[vrganj]

> But Americans expect law to in general work more like a list of checkboxes

To me as a European, this is a very low-trust view of lawmaking that assumes a hostile relationship between a government and its people.

The European approach is a bit more of a living conversation.

In the implementation period there's workshops where you figure out how to best comply in a way that makes sense for your business. There's a lot of flexibility there since you're just aiming for the spirit of the law, not some formal definition that might not make sense in your case.

If you're found out of compliance theres a bit of a back and forth and if you put in a good-faith effort to fix things, nobody has any issues.

The advantage of this approach is that the government doesn't tell you how to run your business and things stay agile as new use cases and business models come up.

It works out pretty well in general, and allows for a more cooperative approach to reaching policy goals.

Problems usually only arise when American companies try their bad-faith technicalities and find that doesn't fly here, like when Facebook changed their ToS to try to argue that using their services itself constitutes consent under the GDPR and predictably got dinged for it.

[SpicyLemonZest]

I don't want to sound like I'm criticizing any of that. It sounds like a reasonable approach and if European citizens like it more power to you.

To me as an American, this is a very high-touch view of lawmaking that sounds like a big problem for companies trying to do new stuff or challenge incumbents. If the meaning of the law is adjusted to fit each individual business case, doesn't that mean the regulator might not let me have all the same adjustments my competitors got? I wouldn't call this a question of hostility as such; even a kind and friendly regulator might think that some of those adjustments depend on doing business as normal, and thus they don't apply to the new abnormal things I'm doing. (Of course, I'm making the stereotypically American assumption that running around disrupting normal business practices is a valuable thing to do.)

[vrganj]

First of all, I wanted to thank you for the constructive and interesting exchange of views - I find that too often conversations on EU regulations on HN devolve into caricatures and trolling, its been nice to have a substantial conversation with you.

Ironically, I have the opposite read on the same situation: "Just do what the law wants from you" seems like a pretty straightforward thing that even the smallest startup can follow.

In the case of GDPR that would be roughly "don't store any personal data you don't strictly need for the feature, ask for consent, delete data when asked".

Checkbox-lawyering on the other hand requires just that, lawyers. Expensive ones. Ideally entire legal departments.

If you're a huge incumbent, you can afford that. Meta finds the neatest little ways to technically comply without actually doing what the lawmakers wanted. The little startup? No chance.

The other concern is addressed by the judicial system. If a competitor got some exception you didn't get, that's your correction mechanism. The CJEU exists precisely to ensure consistent application across member states and cases. The purpose is the same for everyone; the implementation differs based on context, but the purpose doesn't change.

[logicchains]

>It works out pretty well in general

How can you say that when Europe has completely failed at producing any big, successful tech companies in the past couple decades? China and even India have a lot more staetups-turned-bigtech companies.

[Y-bar]

Past couple of decades, how many exactly? I mean Apple (48), Microsoft (51), Amazon (32), Nvidia (33), Oracle (49), Adobe (44), Cisco (42), Intel (58), Google (28) aren’t exactly young.

With the exception of Tesla (23) and Meta (22), USA is not brimming with large new tech companies from the past decades either.

I mean King, Spotify, and Klarna are not trillion dollar companies. But at least they are younger than Google.

[SpicyLemonZest]

American companies at around Spotify's market cap include Palantir (23), CrowdStrike (15), AppLovin (14), Uber (17), ServiceNow (22), Robinhood (13), AirBNB (18), Snowflake (13).