[ggreer]

No, you can't. Since GDPR was rolled out, venture capital investments in the EU have dropped by a third.[1] According to that paper, the companies most hurt are early stage startups.

1. The Short-Run Effects of GDPR on Technology Venture Investment: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3278912

[maldeh]

That presumes all early stage startups (as made in the US) are created equal, and any regression in their success rates is bad.

Given that 9/10 startups fail even without GDPR, it's not surprising that early stage cos form the Lion's share of failures, and it surely can't be good for any data that was slurped up during whatever these experiments at market fit were doing.

And given that the ultimate goal of GDPR is to protect privacy, it doesn't make sense to exempt startups, especially when the early stage stakes are high and a failure to squeeze out every drop of value legally possible out of your data (while your competitors do) could mean the death of your venture.

As such, comparing to American standards or even current European standards doesn't quite work when there's a clear shift of the moral bar for GDPR compliance.

[ggreer]

You misunderstand the point I'm making. After GDPR, investments in early stage startups dropped by almost 50% in the EU. If you cut investment in half, you're going to cause some startups to fail that otherwise would have succeeded. Startups are a "hits" enterprise. Most fail. Some are mildly successful. A few are responsible for almost all of the upside. Cutting investment by 50% means that instead of getting a Dropbox and a Spotify, you'll only get a Dropbox. That missing upside is bad for the economy.

I'm saying that you can have GDPR or you can have a thriving startup ecosystem. The data shows that you can't have both.

Personally, I think the GDPR is a colossal waste of time that only benefits incumbents. I've had to help implement GDPR compliance at a company and it did absolutely nothing to protect the privacy of customers. However it did cost several hundred thousand dollars.

[maldeh]

I fully understand your point that GDPR hasn't been good for investment or startups, and that that the likelihood of a startup succeeding to reach sustainability in the european field has significantly diminished. What I'm rejecting is that that's necessarily an undesirable state of affairs. Does the world really need the likes of Blur or DiscountMugs to succeed, when they have proven woefully incapable of protecting the most basic forms of user data?

The tech economy seeing such upheaval right now could be construed as a signal demonstrating how dependent it was on fundamentally unhealthy and untenable data practices that were previously endemic to the industry.

I'm sorry that you have had to spend a tonne of money to attain GDPR compliance. I imagine most "incumbents" have had to spend a good deal as well; I can only hope that the next generation of companies have learnt from your company's mistakes and to structure their data processes from day 1 to avoid accruing such sensitive data in the first place.

At any rate - a tech sector is possible. A thriving one, that can sustain as much employment? Maybe not quite, there'd have to be some adjustments; but the people would be better off. A tech sector with the same market cap? Unlikely, but we need to get over ourselves and question if preserving the techocracy's wealth is more important here.

[ggreer]

> What I'm rejecting is that that's necessarily an undesirable state of affairs. Does the world really need the likes of Blur or DiscountMugs to succeed, when they have proven woefully incapable of protecting the most basic forms of user data?

Again, I'm saying that the cost is borne by all startups, not just the ones you don't like. For startups, the main cost of GDPR isn't fines, it's less investment money and more compliance costs. That means good startups and bad startups alike must pay the price. They have equal chances of being killed in the cradle by these costs.

> I'm sorry that you have had to spend a tonne of money to attain GDPR compliance. I imagine most "incumbents" have had to spend a good deal as well; I can only hope that the next generation of companies have learnt from your company's mistakes and to structure their data processes from day 1 to avoid accruing such sensitive data in the first place.

The costs weren't high because of anything we were doing that was out of the ordinary. GDPR affects you if you even keep source IP addresses in your server logs. It mandates processes as well as restrictions. You have to train employees. You have to pay lawyers to ensure your processes are compliant. Even if everything you're doing is totally unobjectionable, the costs are significant. Current evidence indicates that many new companies are solving this problem by incorporating outside of the EU and avoiding doing business with EU customers until they're large enough to afford the costs of compliance.

> A tech sector with the same market cap? Unlikely, but we need to get over ourselves and question if preserving the techocracy's wealth is more important here.

You seem to have a zero sum view of wealth. Tech companies create wealth. They make things people want. Preventing companies from existing doesn't help others (except for incumbents with inferior products).

[henrikschroder]

> Cutting investment by 50% means that instead of getting a Dropbox and a Spotify, you'll only get a Dropbox. That missing upside is bad for the economy.

No no, if investment money disappears from tech, that means you get Dropbox and something else that isn't a tech company. The investment money doesn't just disappear into thin air, it gets invested into something else, a different kind of company, a different sector, some place that isn't dependent on privacy-violating ad-tech bullshit and selling user behaviours to make money.

And as a result, society is better off.

[ggreer]

If you read the paper I linked to, it says that the money is likely going to the US and other places outside of the EU. Capital can cross borders effortlessly.

[tastroder]

From that paper: "Of course, there are caveats to these findings. First of all, GDPR has only been in effect in the EU for a short time, and the effects we’ve observed may be temporary, with investors potentially taking a wait-and-see approach."

Given the year-over-year trends shown in [0] I feel like one should not overemphasize the timeframe that article looked at. The decline seems to be relatively contained at best and future development is unclear at best. And honestly, who cares, even if we suddenly got 20% of startup failures due to GDPR concerns alone. If those concerns are reasonable I'm totally fine with that.

[0] https://news.crunchbase.com/news/decade-in-review-trends-in-...

[ggreer]

It's not due to larger industry trends. The paper shows that startups in the US got more funding in the same time period, including early stage startups.

I remember warning about this when GDPR was being considered. People said it wasn't a concern. Later in 2018 I linked to a draft whitepaper that showed a decline in funding for EU startups. People replied that it was a statistical fluke and that we needed more time before we could draw conclusions. Now it's been a full year and the US-EU investment disparity is higher than ever.

At this point I don't know what would change people's minds. It's like talking to climate change denialists. I get the same response: "There's not enough data. The data doesn't support that conclusion. Even if it did, the trade-offs are worth it."

[tastroder]

Okay, let's say there is enough data and you are absolutely correct. How does that invalidate the "Even if it did, the trade-offs are worth it." response?

The US-EU funding disparity was always there, in my book this leads to less people copying ethically dubious startup patterns from their US counterparts. If GDPR is the sole reason for the decline... doesn't the benefit of the population, of quite a few countries, outweigh the impact on a few startup folks and their investors?

[ggreer]

The EU doesn't prevent the "bad" startups from existing. They just prevent them from starting in the EU, which means the EU misses out on a lot of the potential upside.

Companies like Microsoft, Google, Uber, Facebook, and PayPal started in the US, but they eventually expanded to the rest of the world. Since those companies weren't founded in the EU, EU workers missed out on being early employees. That means those company cultures are far more American than they otherwise would be. The EU missed out on having those companies headquartered in Europe where they'd create more jobs, more wealth, and more profits that could be taxed. Having them headquartered in the EU would also make those companies easier to influence.

It's hard to quantify exactly how much these things matter, but I think the long term cost is far higher than the consumer benefits of GDPR.

[tastroder]

> The EU doesn't prevent the "bad" startups from existing. They just prevent them from starting in the EU, which means the EU misses out on a lot of the potential upside.

To me that sentence just isn't logical. Yes, they'd prevent some them from starting in the European market with their exact original business model if they were starting out now (and not like half of them in the last millenium). None of them started out here back in their time so that sounds more like a question of market penetration than benefit for the startup culture anyhow. With the GDPR they will hopefully also prevent said market penetration for bad actors when the time comes for the next generation of startups.

If GDPR is the sole reason and, subsequently, the US chooses to foster such businesses to win in a market, more power to them. Your examples might be huge successes, but many of them are at this time considered to be either unethical (Facebook, for the most part; Google had their share of negative attention) or plain illegal (Uber for example still hasn't managed to really start out in Germany, let's throw in AirBNB for good measure - I think they were founded in about the same year - huge financial hit that leads users to break laws and contracts left and right).

The calculation of long term cost and benefit is honestly the point where this discussion switches from economical concerns to political, at least for me since I'm not versed enough in macroeconomics to begin to judge that and would always place society over monetary concerns. I'm sure neither of us can win over the other so I'd suggest we leave it at that.

[henrikschroder]

> Later in 2018 I linked to a draft whitepaper that showed a decline in funding for EU startups.

Correlation is not causation. That the GDPR caused this decline is a pretty hefty claim for which you have offered zero evidence.

[ganzuul]

This is like saying laws against human trafficking are bad because it hurts business.

[ggreer]

You are comparing server logs containing your IP address to human trafficking. That's a fun bit of rhetoric, but it doesn't help anyone in this conversation discover what's true.

[Avamander]

You are turning his argument about things being forbidden by the GDPR being in majority eroding to privacy into something about IP addresses, it's not a fair simplification. That actually doesn't help anyone in this conversation to decide if the privacy gains provided by GDPR are worth it or not.