That is the point of this page, if you see lower down the author is against the regs and this is an attempt to undermine them.
Honestly, it's crazy—HN is the only place I see this kind of anti-GDPR stuff. Everyone I have talked to about it sees it as a huge positive. I include myself in that by the way—being able to get (and delete) my data from providers reliably is a huge positive, and it has clearly improved the way my data gets handled a lot of the time. The cost is relatively small.
Indeed, I will never stop being amused by the hysteria over the GDPR.
You know what makes it really easy to comply with the GDPR?
Stop spying on your users.
Just stop.
It infuriates people precisely because it threatens the ad surveillance economy this whole website and most of its users have come to rely on. Consistently, the sites I've gone to with the most intrusive and aggressive complaints and reactions to GDPR ... are also the sites that are riddled with spyware and tracking.
It is very much a case of "methinks thou dost protest too much."
No it’s because we are working at companies that implement this and understand that it creates a large compliance moat for google and facebook. If it had proper carveouts for small business then it would be more positive. But the EU wants to put its hands in its ears and pretend they don’t exist.
There is a difference between a 5 person biz like bear notes who would be totally cool in deleting your login info on request / sending whatever small amount of data they have on you, and what they actually have to do be properly compliant with GDPR. They are probably not and they, like many small EU software business, are a liability waiting to happen.
I would exempt small businesses from GDPR requirements outright unless the business model is a surveillance capitalism one. Like small adtech startups.
Defining a surveillance capitalist company without BS is difficult although, so in the end, I would probably just wholesale exempt private small businesses that are not subsidiaries of larger ones. The small businesses would need to be arms length from larger ones too.
A lot of the danger of surveillance capitalism come from concentrated power, and many small businesses are by definition the opposite of that.
Small companies can sell their data. Almost all of the data collected by all those small companies mentioned in those GDPR popups will end up in the hands of a few large entities.
The data is the same, regardless of who collects it. Leaking it is equally dangerous.
Also this kind of legal DOS is almost definitely against the spirit of the law and I’d be surprised to see any real company use significant resources to respond.
That's one small exception to one small part of the compliance burden, though.
Small businesses are still, for example, subject to abusive SARs of the kind used for illustration here. They're still required to write documentation like privacy policies according to the new standards. And unlike large organisations, where there is the 4% cap on fines, a small organisation faces an existential threat if regulators decide to impose heavy fines, which they have considerable powers to do.
5) People like myself who are annoyed that people think GDPR is enforceable to non-EU entities.
It's not... You cannot enforce GDPR on any person / company who doesn't have a presence in the EU.
That annoys me, because _although I'm willing and do comply_ many people reach out to me regarding their personal data with a lot of arrogance. However, my company isn't based on the EU and I don't have to comply (which I cleared with a lawyer already). Their method of their approach makes me not want to comply.
I understand your problem with arrogance but as long as you service users in EU you are still liable. There are legal ways they can get to you and at best you may avoid fines but be banned from offering your service to EU citizens. Of course that's an option you already have I.e stop servicing EU
> as long as you service users in EU you are still liable.
Not true, I am not required to not offer to EU citizens. They simply can choose to visit my U.S. servers and use U.S. dollars.
Laws aren't global. Laws are based on jurisdiction. EU doesn't have said jurisdiction, unless I am hosting services or have a presence in the EU. Customers from the EU effectively travel to the U.S. (via the internet) to get to said service. The U.S. could force us to follow EU laws, then sure. However, that's not the case today.
You can think of it as: if I call a vendor in China to purchase some widgets. The vendor in China is not required to validate you're following the laws of your land - that's your job. The Chinese vendor just needs to make sure they are following China's laws.
I've seen comments on GDPR topic here where arrogant posters complained of sites that just banned EU visitors rather than take on the increased resource burden.
Unless you are the incumbent banking on it like Big Media with the DMCA. The amount of fake / mass DMCA Takedowns that happen on YouTube on a daily basis is astounding.
Honestly, it's crazy—HN is the only place I see this kind of anti-GDPR stuff. Everyone I have talked to about it sees it as a huge positive. I include myself in that by the way—being able to get (and delete) my data from providers reliably is a huge positive, and it has clearly improved the way my data gets handled a lot of the time. The cost is relatively small.