[jstummbillig]

> I don't want "my" local businesses tracking me any more than the non local ones.

I get that. Seems we have a good news/bad news situation.

The good news is that 99% of local businesses do no systematic privacy invasive tracking of anything, because they have no fucking clue how to do it. Really. That might be hard to believe in a crowd that is fluent in SQL JOINS but in the real world people look at a Google Analytics accounts and learn... well, round about nothing.

It turns out that at small scale it's actually quite hard to invade peoples privacy in a way that you end up with positive ROI: You need enough data AND you need to be competent enough to analyze the data AND you need to be agile enough to act on your findings. You will be hard pressed to find local businesses that check even one of these boxes.

So most privacy "invasion" at this level happens because people are bad with complicated stuff and also at dealing with increasingly complicated regulations, and privacy regulations check both boxes (despite HN claiming otherwise, but alas, the ivory tower strikes again).

The bad news is that that is increasingly less relevant, because while the above is going on, the big businesses are exploiting any of the increasingly hard to catch openings and advancing their market position.

[ATsch]

There's a few aspects to this. The first is that Google Analytics is a great example, because while an individual company may not have the competency they may hire another one that does. And while previously some of these companies may have simply added analytics plugins to their site because there was no reason not to, being liable for that processing is a great deterrent.

The second aspect is that this idea of "small businesses" that you are portraying does not really reflec reality. In the anti-regulation lobbyist mythology, small business are all friendly mom and pop stores that are just trying their best. But for example Whatsapp, before it's sale to Facebook, had 55 Employees and half a billion active users. Many hedge funds count as small businesses, as do franchises. Even beyond that, there are plenty of 100-1000 employee businesses here that have more than enough data on hand to cause serious privacy violations.

The third is that violating people's privacy does not have to be for profit as it is in advertising. As the case of a local pharmacy using insurance data to send their customers Christmas cards reminds me, even the smallest business is very capable of violating privacy by treating customer data sloppily.

edit: Oh, also, we might see how big tech really feels when ad exchanges hopefully get declared illegal ;) (see https://www.iccl.ie/news/online-consent-pop-ups-used-by-goog...)