[milicat]

Getting consent for functionality is pretty easy. EU data regulations specifically allow you to set cookies in a scenario that this enables functionality that would otherwise not be possible to provide to a user. Like a classic session cookie, for example. What's affected negatively is the UX for tracking and spying on users – and so it should be. If this forces companies out of business who rely on that for their business model, good.

[jstummbillig]

As long as we are clear, that the businesses who can (and absolutely will) find the narrowest way around any legislation and continue to work in the slimmest legal margins are FANG and increasingly not your local businesses, cool.

Everything tech and privacy is pretty easy looking from the HN ivory tower. Meanwhile half the world runs WP installations that date back to 2016 and can't change a paragraph on their "about us" page without contacting "the web guy".

[ATsch]

This whole "won't someone think of the small businesses" shtick is so transparent. I don't want "my" local businesses tracking me any more than the non local ones. I don't want a fiercely competitive market of data leeches any more than five big ones. Big tech can and should still be felled once the bulk of the weeds are chopped.

[jstummbillig]

> I don't want "my" local businesses tracking me any more than the non local ones.

I get that. Seems we have a good news/bad news situation.

The good news is that 99% of local businesses do no systematic privacy invasive tracking of anything, because they have no fucking clue how to do it. Really. That might be hard to believe in a crowd that is fluent in SQL JOINS but in the real world people look at a Google Analytics accounts and learn... well, round about nothing.

It turns out that at small scale it's actually quite hard to invade peoples privacy in a way that you end up with positive ROI: You need enough data AND you need to be competent enough to analyze the data AND you need to be agile enough to act on your findings. You will be hard pressed to find local businesses that check even one of these boxes.

So most privacy "invasion" at this level happens because people are bad with complicated stuff and also at dealing with increasingly complicated regulations, and privacy regulations check both boxes (despite HN claiming otherwise, but alas, the ivory tower strikes again).

The bad news is that that is increasingly less relevant, because while the above is going on, the big businesses are exploiting any of the increasingly hard to catch openings and advancing their market position.

[ATsch]

There's a few aspects to this. The first is that Google Analytics is a great example, because while an individual company may not have the competency they may hire another one that does. And while previously some of these companies may have simply added analytics plugins to their site because there was no reason not to, being liable for that processing is a great deterrent.

The second aspect is that this idea of "small businesses" that you are portraying does not really reflec reality. In the anti-regulation lobbyist mythology, small business are all friendly mom and pop stores that are just trying their best. But for example Whatsapp, before it's sale to Facebook, had 55 Employees and half a billion active users. Many hedge funds count as small businesses, as do franchises. Even beyond that, there are plenty of 100-1000 employee businesses here that have more than enough data on hand to cause serious privacy violations.

The third is that violating people's privacy does not have to be for profit as it is in advertising. As the case of a local pharmacy using insurance data to send their customers Christmas cards reminds me, even the smallest business is very capable of violating privacy by treating customer data sloppily.

edit: Oh, also, we might see how big tech really feels when ad exchanges hopefully get declared illegal ;) (see https://www.iccl.ie/news/online-consent-pop-ups-used-by-goog...)

[slowmotiony]

Yeah, it's super easy, I don't know what OP has any issues with. All he has to do is finish law school and go through the laws and regulations of GDPR, there's only like a hundred of them plus references so it shouldn't take more than a few years maximum.

https://gdpr-info.eu/