[gazzini]

I disagree with this — more regulation will make it harder to innovate.

For example, I’ve met several founders who wanted to enable tele-medicine years ago but decided against it because “the lawyers cost more than the engineers”, and walking-on-eggshells destroys morale & iteration speed.

I’m not arguing to de-regulate heath data — my point is that we should selectively apply regulation.

It’s likely a great thing to regulate self-driving cars. But please keep the lawyers away from my niche online forums, 3rd-party clients for social apps, blogs, video games, calculators etc...

[danudey]

If a company can't 'innovate' without sharing users' data with third parties or treating it recklessly through lax security (or uploading database dumps to publicly-accessible S3 buckets) then that company doesn't deserve to be in business.

It doesn't take a suite of lawyers to enforce that, either. Health care is gigantic mess of bullshit in the US especially, because of the multiple different 'stakeholders' - customers, insurance companies, brokers, "networks", hospitals, doctors, etc., and every mistake is a gigantic lawsuit waiting to happen. It's a disaster however you cut it.

As for personal data for some arbitrary startup, any argument that "innovation" depends on being able to be careless or cavalier with that data is just ridiculous. Be careful with it. Store it properly. Only collect what you need, and delete the rest. Expunge data you no longer need. Never send it to any third party without asking the user, and provide clear information about where and with whom the data is processed and stored at rest.

There, now you're being careful with user data and you can still "innovate" decent products, as long as your business model isn't user-hostile from the start.

[dahfizz]

I think you've missed your parents point.

The problem they point out is that well intentioned businesspeople who want to provide you a useful service and store your data correctly are priced out.

If you want to deal with medical data of any kind, you need a lawyer. Full stop. It doesn't matter how good your intentions are, or how many "best practice" blog posts you follow. You need to hire a lawyer, and lawyers are incredibly expensive.

> Be careful with it. Store it properly. Only collect what you need, and delete the rest.

This is great advice, but that's not how laws work. Congress won't pass a law that says "store it properly". They are going to pass a law that describes how you can and cannot store data in 600+ pages of legalese. And no matter how properly you think you're doing things, you have to have a lawyer to know you're actually doing it properly.

Said another way: regulation always adds cost and barriers to entry. These affect the "good" business just as much as the "bad" business.

[dx87]

Not every business has to be viable for a startup. I'd rather a company that can't afford a single lawyer not have access to my personal information. If that means pricing them out of it through regulation, then so be it.

[dahfizz]

That's a perfectly reasonable position. If you have considered the pros and cons and decided one outweighs out the other, that's fine.

My parent was not doing that, and instead flippantly remarked that you should just store data correctly and everything is fine.

My point is that it is important to consider the implications of government action, because they are always numerous.

[bpodgursky]

Then don't use the startup? Not everyone has the same calculus as you. You don't need regulation in order for you to not use a product.

[toomuchtodo]

Regulation exists to protect citizens at scale. “Don’t use the business” isn’t how we’ve built society, rightfully so. If you believe the regulation to be onerous, fix it.

One is not entitled to do whatever one wants to generate a profit, at the detriment to uneducated or unsophisticated citizens, or society as a whole.

[manigandham]

> If you believe the regulation to be onerous, fix it.

Well, that's what they're doing by not wanting it.

[gentleman11]

We are trading the personal information of billions of people for the ability for tech startups to iterate quickly, who will for the most part decide on a freemium business model revolving around mining and selling private data

[searchableguy]

And may be trading away our ability of choice in the future and being stuck with a monopoly.

Nobody talks about regulated industries with duopoly or monopolies that everyone has to deal with. Tech industry is exotic ain't?

Big companies will still find a way to track you. That won't change. You can pull up a list of all the privacy focused laws released recently and you can still see Facebook and all their products working fine but you never hear about someone who wanted to bootstrap an idea and couldn't invest much upfront to deal with slow expensive law system.

We don't need more regulations. We need more selective punishments proportional to the damage and presence. Not a lame fine that is not proportional to what companies are profiting from . And if you know anything, Facebook is the one lobbying for privacy these days. They are pushing for some of the requirements they are already compliant with to be put into law .

[godelski]

> The problem they point out is that well intentioned businesspeople who want to provide you a useful service and store your data correctly are priced out.

Then the way to do this is to simplify laws and their understanding. A company shouldn't need a large legal team just to figure out if they are doing something legal or not. It kinda sounds ridiculous when you think about it. That you have to hire a bunch of lawyers to figure out if you are a criminal or not. That clearly means things are too complex. I get that there are places this should apply to, but not small businesses and startups.

You can have regulation that is both easy to understand and effective. There is also letter and spirit of the law. We should never let the letter hinder the spirit.

[dahfizz]

I completely agree with you. The legal system is entirely out of reach for the average citizen, and this is something we should fix.

However, us wanting things to be a certain way doesn't change how things are. If Congress passed a "Data Protection Act" it would be indecipherable, full of technical illiteracy, and heavily influenced by the richest lobbyists (Facebook and Amazon, anyone?).

This is my objection. I would love for a real data protection act to be legislated. But Congress has its own agenda and ineptitudes. Do you really trust the people who wrote the Patriot act to protect your sensitive information?

[Spooky23]

That’s bullshit. The federal government is able to produce a lot of useful technical regulation and guidance.

Hell the whole infosec policy framework used everywhere is built off of NIST 800-53.

[r-w]

I’m pretty sure NIST has more engineers than politicians. The same cannot be said of Congress.

[Legogris]

If you don't store any data you won't need any lawyers. You don't need to store a single byte of data on your users or customers to provide a service or software using that data.

[dahfizz]

> If you don't store any data you won't need any lawyers.

Wrong. HIPAA applies to any business that transmits and/or has access to PHI. You don't need to be storing data on your own hard drives to be subject to these laws.

This is exactly my point. You are thinking like an engineer, and Congress is not. You cannot assume anything. You need to hire a lawyer, or you are opening yourself up to serious liability.

[Legogris]

I worded that poorly. How about this: If you don't own, manage, solicit or control any servers having access to PHI or PII you don't have any risk of being liable.

Put all of that on the client, do your best to protect it but ultimately make it the clients responsibility.

I still haven't seen any lawsuits or regulation targeting software in that sense, apart from DRM.

[manigandham]

There is no distinction between client vs server when it comes to the law. The same organization created and operates both and is liable as a data processor in both situations.

This is again the difference between engineer vs policymaker.

[aguyfromnb]

>The problem they point out is that well intentioned businesspeople who want to provide you a useful service and store your data correctly are priced out.

I think pricing out the odd well-intentioned business person is a good tradeoff for avoiding the "move-fast and break things" snake-oil salesmen.

>Said another way: regulation always adds cost and barriers to entry.

And saves money and harm when things go bad.

[neycoda]

This is innovation in the wrong direction... against our privacy and consent for the benefit of a company whom I may not want to give this data to and whom didn't clarify that's what was happening. It's corporate malfeasance, and if you think it should be unrestricted "innovation" then you're probably on the creepy side of the Big Brother-like data-gathering monster.

[CapacitorSet]

>I’ve met several founders who wanted to enable tele-medicine years ago but decided against it because “the lawyers cost more than the engineers”, and walking-on-eggshells destroys morale & iteration speed.

Thankfully so - I wouldn't want my telemedicine to rely on eg. some random unsecured Mongodb instance.

[timzentu]

Why disagree with this, it actually will cause innovation. How, if someone is able to figure out the way to navigate the laws easily, they will then sale their solution as a service. So when a FB, Goog or MS can figure it out, they will add it to their stuff. Also a group like EFF would make a tool to verify since it would mean that their existing tools would just be checking the server instead of each thing like Privacy Badger and their other apps do. It was really easy to innovate the car (look, I made this out of hard pointy steel, who cares if anyone else dies). Until you had to actually made them safe, do you think society would be better off going to the old methods? Innovation is for a purpose, a lot of the stuff we see now seems to be to innovate for the purpose of innovations sake and then sell it to someone who cares. Also do you really think people won't invest if their current methods don't work, so startup culture wouldn't die. Just system of having people who don't care about privacy not actually think things through ethically first.

[kjs3]

Oh, BS. My wife is a medical practice management exec, I I do some IT consulting in the space. There is absolutely no end of telemedicine solutions and have been forever (I implemented an early one in the mid-90s). There is absolutely no end of new and innovative health care startups. Those 'founders' you talked to are the problem, not the solution: people who want to bitch about being required to do the right thing, pretend they're doing an 'Atlas Shrugged' by not putting in any effort, rather than innovate around doing the right thing.

[munk-a]

The regulations that you likely hit when investigating tele-medicine previously are likely more closely related to why nearly no site will let anyone create an account unless they check a box confirming that they're over 13 and COPPA[1] is a pretty intense set of rules that, IMO, are way waaay overkill.

That said, regulations might make it difficult for companies, but they're there because companies have abused data in the past at the expense of customers. So, I guess, it's too bad - regulations benefit me, they don't strangle businesses, they impede it - and it's an impediment that can be overcome if the business is useful enough to people.

1. https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Pr...

[FridgeSeal]

Necessity is the mother of invention.

If the only way your business can survive is carte-blanche regulations around privacy and security, and you fall over the instant that's threatened, one: maybe your business doesn't deserve to survive, and two: maybe you didn't build a very good business.

Niche online forums and all the examples you list there survived (and indeed thrived) in the days before rampant data collection, I have no doubt they'd evolve and survive once again.

[endgame]

It makes it harder to innovate in anti-social directions, and may catch some useful things in the crossfire. But on balance, slowing the rate of "innovation" for these companies that want you to shovel all data everywhere into their gaping maw? Not a problem for me.

[ibeckermayer]

This nonchalant attitude around "guilty until proven innocent" regulation is precisely how we wind up with America's alphabet soup of monopoly building bureaucracy.

The ethical way to preserve privacy is to change minds in a way that changes actions. Law is the threat of violent force, and should be wielded only with deep forethought about the underlying moral and practical realities.

[Legogris]

You can develop all of these services, just don't hoard data. With no centralized serverside database you have no liabilities. P2P is a solved problem.

Better implementations of that is exactly the kind of innovation we need now.

[aguyfromnb]

>more regulation will make it harder to innovate.

I'm seeing prominent VCs espousing this all over social media the past few weeks. Apparently there are even some advising Jared Kushner.

Don't let a good crisis go to waste.

[catalogia]

When it comes to surveillance capitalism, making it harder to innovate is the point. Innovation is not intrinsically good.

[StreamBright]

Sounds like a false dichotomy. Some regulation has some downsides, all regulations are bad. I think you can reform regulations enabling health care innovations and introduce legistlation to stop Facebook to do mass surveillance without opt-in.