Getting bogged down by the GDPR isn't demonstrating regulatory capture, just that the policy had a real impact (which may be what people actually want, even if that means it's a hassle for business).
Regulatory capture. EU regulators, yet again, failed to understand what and how they were regulating when it comes to computers. I find it surprising that few talk about the collateral damage of GDPR. The EU wasn't doing great in terms of internet companies. I can't imagine GDPR improved things.
There were plenty of last straws. The missing piece is a powerful enough entity that has interest in regulating them. No, despite the GDPR the EU is not that.
As a EU citizen; The intentions are good, some of GDPR is great, and some of the huge fines have been welcome in a world where corporations usually gets tiny fines.
That said, as with most heavy bureaucracies there's just not enough internal organisational tech education so lobbying and misunderstandings end up diluting the process.
Example is the cookie banners leading people away from smaller competitors strengthening monopolies, and teaching people to click at 100 banners a day because no one has time to read so much.
Another is GDPR policies which are great but a huge hassle for smaller orgs and companies, and not really targeted them in the first place.
Everything always ends up a win for the largest players, while the smaller ones struggle to maintain legality.
That has been my experience with a few GDPR processes.
Another annoying thing is the forced Public Procurements of software solutions if you're more than 50% publicly funded in EU.
Again good intentions but it just makes the big players hire huge amounts of lawyers and sales people to game the process to win then create bad software.
That's the problem with regulation. The free market is definitely not free after consolidation and monopolisation but if you're going to regulate you need the absolute best consultants to guide the process and somehow that step always gets bungled.
To be fair, the EU does bear the fault in that its regulation is not enforced enough. The GDPR actually forbids annoying users into consent (it doesn't count if you force or trick users into consenting) but enforcement of this has been so lacking that entire businesses like TrustArc have been built on providing non-GDPR-compliant consent flows.
I don't need a legislation to only have good parts in it, but I do want it to do more good than bad. GDPR does not do that. The harm it causes for internet businesses in the EU in the long term is going to be too much. It's already making EU companies less competitive[1] and it'll become worse as time goes on.
Managing how the regulatory burden falls is a core part of lawmaking. GDPR fails in this respect.
Complain-investigate regimes (where complaints frequently trigger a regulatory interaction) are effective. They're also among the most-onerous forms of oversight. (Second to mandatory licensing and auditing.)
Add to that the power of each of the EU's twenty-eight national data regulators to interpret the rules. Result? A law that's great for Facebook and Google and terrible for almost anyone else. To wit, Facebook and Google's shares of EU advertising has risen since GDPR went into effect.
As a EU citizen, I really wish we had competent leaders, particularly in Brussels. Have never seen any evidence that is the case, specially with regards to tech.
The last EU initiative at sweeping regulation in the tech space (GDPR) was disastrous. It imposed huge compliance costs for all entities, from large multinationals to small startups and business and even some individuals and nonprofits. For the multinationals that is totally fine with me, they can afford it, but for the other ones it is far from clear that the benefits outweigh the costs. They could have just made it not apply to small entities (either in revenue, number of users or some other metric) and it would have been arguably great. The way they did it they just gave a big advantage to large incumbents and put a strong handicap on EU based tech start ups (as well as other businesses to a lesser extent).
Years after the roll out, I still occasionally come across international websites that have opted to ban European visitors than figure out how to comply with GDPR.
Don't get me wrong, the GDPR was meant to address real on going abuses of personal data, and did some things right, but it could have easily had most of the benefits for a fraction of the cost if they did things right. Unfortunately, like all almost all regulators, Brussels tends to pay a lot more attention to hypothetical benefits of regulation than its predictable costs.
I think GDPR is a pain in ass but ultimately is not my decision no matter how much I judge you all.
Why judge at all? Europe has an extremely troubled history when it comes to abuse of private data - WW2, Franco, the Stasi, infiltration of moderate left-wing groups when the RAF was active, communism in East Europe. So, can you blame us for being protective of our privacy?
But it does frustrate me that you all believe that GDPR will somehow be good for you.
Why not? Many countries already had strong privacy protections, but non-EU companies could retract itself in various ways. So, it hasn't been a level playing field for a long time, since EU companies had to provide these protections. So, it is good for EU companies. It is exceptionally good for European citizens - they have a choice in how their data is used. US companies will eventually come around, Europe is a large and wealthy market. And complying with regulations is a walk in the park compared to e.g. China, Russia, or India.
The only way I can see it work out is if GDPR is selectively enforced against American business which it seems obvious to me that will be the case.
Please let this myth die for once and for all. The largest fines handed out by the EC affect European companies:
The EU enacted the GDPR laws and that had a worldwide positive effect. Yes, GDPR is of course not perfect, but it is much better than the previous status quo.
So yes, even though the EU is ridiculed in this joke it actually makes important contributions. Perhaps the only issue is that well-designed regulation is usually so subtle that people don't even recognize the benefits, or take it for granted...
GDPR didn't really work out that way, everybody still tries to collect and sell as much data as possible, only with more clicks. But that's besides the point.
To be honest I also don't see the point of the EU blocks, as you say. I assumed it was mostly just lazyness and unwillingness to deal with the issue at all.
What I love most about the EU and Europeans on this site is that they think that all these regulations will mostly hurt companies like Google and Facebook, and sure they'll be hurt. But the US is the largest market for most US companies, so they're unable to really hurt them like they want to. Instead, the people most affected are European companies that become successful enough for those onerous regulations to apply.
There was a Hacker News thread about a new research paper that showed that GDPR is hurting European investment, and there were plenty of Europeans in that thread saying "Good, stop using my data." Like really? Wouldn't it be better to stop data usage without hurting investment? It's such a self own.
That's what the companies make browsing the web in the EU look like nowadays. It's their decision to abuse us - and the law - and it is on them to fix it. If you check the enforcement tracker you can get an idea of what the tip of the iceberg looks like, the data that's lost/sold/leaked. Then take into account that just like with a real iceberg the bulk of the leaks and breaches goes unreported (and probably a large fraction of them goes undetected until the data shows up on some marketplace).
Until the GDPR a lot of this went on anyway, but totally invisible, now at least we have some idea of the magnitude of the problem and companies have an incentive to at least try to get it right. Not that many of them do. People that are categorically against government regulation tend to point at this and say 'see: that's what you get'. But they forget that in the relationship between companies and individuals it is the companies that on balance have the most power and there is ample evidence that this power then gets abused. Hence regulation. I'm all for tightening the rules another notch or two and adding a zero to the average fine. Because there is still a lot of room for improvement.
If EU wanted to privacy right, the solution would have been a technological one instead of a policy one. The whole GDPR thing was simply a show put on by politicians, nothing more.
Right - my point is that a lot of non-EU businesses over-reacted based on a poor understanding of the GDPR. Maybe their CIO read a blog post about American company X closing themselves to European customers, because they truly did attempt to market to Europeans and didn't think complying was worth it, and said 'Well, it ain't to hard to geo-block the EU' and went for it.
This comment is based on an assumption that the regulation actually achieved beneficial privacy outcomes. It’s arguable been most successful in Access to Data area, and to some extend Data Erasure. But the Consent and Documentation provisions are a complete joke. Most EU data subjects have no idea who’s holding their data, or how/why they have access to it.
The only area it’s been truly successful in has been levying fines against foreign companies and restricting access to the EU market. It’s a very successful piece of tariff legislation. Because the compliance strategy from most organizations was either stop trading in the EU, or accept the fines as a cost of business. (edit: there's also a 3rd common compliance strategy, which is just to pretend that since you're not specifically targeting EU data subjects, that you don't have to comply. I believe this is part of the reason that HN ignores the GDPR for instance)
GDPR dramatically reduced venture investments in europe, compared to the US[1]. Protectionism is not something you can do indirectly. It requires certainty and clarity.
I call bullshit. You're now just clasping at straws to make your GDPR phobia justified.
The EU isn't some evil organisation trying to destroy US businesses. And your argument from authority[1] really isn't going to work here either given the number of errors you've already cited on the topic yourself.
There is only so much that can happen with legislation. GDPR has been wonderful, but as far as public opinion goes it has backfired somewhat. I have heard too many people complaining that it’s „pointless because they know everything anyways”. That it’s „Brussels just telling us how to live”.
It’s an extremely delicate task for the EU, easy to sabotage.
If anything, it's a demonstration the EU, on this point, was not captured by vested interests: https://www.investopedia.com/terms/r/regulatory-capture.asp
reply