[ctrlaltdylan]

Serious question, in an interconnected online marketplace how are you supposed to comply with these granular state and sometimes municipal laws.

Is there some kind of monitoring database or notification that you can subscribe to?

It seems very expensive for every single business to have a compliance lawyer specifically for this task of complying with each state's mandates to a tee.

[dogleash]

> Serious question, in an interconnected online marketplace how are you supposed to comply with these granular state and sometimes municipal laws.

Identifying standards/laws and then combing through them for applicable requirements is just part of early product design.

When there are an overwhelming number of jurisdictions, start with the local ones in depth. Do a survey on the rest to get a flavor for what other areas are doing. Shape the product so that compliance is most likely already done or easily actionable when you get around to deep diving the other jurisdiction's rules.

I get that software-only products often don't have to do this, but it's not like it's a dark art. And while having a lawyer in the loop is important, you're rarely asking them to read the standard/regulation to you. They help you understand and digest when needed, and make sure you're doing it right.

Now, the topic at hand here is privacy which is a bit different. Finding a design that respects privacy and is probably fine nationwide is much less complex than morphing the product by jurisdiction to match the local minimum viable compliance.

[ryandrake]

I've argued in the past here on HN that your first employee should probably be an attorney--or at the very least have one on retainer, and got absolutely roasted for it. I still believe it though. How do you even know if your software product is legal everywhere you plan to distribute it? Are there any states that forbid what you are doing? Are all your dependency licenses really compatible? Are your logging practices legal in the EU? A single lawyer is not going to be a deep expert in Polish law, but he or she will be able to at least give general advice to keep the product from being dead on day one.

We laugh-complain about "ha ha the lawyers are designing our products now" but it kind of has to be the case in the complex legal environment businesses operate in.

[brianwawok]

Imagine 1000 competing companies in the same space.

500 have a team that looks like 3x developer, a design person, and a sales person.

500 have a team that is like 1x developer and a Lawyer

Which one wins? Which hits market first? Which is more successful?

An early company has to spend money on the core product. If you get wacked by a lawsuit and shut down in year 2, it's a cost of doing business and you go do something else.

There isn't enough time in the day or money for an early startup to get every single law perfect.

So to answer the OP: You just do your best, and correct when you screw up.

[gamblor956]

Developers these days get paid 2-3x as much as lawyers (until the later stages of a lawyer's career), so your 2-man startups appear to be starting with significantly less funding.

If you mean the choice is between a team of 3x developers and 1x lawyer vs 3x developers a designer and a salesperson, the former will win. Design matters very little at the earliest stages, and there's nothing for the salesperson to sell so they are most likely going to make promises to potential customers the developer's can't meet. And if they get any traction, CA or the EU will crack down on them for any privacy violations, which will kill the startup. Meanwhile, the former will chug along until they have a viable product that satisfies regulatory constraints, and acquihire the latter.

The days of regulatory arbitrage as a viable business model are over. There will be no more Ubers and AirBnBs. Governments have caught up to that scam and are significantly more willing to crack down on that now.

[brianwawok]

> Developers these days get paid 2-3x as much as lawyer

hhahahahahha

Not all of us live in the bay ;)

Also my bay layer was $450 an hour, have never met a developer that cost me that.

> The days of regulatory arbitrage as a viable business model are over. There will be no more Ubers and AirBnBs. Governments have caught up to that scam and are significantly more willing to crack down on that now.

that is pretty good too. Keep up the comments, this is a riot.

[lesuorac]

Sure and the teams that just blindly download packages from NPM will be the fastest to market.

They'll just also have massive supply-chain vulnerabilities :/

Unfortunately, being in business with a risk of going out of business is a better spot to be in than already being out of business.

[digging]

This seems very obvious to me, so I find it weird people disagreed. But maybe that's correlated with the number of businesses I've started, which is 0.

[brianwawok]

Create a budget for a new startup. How much do you spend on each function?

It's not super hard to figure out why most startups don't have a lawyer.

[digging]

> Create a budget for a new startup. How much do you spend on each function?

I have almost literally no idea; running a business is totally outside my interests.

[brianwawok]

K. The answer is you don't dump it all in legal if you can help it.

[matthewmcg]

I work as a lawyer for a business that has lots of lawyers. Compliance with differing state laws is indeed very expensive. I would personally like to see a federal privacy statute that preempted these various and sometimes inconsistent state and local privacy laws.

[mikece]

> I would personally like to see a federal privacy statute that preempted these various and sometimes inconsistent state and local privacy laws.

It would have to be under the auspices of Interstate Commerce (to be legal under enumerated powers) but even then can Congress override State and local law?

[cguess]

Federal law is supreme, so yes, Congress can overrule any state or local law, and does so automatically if they have laws that disagree.

[ben_w]

That's basically my reason for wanting all laws to be simplified to the point that an average person can remember at least half of them[0] in aggregate — if people don't know their rights or responsibilities without having to pay a lawyer, that feels unjust by my standards.

That said, there's no rule of nature that says running a business has to be cheap; it may not be optimal if all the laws in each marketplace are different, but I feel much less strongly about it — and not just because higher levels of government can unify and simplify when things get too much, nor just because I'm in Europe and one side of the border is all Rindfleischetikettierungsueberwachungsaufgabenuebertragungsgesetz and the other is Ustawa o przeniesieniu zadań z zakresu nadzoru nad etykietowaniem wołowiny because it's not just the law that isn't unified.

[0] of those laws that apply in general, at least; there's no need for normal people to know details of the accounting laws that apply to businesses unless the society really does want everyone to be a small business owner

[digging]

> It seems very expensive for every single business to have a compliance lawyer specifically for this task of complying with each state's mandates to a tee.

It is. I've worked in healthcare, and it's not uncommon to have very specific requirements. However, there's no obligation to geolocate your customer beyond a simple request for their zip code, so it doesn't get too difficult from an engineering standpoint.

[kanobi]

I think in practice, what ends up happening, is that small businesses don't really bother to comply while they fly under the radar. Or they just end up buying an e-commerce plugin that handles the minimum. We had one for GDPR and then they just added support for CCPA when that was a thing.

[brianwawok]

Right. The big guys with assets like Facebook and Google spend millions to comply.

The small guys duck under the radar.

It's kind of silly, but what happens when you have tons of laws. There is no realistic way a business of 1-10 people is going to be able to comply with every law in every state AND country they do business in.