[yoden]

Weird article. After reading it I agree more with the points it's trying to refute.

You can't use the existence of a 1995 law to prove the GDPR doesn't have problems. The whole reason the GDPR got written was because the 1995 law was ineffective.

The GDPR adds new requirements on top of the 1995 law. Privacy advocates don't think these requirements help privacy much. Businesses claim that it makes it harder to do business (but they say that about any legislation). You can argue about who is right but neither side particularly likes the regulation.

The biggest group of people who do like the regulation seem to be EU citizens who want a reason to feel superior to Americans. It's unfortunate nationalism. We're all on the same side against the large corporations.

[AnthonyMouse]

> Businesses claim that it makes it harder to do business (but they say that about any legislation).

To be fair, it tends to be true of any legislation. Even if all you're doing is passing a law ordering them to do what they were already doing, now they've got to pay lawyers to tell them that and auditors on a recurring basis to make sure it continues to be true even if it would have regardless.

And then the cost of that gets passed on to customers and employees, because laws apply to everybody which means raising prices due to compliance costs isn't a competitive disadvantage when everybody does it. (Or they don't apply to everybody and give advantage to foreign competitors.)

The costs also disproportionately impact small businesses, because the compliance cost is a fixed amount whether you have a million dollars in revenue or a billion, so regulation is effectively the most regressive form of taxation. (Compare this to taxing Facebook and using the money to fund privacy-protecting open source technologies.)

[Silhouette]

+1 to all of this.

As someone who's been running small tech businesses in the UK for a while, I think it's also fair to say that the GDPR was unusually onerous even for government regulations. Over the past decade or more, only the VAT mess was comparable for anything coming out of the EU that I've been involved with. The similarities in those two cases are striking.

Each was meant to address a legitimate and well-established problem with how big businesses operate. Each also caused disproportionate expense and hassle for small businesses, even if those businesses weren't the intended targets and what they were doing was basically OK before.

Each had significant ambiguities that were either open to interpretation or missing key details, and so probably needed expert advice on compliance in many cases.

Each required businesses to change their record-keeping, documentation and processes for compliance, even if the substance afterwards was still much the same as before in each case.

Also, in each case enforcement seems unlikely for smaller businesses, so those who either didn't know about the new rules or wilfully ignored them gained an advantage over their competitors who were making a good faith effort to comply. I don't like good people being penalised just for trying to run their businesses legally and responsibly.

[Silhouette]

The biggest group of people who do like the regulation seem to be EU citizens who want a reason to feel superior to Americans. It's unfortunate nationalism.

I'm not sure nationalism has anything to do with it. To most of the world, life is not primarily a competition with the US, and the kind of "superiority" that some Americans value is not an aspiration but a warning.

I think it is more likely that many Europeans simply place a higher value on privacy than some of our friends from across the pond. This is a matter of culture and our culture is influenced by some painful lessons about what can happen if too much privacy is lost. For historical and geographical reasons, I suspect most people in the US and their near ancestors have never experienced the dangers that all of us over here have been taught about, sometimes from first-hand accounts.

[simion314]

>The biggest group of people who do like the regulation seem to be EU citizens who want a reason to feel superior to Americans. It's unfortunate nationalism. We're all on the same side against the large corporations.

But you have an even extreme law in US for health data, you protect your health data that is generated in the health care system but if you google some symptoms, buy online some health products, read/watch some health related pages you are fine to be analyzed and sold to advertising? There is the example with the supermarket that detected some girl is pregnant in "leaked" the data to her parents and that is fine for you = but if a doctor would have done the "leak" it would have been a serious issue.

GDPR is not as extreme as HIPAA it just makes all personal data "problematic" and you can't do whatever you want with the data in secret.

GDPR surfaced all the hidden shit to the surface, many wanted the shit to stay hidden, now people can see that not only websites sell my data to a third party, they are greedy you want to sell it to 100+ different third parties - it makes you stop and think if maybe you want to close this tab or use a private window.

[AnthonyMouse]

HIPAA is a facet of the general disease in the US healthcare system. The compliance cost is enormous but the industry doesn't object, it even benefits them, because it's all getting billed to insurance and the more everything costs the higher the base cost they get to multiply by their profit margin. Meanwhile the insurance is heavily subsidized by employers due to tax incentives, and the employees/citizens don't even realize how much it's costing them because there are so many layers of indirection.

[simion314]

From my perspective as an outsider I see the regular US citizens loving HIPAA, seems to me to be p[laced in the same category as guns and free speech (even more I never seen someone arguing that health data should be sold to the highest bidder and in secret) were for guns and free speech there are people that want more limitations.

[AnthonyMouse]

Of course, because they're seeing the benefit and not the cost. It's like asking people if they want free video hosting without mentioning that you're tracking everybody who uses it. People say yes.

[simion314]

So your point is that HIPAA is bad, your doctor should be able to sell your data? My point was that your browsing data is similar to health data, it could even contain health data so it should be a trail of who is collecting what and is sharing with whom and why. I won't believe the argument that implementing transparency for what you collect and sell is too expensive.

[AnthonyMouse]

My point is that HIPAA has absurdly high compliance costs. It's like buying an apple for a million dollars. The problem isn't that apples are bad, but we sure shouldn't buy any more for that price.