[maximus1983]

The problem is any regulation is that it increases the startup costs for smaller businesses.

So as more regulation comes in it will just end up cementing the large players in place as they can absorb the costs of any regulation, while smaller businesses will have higher startup costs (which lets face it were next to nothing).

So while you maybe rejoicing now that shitty companies have gone for now, regulation will just make it harder for these massive companies to be toppled as it makes it harder for smaller companies to comply.

The EU are trying to have article 13 pushed through and any site that has user generated content will have to have some sort of upload filter to check for copyrighted content. That is going to cost money to implement and since Youtube hasn't really be able to achieve it, the only people that will be supplying the software will be the likes of Google, Microsoft etc ... So again it will just make it harder to the small business and help the large businesses.

Also a lot of these regulations make are making the web a shittier place. Every time I go onto a site now, I have the stupid cookie and GDPR notice plaster in front of what I want to look at. I already protect myself and don't care about their attempt to track me. It is just an irritation that nobody pays attention to and it achieves the opposite of what it was intended to achieve.

[lm28469]

We need regulations because people will go as far as they can to make more money. Businesses were upset when their country banned child labor while their concurrents' country didn't, same when weekends, vacations, reasonable work weeks were introduced. What about safety requirements, food quality inspections, &c.

Self regulating markets are a myth, just look at the US insurance and health industries if you want a proof.

That's also why in healthy countries you get a lot of free passes when you start a business: lower tax rate for a few years, 0% loans, advisors paid by the state, &c.

> regulation will just make it harder for these massive companies to be toppled as it makes it harder for smaller companies to comply.

Why did no one topple apple, amazon or google in the last 25 years? If anything the lack of regulations when they started allowed them to become the de facto monopolies we all know today.

[manigandham]

Some of those companies aren't even 25 years old. They didn't get toppled because they were the young upstarts growing into incumbents.

The problem isn't supporting privacy and data rights, it's doing so in a way that creates unintended consequences which actually worsen the market and UX for consumers. There are better ways this regulation could've been written, but it wasn't. That's the issue.

[oblio]

Legislation is not meant for you (at least for now).

It's meant for those who cannot/do not know how to protect themselves.

[MaxBarraclough]

I don't see how this answers the point.

I'm of the opinion that privacy regulation is a good idea, but it's trivially true that it's an additional burden for start-ups. The Is it worth it? question is a legitimate one.

[fromMars]

Honestly, the biggest problem with GDPR is it's current implementation, i.e. the on demand wipeouts.

[sprayk]

And now those who cannot/do not know how to protect themselves will be unable to start a business on the internet in the EU. Do you think these two groups have to be mutually exclusive?

[toomuchtodo]

Protecting the masses is more important than edge cases. Most people will never start an internet business.

[btilly]

Without the people who start business type X, we won't have competition in business type X. Therefore a law that makes it hard to start businesses of type X will affect you whether or not you ever intend to start such businesses.

This applies for any X that you care to name, including "internet".

If you believe that you can both pass regulations that make businesses of type X harder to form, and enjoy the benefits of having new businesses of type X around, then there is probably a big flaw in your thinking.

[TeMPOraL]

In case of GDPR, X is "businesses abusing people's data", which essentially boils down to "adtech". We don't need more competition in adtech. We need adtech to die.

[btilly]

No, X is "businesses that handle people's data". For whatever reason.

The goal is to regulate adtech. But the effect is to impose regulatory costs on every company that wants to have a discussion forum on their website. (And the upcoming copyright bill is even worse.)

[Mirioron]

Including all the businesses that run on adtech then? I guess so much for Google, YouTube, Facebook, Android etc.

I would much rather have adtech and those businesses. I think most people feel the same way, because they continue to use those businesses.

[maximus1983]

Adtech will die once people start paying for things on the internet. When that will be who knows.

[mattmanser]

[flagged]

[razius]

> but we're open about it and they can disable it if they want

It's not legal, consent is opt-in not opt-out.

[afiori]

that does not says if there is an informative pop-up.

[Isinlor]

There are no costs because no one is enforcing it.

> In one we actually track user's behaviour to make better recommendations, but we're open about it and they can disable it if they want.

If I understand well this is opt-out instead of opt-in... If you would be slapped some percent of your revenue for this you would feel the costs. Not only the cost of fine, but also of reading and implementing GDPR more carefully. But data protection authorities don't have enough resources to audit even 1 / 100 000 of companies that ignore GDPR up to this level of detail. So you can live in happy ignorance that you are implementing GDPR.

That not to say that GDPR doesn't help in general. The issue is that it will be a dead law or a law that hits randomly some very, very small percentage of companies breaking it.

Having a law that no one implements properly is just a recipe for abuse of power by authorities. "Show me the man and I’ll show you the crime" is well known to people living under the Soviet rule. (And, No! EU is not the Soviet Union. But some DPA are in post-soviet republics with people that were raised in this mentality.)

[maximus1983]

"I happen to know quite a lot about GDPR because I dealt with it at a client I was previously working with,"

There we go. You already done the time investment at someone else's expense. So thanks for proving my point.

My comments weren't about GDPR but about regulation in general. Any regulation requires more work which makes it difficult for smaller players. You had to do the extra work.

[hannasanarion]

Should we ban food inspections too, since that means smaller players have to do more work? How about automobile safety testing, it's such a hassle for auto makers. Why not get rid of building codes and prohibitions on lead in children's toys while we're at it.

[danso]

I imagine the anti-GDPR-folks might argue that overly onerous restrictions have been harmful to smaller players. Temperature requirements effectively made Peking duck illegal in California, until a lawmaker representing the Chinatown area proposed a law specifically exempting it: https://www.sgvtribune.com/2015/08/22/peking-duck-is-so-impo...

[maxxxxx]

Should we also abandon the regulation on not stealing things? It makes my startup idea much more difficult too.

Individuals' rights over their data should just be another human right like property rights and not being harmed by others.

[zhte415]

> Any regulation requires more work

Thinking about what you do and how you do it is probably not a bad thing.

[Daishiman]

Two day's worth of research. Horrible, absolutely horrible.

[CaptainZapp]

If your business model is scum I'd wager that it should die a slow and painful death.

I really don't see, why a scummy business should get a pass, just because it's a startup.

[maximus1983]

It hurts the non-scummy businesses as well.

So the regulation causes problems for people that haven't done anything wrong.

A lets be clear here. People aren't dying, it mostly ads and shitty data collection. I think it might be better to actually educate the public (which govs are doing) as to some of the pitfalls of the internet rather than regulating the crap out of it.

[CaptainZapp]

it mostly ads and shitty data collection

While this is true it's exactly that, which turned the world (and by extension the world wide web) into a fucking dystopia. Brexit, without the whole concept of targeted ads and the data collection that goes with it would have not been possible.

Yep, I think add tech is utterly and totally evil. And all that to make a buck, or a billion.

I, for one, think that's a disastrously high price to pay for a few successful tech companies.

People aren't dying,

Actually I disagree here. When you look at the consequences of the technology in countries like Myanmar, The Philippines, Brazil, Cambodia and others and the likes of Mr. Zuckerberg and his ilk giving exactly zero fucks (unless it becomes bad PR) I'm afraid you're definitely wrong on that one.

[maximus1983]

> Brexit, without the whole concept of targeted ads and the data collection that goes with it would have not been possible.

However nobody mentioned all the people that didn't bother voting because they were at Glastonbury which was on at the same time.

I very much doubt that is true. The UK has been a bad fit in the EU and there has been a sentiment for years that we don't want any EU interference. For example many don't want "The EU monopoly money" (not my words mind you) and generally the public is Euro-sceptic.

The papers and politicians were trying to find a scapegoat because quite frankly it didn't go the way they wanted. Much like Trump's victory claiming that Russia hacked the election (there were like a few thousand placed on facebook, which paled in comparison to the Democrat's budget).

Many of the people that voted out were of older generations that don't pay attention to tech. So I find it dubious how much influence the likes of Cambridge analytical really had.

> Actually I disagree here. When you look at the consequences of the technology in countries like Myanmar, The Philippines, Brazil, Cambodia and others and the likes of Mr. Zuckerberg and his ilk giving exactly zero fucks (unless it becomes bad PR) I'm afraid you're definitely wrong on that one.

Like exactly what? You haven't qualified anything here. You just claimed I am wrong because of what? What adverts, what is happening? This is a very vague claim.

I suspect much like the vote to leave the UK it will be very spurious evidence.

[CaptainZapp]

Like exactly what? You haven't qualified anything here. You just claimed I am wrong because of what? What adverts, what is happening? This is a very vague claim.

Vague claim? Not at all.

I was asking myself if I should actually bother to even answer, but then decided to invest a couple of minutes into some very basic DDG searches. You can find some results below.

Let me assure you that there's a ton more, if you just bother to open your eyes.

I close my argument here, since anything else would be either counter productive or violate site guidelines.

But please don't accuse me of sprouting vague claims or not qualifying my arguments just because you seem more interested in a timely Uber or a cheap stay and fuck all the consequences.

https://www.thedailybeast.com/exclusive-rohingya-activists-s...

https://www.theguardian.com/world/2018/apr/03/revealed-faceb...

https://www.nytimes.com/2017/10/27/world/asia/myanmar-govern...

http://nymag.com/intelligencer/2018/09/how-facebooks-free-in...

https://www.bloomberg.com/news/features/2017-12-07/how-rodri...

https://www.irishtimes.com/news/world/asia-pacific/facebook-...

https://en.wikipedia.org/wiki/Indian_Whatsapp_lynchings

https://www.theguardian.com/world/2018/jul/15/india-police-a...

[Aaargh20318]

> It hurts the non-scummy businesses as well.

If your business case depends on either abusing or being careless with other people’s personal data, how are you not a scummy business ? That’s basically all the GDPR requires of you, don’t abuse people’s personal data and be careful with it. Both seem like common decency to me.

[Silhouette]

If that were really all that the GDPR required, it wouldn’t cost businesses that already did show that common decency anything, would it?

In reality, all regulations have costs for compliance and those costs typically apply to some extent even if you weren’t doing anything shady at all.

[chii]

> all regulations have costs for compliance

if you were _already_ complying before GDPR existed (because your business model isn't scummy), then GDPR compliance _should_ cost very little, if at all.

If you weren't complying at all, then adding compliance is very costly after the fact. If you cannot make your business work without complying, then the business must die, as there's no natural right for a business to exist.

[Silhouette]

if you were _already_ complying before GDPR existed (because your business model isn't scummy), then GDPR compliance _should_ cost very little, if at all.

But unfortunately, that isn't really how it works. Under GDPR you could still find your privacy policy now isn't written in the correct terms, or your previous consents or notices weren't worded properly and might not stand up any more, or your methods of storing data don't make per-person permanent deletion straightforward. And all of this remains true even if you were compliant with all previous data protection legislation (at least here in the UK) and even if you weren't doing anything sketchy with the data and have no plans to do so in future either.

If nothing else, you probably need non-trivial amounts of management time to understand the new rules, some extra legal advice that you're going to have to pay for, and an update of your key documents to make sure everything uses appropriate structures and wording to comply. That alone could already be a significant cost for a small, bootstrapped business, and that's without changing anything about the actual data you're collecting or how you use it.

[iamaelephant]

> The problem is any regulation is that it increases the startup costs for smaller businesses.

Why should this be the one thing we optimise for?

[manigandham]

Where do you think jobs come from?

[hrktb]

Businesses that don’t have security issues when handling private data, obviously.

I agree with the GP, in that ease of starting companies should not be the primary goal, setting security and privacy on the back seat. It shouldn’t harder than it needs to, not easier at any cost.

[manigandham]

> It shouldn’t harder than it needs to

This is what's happening though.

[Silhouette]

No-one seems to have suggested that it’s the one thing we should optimise for, but it is important. Small businesses are the foundation of economies, and every extra overhead ultimately damages those economies and so needs some justification that is of greater value, financial or otherwise. One year on, it’s still not clear to me that GDPR has achieved that greater good, and I write that as someone who is a very strong believer in stronger privacy laws in principle.

[Mirioron]

Because if you do poorly on the small business front, then they can't grow into bigger businesses. How many EU tech companies do you know of compared to American ones?

[franciscop]

Many, but I'm european so it probably doesn't count (;

If you make it harder for companies for protecting people it's still a win. I recently visited SF, "the center of innovation" for the startup world. I saw 2 people defecating on the street in 2 weeks, countless peeing and had to jump over homeless at some points to walk the street. If that's the cost for startup and innovation, please don't bring it to EU.

[Mirioron]

I'm European too and I really wish people from Europe didn't have an attitude like yours. Some parts of Europe are incredibly poor, but of course we have a much smaller homeless problem, because if you're truly without shelter then you simply die in winter.

[franciscop]

I'm from Spain and there are homeless people in Spain, just a lot less than in the US. But it's not because they die in winter, it is because you don't become automatically poor if you lose your job, or if you need an operation, or if you study at university. It's safety nets that avoid people losing everything and becoming homeless.