[maldeh]

That presumes all early stage startups (as made in the US) are created equal, and any regression in their success rates is bad.

Given that 9/10 startups fail even without GDPR, it's not surprising that early stage cos form the Lion's share of failures, and it surely can't be good for any data that was slurped up during whatever these experiments at market fit were doing.

And given that the ultimate goal of GDPR is to protect privacy, it doesn't make sense to exempt startups, especially when the early stage stakes are high and a failure to squeeze out every drop of value legally possible out of your data (while your competitors do) could mean the death of your venture.

As such, comparing to American standards or even current European standards doesn't quite work when there's a clear shift of the moral bar for GDPR compliance.

[ggreer]

You misunderstand the point I'm making. After GDPR, investments in early stage startups dropped by almost 50% in the EU. If you cut investment in half, you're going to cause some startups to fail that otherwise would have succeeded. Startups are a "hits" enterprise. Most fail. Some are mildly successful. A few are responsible for almost all of the upside. Cutting investment by 50% means that instead of getting a Dropbox and a Spotify, you'll only get a Dropbox. That missing upside is bad for the economy.

I'm saying that you can have GDPR or you can have a thriving startup ecosystem. The data shows that you can't have both.

Personally, I think the GDPR is a colossal waste of time that only benefits incumbents. I've had to help implement GDPR compliance at a company and it did absolutely nothing to protect the privacy of customers. However it did cost several hundred thousand dollars.

[maldeh]

I fully understand your point that GDPR hasn't been good for investment or startups, and that that the likelihood of a startup succeeding to reach sustainability in the european field has significantly diminished. What I'm rejecting is that that's necessarily an undesirable state of affairs. Does the world really need the likes of Blur or DiscountMugs to succeed, when they have proven woefully incapable of protecting the most basic forms of user data?

The tech economy seeing such upheaval right now could be construed as a signal demonstrating how dependent it was on fundamentally unhealthy and untenable data practices that were previously endemic to the industry.

I'm sorry that you have had to spend a tonne of money to attain GDPR compliance. I imagine most "incumbents" have had to spend a good deal as well; I can only hope that the next generation of companies have learnt from your company's mistakes and to structure their data processes from day 1 to avoid accruing such sensitive data in the first place.

At any rate - a tech sector is possible. A thriving one, that can sustain as much employment? Maybe not quite, there'd have to be some adjustments; but the people would be better off. A tech sector with the same market cap? Unlikely, but we need to get over ourselves and question if preserving the techocracy's wealth is more important here.

[ggreer]

> What I'm rejecting is that that's necessarily an undesirable state of affairs. Does the world really need the likes of Blur or DiscountMugs to succeed, when they have proven woefully incapable of protecting the most basic forms of user data?

Again, I'm saying that the cost is borne by all startups, not just the ones you don't like. For startups, the main cost of GDPR isn't fines, it's less investment money and more compliance costs. That means good startups and bad startups alike must pay the price. They have equal chances of being killed in the cradle by these costs.

> I'm sorry that you have had to spend a tonne of money to attain GDPR compliance. I imagine most "incumbents" have had to spend a good deal as well; I can only hope that the next generation of companies have learnt from your company's mistakes and to structure their data processes from day 1 to avoid accruing such sensitive data in the first place.

The costs weren't high because of anything we were doing that was out of the ordinary. GDPR affects you if you even keep source IP addresses in your server logs. It mandates processes as well as restrictions. You have to train employees. You have to pay lawyers to ensure your processes are compliant. Even if everything you're doing is totally unobjectionable, the costs are significant. Current evidence indicates that many new companies are solving this problem by incorporating outside of the EU and avoiding doing business with EU customers until they're large enough to afford the costs of compliance.

> A tech sector with the same market cap? Unlikely, but we need to get over ourselves and question if preserving the techocracy's wealth is more important here.

You seem to have a zero sum view of wealth. Tech companies create wealth. They make things people want. Preventing companies from existing doesn't help others (except for incumbents with inferior products).

[henrikschroder]

> Cutting investment by 50% means that instead of getting a Dropbox and a Spotify, you'll only get a Dropbox. That missing upside is bad for the economy.

No no, if investment money disappears from tech, that means you get Dropbox and something else that isn't a tech company. The investment money doesn't just disappear into thin air, it gets invested into something else, a different kind of company, a different sector, some place that isn't dependent on privacy-violating ad-tech bullshit and selling user behaviours to make money.

And as a result, society is better off.

[ggreer]

If you read the paper I linked to, it says that the money is likely going to the US and other places outside of the EU. Capital can cross borders effortlessly.