[thiht]

You guys are unbelievable. Of course GDPR makes some things harder. It’s the whole point. GDPR is probably one of the biggest pro-freedom laws of the last years. Not big corp freedom for sure, but people freedom, and that’s GOOD. But Americans with their skewed vision of freedom just can’t see it I guess.

Honestly if GDPR pisses off Americans, it probably means it hit on the nail.

[pclmulqdq]

We just define freedom differently than you do. I honestly think your version is weird and totalitarian, exactly the way you think mine is.

Here's mine: "Freedom" is what you have in the absence of coercion. The freest state of being is being the last person alive on Earth. Freedom gives you nothing, because if freedom gave you something then someone else would have been coerced into giving it to you. Freedom also gives you the chance to do everything you need to do to survive and thrive.

In a society, we necessarily give up some freedom because my freedom to have stuff is threatened by your freedom to take it when I'm not looking (you would not have had that freedom in isolation). In more recent times, we have started to give up freedom in exchange for security, too, and everyone thinks that is worthwhile, although we disagree on how far you should go. The US military budget and all the government healthcare programs in the world are this kind of trade.

That's what GDPR is: it's a trade of freedom for the security of European sovereignty and European business (notice how I didn't mention privacy or user security). It's not about the "little guy" vs the "big corporations," the big corporations have plenty of money and lawyers they can use to comply. The people that all of these laws hit are the startups and small companies. This philosophy is why there are no European unicorns. Europe as a whole has given up the freedom to "start up" without compliance with a huge number of rules and regulations (or money to pay bribes). Uniquely, GDPR goes a step further and tries to impose this burden on everyone in the world, not just people and companies that have signed up for the European project.

In the European worldview, there seem to be a lot of "rights" exemplified by the UN human rights charter. These include things that nobody had 25 years ago, like "the right to high-speed internet." These "rights" and "freedoms" really aren't freedom: someone has to pay to provide them at the end of the day. For those of us across the pond, these are weird trades: you voluntarily pay incredibly high tax rates and huge administrative burdens for these supposed "rights," some of which look like luxuries to us, and feel as though they don't make you any less free.

[thiht]

> Uniquely, GDPR goes a step further and tries to impose this burden on everyone in the world, not just people and companies that have signed up for the European project.

This is precious! The US has imposed their views on the internet for the past 30 years. How is GDPR unique? The difference is once again that GDPR is favorable to EU citizens (because yeah, GDPR only applies to EU citizens) and your laws (Cloud Act, DMCA, and basically all your copyright laws that stole us our fair use rights and allow for tech behemoths to grow and exist) just favor big companies, and only them. Don’t confuse freedom and extreme liberalism.

> Europe as a whole has given up the freedom to "start up" without compliance with a huge number of rules and regulations

Yes. This is a good thing. The end doesn’t justify the means. We still have unicorns and well doing companies.

> notice how I didn't mention privacy or user security).

Well, your mistake.

[pclmulqdq]

In the case of the cudgel that is the GDPR, distinct from EVERY other data governance rule, there are two unique things:

1. It applies to everyone, with no thought of company residency or size.

2. It applies to all forms of "personal information" and "processing," defined ridiculously broadly.

This means that the following things are technically illegal by the text of the law:

* Storing the email address of an EU-based customer of your consulting shop on a private server not in the EU, and (God forbid) using it to send a sales email to that person.

* Storing the IP address of an abusive user of a SaaS website (in order to block them) if that user happens to be in the EU and your server is not.

Should these be illegal?

[hypertele-Xii]

Yes, of course they should be illegal. Why should US companies have the right to harvest our private information for profit and cause damage by mishandling it without oversight?

[pclmulqdq]

So sending a single email to a single EU customer from a non-EU server amounts to "harvesting your private information for profit" and merits a $20 million fine?

I have no problem with the GDPR that you wish you had, by the way. My problem is with the one that exists. It neither stops the wholesale harvesting of information nor actually benefits privacy.