[raxxorraxor]

The EU tries really hard to kill any innovation in Europe at the source.

But this is even worse than that. It would allow for dubious security resellers to define adequate protections. That would basically be their own products.

Everyone in IT knows that there are borderline dubious products that heavily border scam. Not every security solution of course, but there is a lot of bad sheep that present as much a danger to security as direct attacks.

If you want to protect user data, don't collect it. Best security you can achieve.

Perhaps I am overanalyzing and this just tries to introduce formal processes to deal with security concerns. But it doesn't look like it. It seems you need a third party to certify your products for once and I believe this is lobbying for questionable security products and lawyers in one go.

[denton-scratch]

> The EU tries really hard to kill any innovation

This trope is getting tedious.

The EU tries to regulate the Wild West that the internet opened up. That's not at all the same as "killing innovation". It's reasonable and realistic to try to regulate. I'm fearful of attempts to regulate the internet, because there are strong forces that want to load the regulations with provisions that would be a dictator's wet dream. But to my mind, unregulated everything is a nightmare.

[Silhouette]

Regulation is sometimes necessary to ensure businesses operate in useful ways for the societies they serve. But a specific regulation is only helpful if it constrains undesirable behaviours without causing disproportionate amounts of collateral damage.

Unfortunately governments in general and the EU in particular have a poor track record of making helpful regulations for businesses operating in STEM fields. Not many politicians have a STEM background themselves and not many have much experience of smaller businesses or grass roots volunteer work beyond a quick photo op. A field like software where a single individual can make a disproportionate contribution and where a lot of the FOSS we depend on every day was written at least partially by volunteers is probably quite alien to them.

Until the politicians are better educated the overall state of regulation will continue to be poor. Unfortunately until the small businesses and the FOSS world can speak at the same volume as corporate lobbyists and PR firms with multimillion budgets the politicians will probably continue to be poorly informed. In most places we have nothing like that level of coordination among the smaller players yet.

[denton-scratch]

> A field like software where a single individual can make a disproportionate contribution and where a lot of the FOSS we depend on every day was written at least partially by volunteers is probably quite alien to them.

Oh my! An awful lot of contributors to FOSS are europeans.

[redeeman]

but not eurocrats sitting in brussels thinking about how to regulate cucumbers and vacuum cleaning speeds

[troupo]

Literally every country does that. The US, for example outlaws Kinder Surprise.

Why are people so hung up on the EU?

[redeeman]

because this is a thread about EU policies?

[raxxorraxor]

What does Wild West even mean here? You cannot consolidate software security that would fit any definition of "not being Wild West".

It could easily close most security issues by regulating data collection. That would seriously reduce the damage of possible data leaks. Any encrypted content is only safe for a limited amount of time. This hasn't changed for ages.

[throwaway313313]

Just a like the saying "Fish don't know they're in water", people within different groups have cultural assumptions, in this case: The idea of "Permissionless innovation" vs what I like to call the idea of "Permissionful innovation'.

In the permission less school of thought, you don't need permission to use an existing API or data to do whatever you want as long as it isn't abusing the service or illegal.

In a permission full school of thought, you should always ask permission, from the authorities and whoever might have a vested interesting what you are doing.

It seems that in Europe it is far more common that many (most?) people expect you to get permission before you go off writing your random programs and putting them live on the Internet.

Where as in some other countries, people view pushing half baked ideas live as virtuous and artists manifest destiny and/or a existentially important economic function of startups.

When people from different cultures interact and they have completely different unspoken assumptions it can result in misunderstandings. In my case, the correct thing to do was apologize for the misunderstanding (definitely not arguing, you would never convince them to change their core cultural values!), and then not use the specific service or company involved (that had intractable permission issues due to any member being able to deny permission), and just work with other services that had no built in conflicts with the fundamental purpose of their service. (Organization names and the services involved redacted for courtesy.)

[troupo]

> It seems that in Europe it is far more common that many (most?) people expect you to get permission before you go off writing your random programs

No. In Europe it literally is what you pretend to be permissionless: "you don't need permission to use an existing API or data to do whatever you want as long as it isn't abusing the service or illegal."

Whereas permissionless is really just doing whatever, consequences be damned

[Aerroon]

>The EU tries to regulate the Wild West that the internet opened up. That's not at all the same as "killing innovation".

The results say otherwise. One way or another Europe killed off its tech companies and it's now entirely reliant on foreign companies for almost all IT services.

It's not a trope because they've already succeeded. You can't look at the EU where almost every IT service they use is made by a foreign company and say call it flourishing.

>But to my mind, unregulated everything is a nightmare.

Everything, like making food for your kids? Breathing air?

[surgical_fire]

> Everything, like making food for your kids? Breathing air?

Absolutely.

Unregulated food means that corporations can sell toxic food that will make my kids ill, if it is profitable.

Unregulated air quality means that corporations can indiscriminately pollute air, externalizing costs and making air unbreathable.

[fvdessen]

What 'killed' the tech market in Europe is having 27 countries with different languages and laws. It is extremely difficult to scale a software company in that environment. The regulations unify the market and is the only way out. Note that the tech market in Europe is far from dead, it's one of the best ones after the US. The other successful one being China, who isn't exactly a deregulated libertarian paradise either.

[nickpp]

Are you aware of any innovation or successful startups that came out of the EU in the last 5 years? How can you regulate a field you have no players in?

[haizhung]

Define successful startups. As far as I know, there have been quite a few, but they are usually just bought out by the giant MANGA corporations.

I think what is true is that it is harder to get VC backed capital here, and hence a lot of “winner takes all” markets are won in the US. But that doesn’t mean that there is no striving startup scene in Europe, they just have different goals or measures of success than “grow a lot”.

Regulating that might even help European companies :-)

[nickpp]

By successful I mean profitable privately held, IPOed or acquired.

Growth is a must - large companies are market makers and a continent without them will become dependent on the ones that have them.

Bought out is also fine - that how you get investment capital.

Regulation only helps incumbent companies though, which is exactly the problem in EU.

[denton-scratch]

Well, you've just defined "successful" to mean rapidly growing, and by implication unconstrained by regulations.

European telecom companies are large tech companies, heavily regulated and successful. Yes, they are incumbents now. But they weren't always; at least not all of them.

[troupo]

Somehow your definition of success doesn't have the actual definition of success: sustainable profitable business.

It's easy to see why: all the startups loudly hailed as successful are running into billions of dollars of debt every year, but keep being propped up by unlimited investor money. In any other industry this would be a failure.

[nickpp]

If they are not sustainable they will go bankrupt. Are you saying all those investors are dumb and just burning money for the fun of it?! That's... interesting. More gain for us consumers then - subsidized goods and services!

[matymador]

just one city in EU in 2021: https://cult.honeypot.io/reads/top-10-berlin-startups-of-202...

[fvdessen]

Itsme is one of the best apps I use on a daily basis, I understand it is starting to expand internationally, I suspect it will be extremely successful. Another good innovation is PEPPOL.

[the-dude]

What have other continents offered in the same last 5 years?

[nickpp]

Just from what I am using personally Figma and ChatGPT come to mind. The whole AI wave has nothing this side of the pond. Now the success of these AI tools is not yet guaranteed, so maybe I am wrong.

[TrickyRick]

Figma Initial release date: September 27, 2016

Sorry, disqualified according to your own arbitrary rules.

And regarding AI startups there's about a bazillion of them in EU, just as in the US. Sure, ChatGPT was invented by a US company but you can't really claim that there's "nothing" in the EU. Just because you haven't heard of it doesn't mean it doesn't exist.

[nickpp]

Yeah, well, I don't have any statistics here, it's just what I notice in my everyday life: many more startups and services coming from USA and almost none from EU. UIPath is the only one I know of, I think.

But I am happy to be proved wrong, thats why I asked in the first place.

[victorbjorklund]

ChatGTP isnt a company. It is a product of OpenAI that was founded 7 years ago (so not in last 5 years). Figma is also older than 5 years.

[the-dude]

This is a little thin.

[wkat4242]

Unregulated everything does lead to 'enshittification' yes. Because when there is no legal framework the only guideline is profit, nothing else.

Some stuff the EU does is really good, like the GDPR, the right to be forgotten, the right to repair (smartphones with replaceable batteries and standard USB connectors). I don't even think it kills innovation. It just makes sure it is aligned with society.

But at the same time they do things like this....

[nickpp]

GDPR: clicking cookie banners till the end of time while any ad-supported startup this side of the pond died or jumped ship to the US.

Right to be forgotten: a blessing for corrupt EU politicians who can finally scrub their record clean after buying out newspapers. Since they couldn’t buy the tech gigants…

USB-C: the largest cable throwaway to avoid… throwing cables away.

Replaceable batteries: something I never needed or wanted but hey, the wise Brussels regulators must know better what is good for me.

[janosdebugs]

I made use of the right to be forgotten extensively, thank you. Before that most accounts were undeletable.

[nickpp]

I am happy for you. Now, what do you think, was the ability for you to delete accounts worth the fact that the mayor of my town keeps winning elections in spite countless corruption charges and scandals - all conveniently wiped off the internet?

Regulations are usually well intended but second order effects are rarely thought out at all.

[cccbbbaaa]

The right to be removed from search results is not systematic, there is a balance to attain between privacy and public interest. Corruption charges from politicians will be hard to scrub, for instance. See:

GDPR, article 17(3)a: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...

> 3. [Right to erasure] shall not apply to the extent that processing is necessary:

> (a) for exercising the right of freedom of expression and information;

More precise information from WP29. See the criteria list, beginning in page 13: https://ec.europa.eu/justice/article-29/documentation/opinio... This was from the DPD era, but still applies to GDPR.

How Google handles removal requests: https://support.google.com/legal/answer/10769224?hl=en&sjid=...

[janosd]

Corrupt politicians win elections in non-GDPR countries a whole lot too, unfortunately. I'm no political scientist, but I think it has a lot to do with people being unwilling to learn about and engage with the political system, among others. I live in Austria and when it comes to more complicated topics soch as politics, or IT for example, people are outright proud to claim ignorance. Most people actually don't know that they can and should write their EU MEPs. I have, and I have gotten into very fruitful conversations with them. However, instead of asking our kids to know institution names by heart, maybe asking them to engage with the system would be a good start.

Also, if I were into social studies, I'd look at social media and how they drive outrage, and a good way to show kids how such an influence operation works so they don't fall for it. My wife and I have been a little active in this area, but way too little to make any meaningful difference, unfortunately.

[troupo]

> GDPR: clicking cookie banners till the end of time

Please tell me where exactly GDPR requires this cookie banners. A direct quote is preferred.

Hint: those cookie banners are put their by the unregulated industry you're so willing to defend. Because they truly believe they have the god-given right to your data.

[nickpp]

Ever heard of second order effects? Dumb laws have consequences. I live in EU and browsing the web in EU has significantly degraded since GDPR compared to the US.

I can see a cause and effect, I don't need to invent conspiracies and accuse the industry that provides me goods and services I actually want.

[troupo]

> Ever heard of second order effects? Dumb laws have consequences.

What exactly is dumb about "you can't collect user data wholesale, but if you want to do it, you have to ask the user for consent"?

Why are so willing to blame the law for something that the industry is doing, and you're giving the industry the carte blanche to do whatever they please

> I don't need to invent conspiracies and accuse the industry that provides me goods and services I actually want.

There's no conspiracy. The conspiracy is literally what you're saying: that the law makes the good benevolent industry put up these cookie banners riddled with dark patterns that list hundreds of data brokers. Instead of, you know, literally following the law.