| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by ahnick 238 days ago
	If you can't enforce the law, then it is a bad law. Also, this is a problem that naturally solves itself over time, so no law was ever needed. The UX of the web degraded for everyone after GDPR was passed and that I think everyone can agree on. If people care about privacy, then over time they will migrate to companies and services that respect their privacy. Government laws are broad based policies that always lack nuance. This is why it is better to let markets drive better outcomes organically.

4 comments

RHSeeger 237 days ago

> If you can't enforce the law, then it is a bad law.

Or, alternatively, you _could_ enforce the law but the resources to do so (people) are no longer available. This happens a lot in the US when the current admin doesn't feel it's important, so doesn't fund the enforcement agencies. And is particularly true more of codes/regulations (I get them confused) than of laws.

link

dns_snek 237 days ago

The government has outlawed murder but your local law enforcement isn't investigating the murders. You're blaming the lawmakers for writing "bad laws" in this situation, why?

First order of blame goes to the national DPAs for not carrying out their duties.

Second order of blame goes go to whichever EU authority is responsible for penalizing EU member states for non-compliance. There should be serious consequences for non-enforcement like frozen funding. (I don't know what the actual legal process is)

> If people care about privacy, then over time they will migrate to companies and services that respect their privacy.

This is just a libertarian fairy-tale that is designed to sound sensible and rational while being malicious in practice. It exploits information asymmetry, human ignorance, network effects, and our general inability to accurately assess long-term consequences, in order to funnel profits into the hands of the most unscrupulous businesses.

In other words, there's a reason why we have to have regulations that protect people from themselves (and protect well-being of society as a whole).

link

ahnick 237 days ago

> The government has outlawed murder but your local law enforcement isn't investigating the murders. You're blaming the lawmakers for writing "bad laws" in this situation, why?

Investigating murders is enforceable. If law enforcement isn't doing their job then that is a different problem. By virtue of being on the Internet, tracking cookies span many legal jurisdictions (even ones outside of the EU that never agreed to GDPR) and therefore run into all sorts of different legal obstacles. Apples and oranges and all that.

> This is just a libertarian fairy-tale that is designed to sound sensible and rational while being malicious in practice. It exploits information asymmetry, human ignorance, network effects, and our general inability to accurately assess long-term consequences, in order to funnel profits into the hands of the most unscrupulous businesses.

No, it allows people to be adults and vote with their feet. We do this all the time in many other areas and it works. (Exactly what the free market is based on) This is not to say that there shouldn't be any privacy and anti-spam laws, but when it comes to allowing marketing/advertising the trade-off has been well understood for some time. We are all funneling a lot of profits into companies that provide software to serve up the cookie banner warnings now and the advertisers still end up getting lots of people's data. A poorly designed law is a bad law. Legally requiring consent upfront and the ramifications of that decision should have been thought through much more thoroughly.

link

dns_snek 237 days ago

> If law enforcement isn't doing their job then that is a different problem.

Yes, that is precisely the problem with GDPR, too. Enforcement is supposed to be carried out by national Data Protection Authorities but they just don't investigate. I've reported some clear cut violations and they never followed up on anything.

Swedish one is even being taken to court for completely neglecting their duties: https://noyb.eu/en/noyb-takes-swedish-dpa-court-refusing-pro...

> By virtue of being on the Internet, tracking cookies span many legal jurisdictions (even ones outside of the EU that never agreed to GDPR) and therefore run into all sorts of different legal obstacles.

It doesn't matter. It's irrelevant to the general enforcement issue. Most DPAs seem to be failing to enforce even the simplest of cases. Let's chat about the edge cases and jurisdiction when the clear cut cases are being taken care of reliably.

link

ahnick 236 days ago

> Yes, that is precisely the problem with GDPR, too. Enforcement is supposed to be carried out by national Data Protection Authorities but they just don't investigate. I've reported some clear cut violations and they never followed up on anything.

No, it's not the problem with GDPR. As explained earlier it has to do with jurisdictional overreach.

> It doesn't matter. It's irrelevant to the general enforcement issue. Most DPAs seem to be failing to enforce even the simplest of cases. Let's chat about the edge cases and jurisdiction when the clear cut cases are being taken care of reliably.

Edge cases and jurisdiction are at the heart of this issue and exactly why it is a bad law. This is exactly the baggage that bad laws create!

link

Kbelicius 237 days ago

> If you can't enforce the law, then it is a bad law.

It isn't that this can't be enforced, it just lagged because of the size and changes that this law brought.

> Also, this is a problem that naturally solves itself over time, so no law was ever needed.

How does it solve itself?

> The UX of the web degraded for everyone after GDPR was passed and that I think everyone can agree on.

Due to website operators doing illegal things.

> If people care about privacy, then over time they will migrate to companies and services that respect their privacy.

Why would people care about something they don't know about?

link

ahnick 237 days ago

> It isn't that this can't be enforced, it just lagged because of the size and changes that this law brought.

How long have these laws been out and we are still dealing with these issues. They seem to have gotten worse, not better.

> How does it solve itself?

People build services that don't track others and people pay for those services. It's pretty simple.

> Due to website operators doing illegal things.

If it was so illegal it would be stopped, but apparently businesses are indeed complying with the law.

> Why would people care about something they don't know about?

It's well known that cookies track you across sites and some people choose not to use those sites. The sites are required to disclose this information, so users are definitely aware.

link

Kbelicius 237 days ago

> How long have these laws been out and we are still dealing with these issues. They seem to have gotten worse, not better.

No, they have gotten better. Earlier reject all was barely seen on the internet. Now it is on the majority of places or at least in much more places. How is that getting worse? Can you please explain how it has gotten worse or why you think it has gotten worse?

> People build services that don't track others and people pay for those services. It's pretty simple.

How would an average individual know that a service is tracking them if the service doesn't need their consent for it?

> If it was so illegal it would be stopped, but apparently businesses are indeed complying with the law.

GDPR art. 7.3:

"The data subject shall have the right to withdraw his or her consent at any time. 2The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 3Prior to giving consent, the data subject shall be informed thereof. 4It shall be as easy to withdraw as to give consent."

So the law states that it must be as easy to reject cookies as to accept. That means that it is illegal to hide reject all.

In the parent post of this thread there is even a link about a court case:

https://www.techspot.com/news/108043-german-court-takes-stan...

So has your opinion with this information changed on who is to blame for the bad UX? If not, why not?

> It's well known that cookies track you across sites and some people choose not to use those sites. The sites are required to disclose this information, so users are definitely aware.

Maybe now, because of GDPR forcing site operators for asking consent to being tracked. But you said that it would happen organically without GDPR. I'm confused, even you, in the last sentence say that sites are required to disclose information but that is because of GDPR. It isn't the market somehow reaching that point organically. So which is it because you seem to agree that GDPR is needed but at the same time you are saying that it isn't needed and the market would sort it out. I'm really confused now.

link

ahnick 236 days ago

There were laws requiring disclosure before GDPR and there were already tools to disable or prevent trackers built into browsers or adding on with plugins. (organic market developments) You also had alternatives to services that used the lack of tracking as a reason to choose a particular service offering over another. GDPR ended up just making these disclosures more in your face. Text like "It shall be as easy to withdraw as to give consent" is so vague as to be useless, which is why there are so many disagreeing opinions are whether companies with their current implementations are complying or not. GDPR is a bad law and in general the EU hasn't learned it doesn't get to enforce its laws in countries outside of its jurisdiction.

link

drcongo 237 days ago

Cookie banners are not GDPR.

link