Can we just agree to silo off the EU? Why should foreign companies have to comply with these policies anyway? GDPR compliance has already had a negative impact on web UX.
Imagine a scenario where this passes. Larger companies in the US and elsewhere are able to put in place "filtering" to comply with the mandate, but then other smaller companies simply turn off the EU.
When it comes to regulations, larger companies have the will and resources to meet them. Stifling competition and becoming dominant in the marketplace.
Sure, some commentators will argue that SaaS products can popup to fill the "filtering" requirements. But it could be something that companies just simply cannot afford to implement and again, we're back to blocking off the EU.
The knock on effect is that at least for EU content, startups will have yet another hurdle to get off the ground.
Now, when the rest of the world starts to block off the EU and EU customers start seeing their access being limited as time goes on. It may or may not cause a backlash. Who knows at this point.
As a solo-founder who is working on a startup that is hugely impacted by this. I really hope this does not pass. If it does, oh well. I'll shrug and postpone EU participation until my company is able to afford the extra cost.
>Why should foreign companies have to comply with these policies anyway?
Because they want revenue from EU citizens? Should a car company from China have to comply to US safety regulations when selling cars to US citizens?
>GDPR compliance has already had a negative impact on web UX.
Nah. I've switched off tracking on every website I use often via the popups and I've noticed much faster loading. Imo GDPR has made the web experience better.
> Should a car company from China have to comply to US safety regulations when selling cars to US citizens?
In your example, the car company is implicitly selling to a foreign country. When it comes to software/websites, a user from a foreign country is incidentally served rather than implicitly.
So everyone who hosts a website has the obligation to read up on the legality of that particular website for all countries in the world, and block accordingly?
Which part of the ip is hard to decode? If you don't like how a country's laws are shaped, then stop selling there. You can't have your pie and eat it too. Either you obey the market laws and sell or you don't. If someone is using a VPN to get around your geo ban, then I think that's the user's implicit choice.
Why should the onus of blocking content in some faraway country be on the company publishing it? If you don't want your country's citizens to have access to something, well then, time for a Great Firewall.
>If you don't want your country's citizens to have access to something, well then, time for a Great Firewall.
It's not the EU who wants to ban access to something. It's the provider who wants to benefit financially from selling that product( targeted ads) without having to comply to the laws of the country that the selling happens. There is no other market that you get to do that. Why should your web page be different?
IP addresses aren't country codes, in the same way that phone numbers aren't permanent unique identifiers. If you block IP ranges, you'll let some European users through, and block some non-European users.
Is "at least we tried"-style blocking good enough?
>Is "at least we tried"-style blocking good enough?
Yea exactly. In absence of a mechanism to block users the discussion of who gets to police who is worthwhile. But if a company chooses not to comply with GDPR and at the same time doesn't utilize any available mechanism to block EU users then there is definitely intentional ignorance on their part.
Secondly, monetizing the EU is a step that usually occurs very late into the life of a startup. Startups almost always monetize the US first.
So if you are a company that owns a website that doesn't make money from the EU and the EU comes up with regulations that adds thousands of dollars in costs and hundreds of thousands of dollars in potential liability to your business, the obvious and easiest solution is to simply shut them off.
We have seen this occur for GDPR and I am confident it will occur for this legislation as well.
>Secondly, monetizing the EU is a step that usually occurs very late into the life of a startup. Startups almost always monetize the US first.
It's not a matter of what the founder/CEO of a startup chooses here. I will often open links from e.g. New York Times or other US news sites because something happened in New York or there's an interesting opinion piece that I want to read. These sites are profiting from my clicks so they have to obey the EU laws. If it was impossible for them to determine that I'm an EU citizen then it's a different story but an geo ban is trivial.
Or - they could just make money off you, and ignore what the EU wants!
Ultimately the EU's only recourse in things like this is to either convince the USA to act as its enforcer, or to set up a Great Firewall to stop you browsing to the NYT.
Or the EU could declare that business with NYT means you can't do business in the EU. Which would probably hurt a bit if ad networks jump off (I doubt Google wants to deal with this).
> It's not a matter of what the founder/CEO of a startup chooses here. I will often open links from e.g. New York Times or other US news sites because something happened in New York or there's an interesting opinion piece that I want to read. These sites are profiting from my clicks so they have to obey the EU laws
Ok, I don't think you understand how ads work. Your clicks don't make a website money if they are not selling ads in your country. The New York Times is not a startup so your point is irrelevant.
edit: if you are not aware that different countries have different ads markets your probably shouldn't have an opinion on GDPR.
If they don't make money, then why would they need to collect and share data about their users? If they don't collect and share, then they don't need to make any privacy notifications, so it doesn't impact UX.
> If they don't make money, then why would they need to collect and share data about their users?
If you've ever developed a website you should absolutely know why you might need to collect and share data. Google analytics is considered sharing btw.
Perhaps I wasn't explicit, but by data I mean personal data, which is what GDPR is all about. While the desire to collect general statistics about site usage is obvious, I still do not see any reason to collect personal data.
Welcome to what the rest of the world has been experiencing under the US hegemony for the past 3 decades. Since we are not all operating under the same authority, and so we don't have anyone to appeal to for a final answer when we disagree, relations between nation's and their companies have been a matter of practicality rather than ethics. If you can silo off the EU feel free, but most companies won't voluntarily give up access to the largest economy in the known universe if they can find any way at all you can mitigate the local regulations
However, when I was just looking it up now to find evidence for you I found various sources saying the US, China, or the EU was the largest so now I am not sure
The US does regulate domestic internet firms from time to time like with COPPA. But my daily internet experience is by and large left alone by Congress.
Whereas I have to dismiss annoying cookie popups every few hours thanks to the EU. Somehow I prefer Congress.
As but one (or, actually: thousands) of data points in evidence: If your idea was workable, there'd be some among the tech companies both large and small would have implemented it.
When it comes to regulations, larger companies have the will and resources to meet them. Stifling competition and becoming dominant in the marketplace.
Sure, some commentators will argue that SaaS products can popup to fill the "filtering" requirements. But it could be something that companies just simply cannot afford to implement and again, we're back to blocking off the EU.
The knock on effect is that at least for EU content, startups will have yet another hurdle to get off the ground.
Now, when the rest of the world starts to block off the EU and EU customers start seeing their access being limited as time goes on. It may or may not cause a backlash. Who knows at this point.
As a solo-founder who is working on a startup that is hugely impacted by this. I really hope this does not pass. If it does, oh well. I'll shrug and postpone EU participation until my company is able to afford the extra cost.