[dmitriid]

> GDPR is ugly. The only thing it allows you to do before you get confirmation to process PII is to show static page requesting for permissions. That's basically it. You can't do any "cloudy" stuff prior.

No, GDPR is not ugly. Yes, you can do "cloudy stuff".

The bullshit narratives around GDPR need to stop, however people driving the narrative are extremely incentivized to siphon and sell all the data they can get your data, so the narrative is always bullshit.

[throwaway13337]

You're just incorrect here.

Part of the GDPR does good things against bad actors like ad/tracking companies. But most of these companies are so big that it just works as a moat to keep out small competitors in that space.

The more widely-affecting thing that the GDPR is doing is to make it impossible to legitimately run a business like the one that the article is talking about. An online shop that uses shopify which uses a CDN. A small online shop using a CDN is who is actually hurt with GDPR.

[tpxl]

> But most of these companies are so big that it just works as a moat to keep out small competitors in that space.

Google is among the biggest and Google Analytics is getting absolutely shredded in the EU. How's that moat coming along?

[dmitriid]

> You're just incorrect here.

I was expecting you to show where I'm incorrect.

And yet, it's the same emotionally-charged "omg moat, large companies, impossible to run a business".

Which doesn't disprove what I say, but further supports my case: the bullshit narrative around GDPR persists even if it has literally no basis in reality.

> A small online shop using a CDN is who is actually hurt with GDPR.

Most CDNs have GDPR-compliant services in the EU. Those listed in the article literally have separate pages specifically addressing compliance with GDPR.

There are banks in the EU handling sensitive customer data which use the very same CDNs and services under significantly stricter laws than GDPR.

But sure. Tell me how it's impossible to legitimately run a small business that operates under significantly fewer obligations, and retains significantly less customer data.

[throwaway13337]

Oddly this argument feels familiar - like we've sparred in the past over GDPR on another hacker news article.

I won't continue this as it seems like it's more a flame war where no side can convince the other.

I'll say this, though: please imagine who I am who feels so passionately about this. Likely, I am a small business that has been affected personally by the GDPR though I am not in advertising or tracking. Maybe I'm just a small business owner trying to navigate the uncertain waters created by these rules. That's what brings out the passion.

I imagine you are someone who is passionate about privacy and against adtech. As am I. We're probably ideologically similar. So please try to square why someone who is ideologically similar has such a strange idea. It might be that I am misinformed but it might be that you don't have the same experience as me.

[tpxl]

> Likely, I am a small business that has been affected personally by the GDPR though I am not in advertising or tracking. Maybe I'm just a small business owner trying to navigate the uncertain waters created by these rules.

Hey, I was a small business owner and the GDPR was a complete non-issue. The website was hosted by a small service provider in my country. No CDN required (static files, not that much traffic).

If you're a small business owner you're either not affected by GDPR, or you're doing something shady.

[thirdsun]

> No CDN required (static files, not that much traffic).

Shops with actual traffic might need a CDN.

> If you're a small business owner you're either not affected by GDPR, or you're doing something shady.

Well, apparently I can't use Shopify despite having no interest in tracking, ads or any kind of analytics.

[dmitriid]

> Oddly this argument feels familiar - like we've sparred in the past over GDPR on another hacker news article.

It's possible. Because every GDPR discussion is this: emotionally charged "gdpr is the devil" sold to gullible devs by advertisement industry vs. attempt to disprove at least the obvious lies.

> please imagine who I am who feels so passionately about this.

The less we imagine and the more we deal with facts, the better we, and the world we build, will be.

So let's reiterate facts vs imagination in my original reply:

- "GDPR is ugly."

It's an emotionally charged subjective statement. However, GDPR is no uglyt. As far as laws surrounding complex topics go, it's absolutely definitely emphatically not ugly.

- "The only thing it allows you to do before you get confirmation to process PII is to show static page requesting for permissions. That's basically it. You can't do any "cloudy" stuff prior."

This is 100% unadulterated lie.

The problem though, people keep mixing emotionally charged statements with lies and half-truths, and you get "GDPR is the devil" in the majority of HN comments.

[mattmcknight]

> Tell me how it's impossible to legitimately run a small business that operates under significantly fewer obligations

You make a strawman here, as that was not what was claimed is impossible. Tell us how it is possible to use Shopify to run a small shop in Germany.

[dmitriid]

> You make a strawman here, as that was not what was claimed is impossible. Tell us how it is possible to use Shopify

See this comment on who is responsible for user data and how it's relevant when chosing third parties for your business https://news.ycombinator.com/item?id=33566437

[tpxl]

> Most CDNs have GDPR-compliant services in the EU.

How can a US company have a GDPR compliant service in the EU? The US government can force them to give up any data they own, which isn't compliant.

[dmitriid]

When there's a will, there's a way.

Also, https://news.ycombinator.com/item?id=33566243

[tpxl]

I'm sorry, I don't understand your point.

[scarface74]

It’s a 99 section 11 chapter monstrosity. It is ugly.

[dmitriid]

It's a law that deals with privacy of data both online and offline. As a result it's only 11 chapters written in a surprisingly simple language.

As laws go, it's fine.

[scarface74]

Yet the author of the submission had a hard time deciphering how to follow it…

[dmitriid]

The author of the submission? Or the person claiming it's ugly?

"Human activity is a complex thing and no law can describe it with 100% accuracy, news at 11".

I doubt anyone arguing against GDPR read it. Or read recitals. Or read even high-level descriptions of the law, say, at gdpr.eu. Or read any laws in general, to compare.

[scarface74]

We can all see the results of it. It made the web experience worse for everyone and it’s so complicated it solidified the power of the few companies that either can comply with it or afford to ignore it and deal with the slap on the wrist.

Thought experiment: why didn’t any major ad tech company announce any harmful affects of the 99 section GDPR. But they did announce billions in revenues shortfall (ie Meta) when Apple made tracking opt in by one three line dialog box?

[dmitriid]

> We can all see the results of it. It made the web experience worse for everyone

This bullshit again. It wasn't the GDPT that made the web worse. This is is entirely on the companies who took a look at GDPR and said: no, we're going to ignore it, continue siphoning user data, and trick users into "consent" through dark patterns (actually illegal under GDPR).

> Thought experiment: why didn’t any major ad tech company announce any harmful affects of the 99 section GDPR. But they did announce billions in revenues shortfall (ie Meta) when Apple made tracking opt in by one three line dialog box?

Funny how you don't conduct a thought experiment on why cookie pop-ups exist and what GDPR has to say about this.