[throwaway13337]

You're just incorrect here.

Part of the GDPR does good things against bad actors like ad/tracking companies. But most of these companies are so big that it just works as a moat to keep out small competitors in that space.

The more widely-affecting thing that the GDPR is doing is to make it impossible to legitimately run a business like the one that the article is talking about. An online shop that uses shopify which uses a CDN. A small online shop using a CDN is who is actually hurt with GDPR.

[tpxl]

> But most of these companies are so big that it just works as a moat to keep out small competitors in that space.

Google is among the biggest and Google Analytics is getting absolutely shredded in the EU. How's that moat coming along?

[dmitriid]

> You're just incorrect here.

I was expecting you to show where I'm incorrect.

And yet, it's the same emotionally-charged "omg moat, large companies, impossible to run a business".

Which doesn't disprove what I say, but further supports my case: the bullshit narrative around GDPR persists even if it has literally no basis in reality.

> A small online shop using a CDN is who is actually hurt with GDPR.

Most CDNs have GDPR-compliant services in the EU. Those listed in the article literally have separate pages specifically addressing compliance with GDPR.

There are banks in the EU handling sensitive customer data which use the very same CDNs and services under significantly stricter laws than GDPR.

But sure. Tell me how it's impossible to legitimately run a small business that operates under significantly fewer obligations, and retains significantly less customer data.

[throwaway13337]

Oddly this argument feels familiar - like we've sparred in the past over GDPR on another hacker news article.

I won't continue this as it seems like it's more a flame war where no side can convince the other.

I'll say this, though: please imagine who I am who feels so passionately about this. Likely, I am a small business that has been affected personally by the GDPR though I am not in advertising or tracking. Maybe I'm just a small business owner trying to navigate the uncertain waters created by these rules. That's what brings out the passion.

I imagine you are someone who is passionate about privacy and against adtech. As am I. We're probably ideologically similar. So please try to square why someone who is ideologically similar has such a strange idea. It might be that I am misinformed but it might be that you don't have the same experience as me.

[tpxl]

> Likely, I am a small business that has been affected personally by the GDPR though I am not in advertising or tracking. Maybe I'm just a small business owner trying to navigate the uncertain waters created by these rules.

Hey, I was a small business owner and the GDPR was a complete non-issue. The website was hosted by a small service provider in my country. No CDN required (static files, not that much traffic).

If you're a small business owner you're either not affected by GDPR, or you're doing something shady.

[thirdsun]

> No CDN required (static files, not that much traffic).

Shops with actual traffic might need a CDN.

> If you're a small business owner you're either not affected by GDPR, or you're doing something shady.

Well, apparently I can't use Shopify despite having no interest in tracking, ads or any kind of analytics.

[dmitriid]

> Oddly this argument feels familiar - like we've sparred in the past over GDPR on another hacker news article.

It's possible. Because every GDPR discussion is this: emotionally charged "gdpr is the devil" sold to gullible devs by advertisement industry vs. attempt to disprove at least the obvious lies.

> please imagine who I am who feels so passionately about this.

The less we imagine and the more we deal with facts, the better we, and the world we build, will be.

So let's reiterate facts vs imagination in my original reply:

- "GDPR is ugly."

It's an emotionally charged subjective statement. However, GDPR is no uglyt. As far as laws surrounding complex topics go, it's absolutely definitely emphatically not ugly.

- "The only thing it allows you to do before you get confirmation to process PII is to show static page requesting for permissions. That's basically it. You can't do any "cloudy" stuff prior."

This is 100% unadulterated lie.

The problem though, people keep mixing emotionally charged statements with lies and half-truths, and you get "GDPR is the devil" in the majority of HN comments.

[mattmcknight]

> Tell me how it's impossible to legitimately run a small business that operates under significantly fewer obligations

You make a strawman here, as that was not what was claimed is impossible. Tell us how it is possible to use Shopify to run a small shop in Germany.

[dmitriid]

> You make a strawman here, as that was not what was claimed is impossible. Tell us how it is possible to use Shopify

See this comment on who is responsible for user data and how it's relevant when chosing third parties for your business https://news.ycombinator.com/item?id=33566437

[tpxl]

> Most CDNs have GDPR-compliant services in the EU.

How can a US company have a GDPR compliant service in the EU? The US government can force them to give up any data they own, which isn't compliant.

[dmitriid]

When there's a will, there's a way.

Also, https://news.ycombinator.com/item?id=33566243

[tpxl]

I'm sorry, I don't understand your point.