Hacker News new | ask | show | jobs
by novok 2581 days ago
No it’s because we are working at companies that implement this and understand that it creates a large compliance moat for google and facebook. If it had proper carveouts for small business then it would be more positive. But the EU wants to put its hands in its ears and pretend they don’t exist.

There is a difference between a 5 person biz like bear notes who would be totally cool in deleting your login info on request / sending whatever small amount of data they have on you, and what they actually have to do be properly compliant with GDPR. They are probably not and they, like many small EU software business, are a liability waiting to happen.
2 comments
solarkraft 2581 days ago
What kinds of carveouts are you proposing? Should small companies be allowed to abuse personal data however they want?
link
novok 2580 days ago
I would exempt small businesses from GDPR requirements outright unless the business model is a surveillance capitalism one. Like small adtech startups.

Defining a surveillance capitalist company without BS is difficult although, so in the end, I would probably just wholesale exempt private small businesses that are not subsidiaries of larger ones. The small businesses would need to be arms length from larger ones too.

A lot of the danger of surveillance capitalism come from concentrated power, and many small businesses are by definition the opposite of that.

link
solarkraft 2578 days ago
Small companies can sell their data. Almost all of the data collected by all those small companies mentioned in those GDPR popups will end up in the hands of a few large entities.

The data is the same, regardless of who collects it. Leaking it is equally dangerous.

link
ed 2581 days ago
GDPR does make exceptions for companies with fewer than 250 employees. https://gdpr.algolia.com/gdpr-article-30#section-15

Also this kind of legal DOS is almost definitely against the spirit of the law and I’d be surprised to see any real company use significant resources to respond.

link
Silhouette 2581 days ago
That's one small exception to one small part of the compliance burden, though.

Small businesses are still, for example, subject to abusive SARs of the kind used for illustration here. They're still required to write documentation like privacy policies according to the new standards. And unlike large organisations, where there is the 4% cap on fines, a small organisation faces an existential threat if regulators decide to impose heavy fines, which they have considerable powers to do.

link