I call bullshit. You're now just clasping at straws to make your GDPR phobia justified.
The EU isn't some evil organisation trying to destroy US businesses. And your argument from authority[1] really isn't going to work here either given the number of errors you've already cited on the topic yourself.
Which, depending on how you read it, might make participating on the internet practically impossible. An IP is considered personal data, so in theory you cannot use foreign infrastructure like a CDN.
Which certainly makes the internet as we know it impossoble. An internet where everybody builds tools on their site that everybody else can embed on their site. Because that would mean IPs flowing around between sites.
Which gives a huge disadvantage to Euroeans. Because Europreans have to show cookie banners and stuff to everybody around the world. While the rest of the world has to only show them to Europeans. Look at your favorite website through a proxy inside/outside the EU. It starts with an annoying popup only in the EU.
Which cements the stronghold of Google and Co, who 1) only have to bug their European users and 2) have the legal resources to cope with this insanity. Startups and indiemakers don't. So there will be even less of them in the EU. And the ones who exist will have to waste their time on this instead of building their products.
I think GDPR is a pain in ass but ultimately is not my decision no matter how much I judge you all.
Why judge at all? Europe has an extremely troubled history when it comes to abuse of private data - WW2, Franco, the Stasi, infiltration of moderate left-wing groups when the RAF was active, communism in East Europe. So, can you blame us for being protective of our privacy?
But it does frustrate me that you all believe that GDPR will somehow be good for you.
Why not? Many countries already had strong privacy protections, but non-EU companies could retract itself in various ways. So, it hasn't been a level playing field for a long time, since EU companies had to provide these protections. So, it is good for EU companies. It is exceptionally good for European citizens - they have a choice in how their data is used. US companies will eventually come around, Europe is a large and wealthy market. And complying with regulations is a walk in the park compared to e.g. China, Russia, or India.
The only way I can see it work out is if GDPR is selectively enforced against American business which it seems obvious to me that will be the case.
Please let this myth die for once and for all. The largest fines handed out by the EC affect European companies:
I don't need a legislation to only have good parts in it, but I do want it to do more good than bad. GDPR does not do that. The harm it causes for internet businesses in the EU in the long term is going to be too much. It's already making EU companies less competitive[1] and it'll become worse as time goes on.
To be fair, the EU does bear the fault in that its regulation is not enforced enough. The GDPR actually forbids annoying users into consent (it doesn't count if you force or trick users into consenting) but enforcement of this has been so lacking that entire businesses like TrustArc have been built on providing non-GDPR-compliant consent flows.
I mean, fine. I'm not an EU citizen, I think GDPR is a pain in ass but ultimately is not my decision no matter how much I judge you all.
But it does frustrate me that you all believe that GDPR will somehow be good for you. I've seen it said multiple times that when a massive American media company decides to pull out of the EU that a European alternative will emerge that is GDPR compliant and replace it.
Do you actually believe that if the economics of GDPR compliance did not work for a large American business that it will somehow work out for a small EU startup? The only way I can see it work out is if GDPR is selectively enforced against American business which it seems obvious to me that will be the case.
So ban the EU then. The market will find another venue if the service is useful enough.
If a website is obnoxious about its GDPR compliancy, I just close it. Coincidentally, it has never happened on something I really needed (technical documentation, scientific journals, etc.)
I don't necessarily agree with how the GDPR was created, or maybe even why, but to say it's worse than the information tyranny being built in the world today? Pft.
Yes, and what the GDPR crowd is telling me is that I should just trust the EU to always act fairly and never engage in any kind of politically motivated subterfuge.
And not only that, my concerns and dissent regarding GDPR piss people off so much, that at this point, every comment I post just gets downvoted immediately. Now I realize it’s against HN guidelines to discuss this, but when I post a comment and the delay it takes for me to return from the post page is enough for my comment to already have a downvote, I feel discouraged. It’s very clear the person who did that had no good faith intent on a discussion nor intent to even minimally read my comment. And I’m supposed to try to argue my points in good faith despite this.
The pro-GDPR crowd may be winning the mindshare but they are inheriting the cancer of something not allowed to be criticized. And if we ever do see an egregious fee driven by political motivations, am I supposed to feel smug for having predicted the possibility or sad that my mere expression that the default maximum fines are so ridiculous that they basically terrorize anyone who is not a multinational corporation turned out to be well-founded?
All I ever asked for was for people to recognize the chilling effects that this regulation can have. The internet used to have so many small websites, forums and wikis, and many of these fall under the umbrella of GDPR. And this is basically the treatment I get for trying to represent this dying breed of website: as some corporate shill worth being buried and not considered.
It’s not like I care that much about being with the mob, but it pains me that as the open internet gradually dies, people flat out just don’t care. GDPR as it is today is just represents a huge amount of risk for anyone that is not a multinational corporation, and it only gets scarier the further down you are. I’m sorry but just telling people to not worry about how the law is written will not work. Some people will ignore it, some people will try to follow it, and some people will just stop trying altogether deciding the risk simply isn’t worth it. And that latter part is most likely to occur for websites that are more objectionable, since they will likely face harsher treatment just due to cognitive biases alone, since we’re talking about considerations that humans make rather than the word of law.
Weird article. After reading it I agree more with the points it's trying to refute.
You can't use the existence of a 1995 law to prove the GDPR doesn't have problems. The whole reason the GDPR got written was because the 1995 law was ineffective.
The GDPR adds new requirements on top of the 1995 law. Privacy advocates don't think these requirements help privacy much. Businesses claim that it makes it harder to do business (but they say that about any legislation). You can argue about who is right but neither side particularly likes the regulation.
The biggest group of people who do like the regulation seem to be EU citizens who want a reason to feel superior to Americans. It's unfortunate nationalism. We're all on the same side against the large corporations.
The GDPR being meant to spite Google (rather than, you know, protecting privacy) is an unfounded conspiracy theory. Claiming the EU tried to support a US company by harming its (European) competition doesn't even deserve that level.
I actually agree with almost 100% of this. The EU should pass laws however they want according to whatever legal framework they want. And companies wishing to do business there should comply. I still think it’s a poorly written and vague law, but perhaps that’s just my distrust of bureaucracy speaking.
My real issue with the law is primarily that the EU thinks that it can assert that it has global jurisdiction with regard to the GDPR. This is so undemocratic and dangerous, it boggles my mind that fans of the GDPR can’t see it. Just because you like the intent of the law doesn’t mean you can admit that it goes too far, or sets bad precedent, or is likely to be abused.
If Saudi Arabia passes anti-blasphemy laws and says they apply globally if a citizen of theirs visits your website, should anyone care?
GDPR is being taken seriously by firms with enforcement exposure. My hope is that every other organization in the world just ignores it. It’s a dangerous precedent.
And then there’s my issue with the fans of the law who will read the above and come back with the vapid response: “well, if you’re not going to comply then clearly you’re shady and I hope you do go out of business.”
This is one of the dumbest things about GDPR and one of the reasons why the EU has a stagnant tech industry. Their own regulations choke their companies to death.
You ignore half of what I write, instead you keep asking the same questions again and again. You ask inane questions such as why I prefer not to donate to Google. I have no idea why someone arguing in good faith would act like this. You clearly don't have the slightest clue about the contents of the GDPR or European law in general. Please educate yourself. This discussion is over.
The EU hasn’t shaken off their roots in monarchy. Using the power of the state to go after a single private entity since they have a blood feud with said entity and are now finding all sorts of excuses to hit them economically.
I’ve been following the cases with regard to privacy in the EU and it’s a complete joke. You have all these onerous rules against any web technology making it near impossible for startups to function without an army of lawyers. Think I’m exaggerating? Look up the provisions under GDPR for any business, big or small, to set up a website and then process a single user request for their data even without sign in.
The UK is sick and tired of this and has recently begun moving to ignore these onerous rules. All power to them.
GDPR is extremely uncivilized. Forgetting the absurd fines and burdens it places on companies for a moment, consider the extraterritorial reach that EU is claiming for itself. The EU has declared itself Grand Emperor of the Internet.
you're saying that blocking eu ip is insufficient. so you can, at leisure, forcibly subject anyone to attack by gdpr, against their will, by circumventing their access controls.
the only way for all businesses around the world to avoid abuse and subjugation to eu regulators, who they cannot influence, is to not exist at all?
The EU isn't some evil organisation trying to destroy US businesses. And your argument from authority[1] really isn't going to work here either given the number of errors you've already cited on the topic yourself.
[1] https://en.m.wikipedia.org/wiki/Argument_from_authority
reply