation as by users. The first-party relationship with users that allows these companies relative freedom under privacy laws comes with the burden of keeping those users engaged and returning to the app, despite privacy concerns. Acxiom doesn’t have to care about the perception of consumers—they’re not even aware the company exists. For that reason, these third-party data brokers most need the discipline of regulation. The activists may not have gotten the legal weapon they wanted, but they did get the legal weapon that users deserve.”

In fact, many of your claims are wrong! The article argues that the new California regulations are a good thing, not a bad thing. And furthermore, it even directly acknowledges your point about how media complaints about privacy w.r.t. tech companies are usually misguided and not what we should actually be afraid about. You even make the same point about how tech giants have already adapted to GDPR.

You basically say “the article’s tone is bad” but then you make exactly the same arguments as the article.

I know it’s against HN rules to insinuate that commenters didn’t read the article, but your comment is so far off base w.r.t. the article’s content that I’m going to ask: did you even read the article? If you didn’t - kudos to you for having a very nuanced viewpoint; it’s certainly was much better than mine before I read it. (On the other hand, you really should read the entire article before criticizing it, though...)

[Buge]

The article appears to be more nuanced than your comment seems to imply. The conclusion of the article is that it's a good thing that the law impacts smaller advertisers rather than Facebook and Google.

>The activists may not have gotten the legal weapon they wanted, but they did get the legal weapon that users deserve.

[madrox]

I agree, large companies weren't the targets. Ultimately large companies are always better position to respond to regulation than small companies anyway.

However, just because you're a small company doesn't necessarily mean you're dealing with small data anymore. The data broker companies mentioned in the articles are great examples. These companies are the next Cambridge Analytica if not regulated by laws like this.

[_8j50]

Gdpr introduces a cost but from what I heard,it's very messy.

What is needed is civil laws that permit lawsuits and restraining orders against tech companies as well as criminal statutes to imprison CEOs of companies that willfuly track users against their wish.

For example,Facebook's CEO should be criminally prosecuted for "shadow profiles" collected against non-users. I should be able to file a restraining order against Google preventing them from stalking me online.

I don't care if they pay a hundred billion dollars to the government,I want clear and specific lines drawn with clear and efficient consequences.

Consider this: under CFAA, intentionally attempting to gain unauthorized access to a system can result in a federal criminal prosecution. Google and Facebook are intentionally collecting unauthorized information on individuals who have clearly expressed their desire to not be tracked by them(browser settings and http headers). Their CEOs should be just as liable as an individual would if that individual was stalking another person or logging into their account against their permission.

[jodrellblank]

It seems to take it as a given that anything that doesn't substantially reduce exploitation is a bad thing, but no reasons are given, and the costs aren't weighed. In reality there's a balance to be had here and we need to be looking at both sides. There's a very real danger of legislative changes doing more harm than good.

Sure, a few billion humans might be being invasively tracked and having their data sold, and their mental biases ruthlessly exploited for profit, addictive behaviours encouraged with personalised alerts, but you've got to look at both sides - on the other hand, a few companies are making a HUGE PILE OF MONEY, and I think everyone can agree that's unquestionably a good thing. (No reasons are given).

[jack9]

> a few companies are making a HUGE PILE OF MONEY, and I think everyone can agree that's unquestionably a good thing.

Unquestionably? No, it's a bad thing for the monopolies to maintain through capitalism's achille's heel. Weighing the costs would require insight into the cost-benefits of those mega-corporations, which we will never see.