[souvic]

I think, most of the companies do that. And they are actually clueless what they can do, what data can be taken without being litigated. A global consensus may be a great thing for startups not having to worry about data laws focusing more on building the product. Will be good for EU Economy too.

Global Consensus on these laws or a scanner app letting the startup owner know what you have unwillingly violated is highly wanted.

[interactivecode]

I've been working at EU startups and tech for a while now. There isn't much worry about data laws. All the data you need for the real product you can get without even getting close to breaking any privacy laws.

It only gets very complicated when you start forwarding that data to 3rd parties, intensively tracking + storing user behaviour and engineering patterns aimed at deceiving how you use the data.

If you're that worried about keeping up to date on these types of rules, you can subscribe to the EU data protection newsletter, which will be a fairly decent overview on what's going on: https://edps.europa.eu/press-publications/publications/newsl...

[PeterisP]

No, this is not happening because they are clueless on what they can do - this is happening because they believe they can get away with this (by seeing that most companies do that). There is a clear global consensus on whether they are permitted do that (no, they can't), but there's also something resembling consensus that they'll keep waltzing over the boundary while they still can as regulators take their time with enforcement.

You don't have to worry about data laws unless you're trying to walk that line - and you should not. If you act reasonably and don't even attempt to track people unless they explicitly ask you to (which is what opt-in informed consent means) then you don't need to bother with the nuances. Megacorps are hiring privacy lawyers primarily because they want the lawyers to answer "what can we add/change to somehow keep doing this prohibited thing" instead of just stopping it.

When I hear from "unwillingly violated", most of the time it somehow comes from an organization blatantly and willingly violating the principles; indiscriminately harvesting data and basing their business model on that. Even for a startup, getting a quick 30 minute consultation on data privacy isn't a big deal, and compliance is trivial if you're willing to abandon prohibited ideas - GDPR compliance is primarily tricky for those who want to see what is the maximum amount of evil that is still legally permitted.

[isodev]

It’s absurd how so many popular online services make it impossible to escape ad farms. I think the consensus is that data collection for the purpose of advertising or behavioural targeting is only possible after a very informed opt-in.