It turns out investigation and enforcement is disproportionately doled out to large corporations. Companies like Alphabet and Meta have multiple teams to make sure they are handling data correctly and yet there could still be things that fall through the cracks.

This regulatory attention on large companies is advantageous to startups though; until a startup gets big nobody really cares about its data handling compliance.

Because while the rulemaker believes that there is a range of potentially reasonable judgments based on particular circumstances, they do not believe that range is unbounded.

> The only reason I can think of is to protect large corporations.

The fixed minimum upper limit of $20 million is actually probably to prevent (or limit the effect of) large corporations using smaller subsidiaries and fancy accounting for GDPR-risky activities, rather than the upper limit protecting large corps.

The same way anything works. The largest players write the regulations, stand up a new regulatory body, require anyone that can be remotely considered a data collector or warehouse or whatever term they come up with to 'pre-certify' their operation at a 6 or 7 figure sum to crowd out any upstart players.

Didn't you know? They do. Large corporations are always happy to help regulators write laws in such a way as to benefit them to fend of those pesky innovators. [1] Raising compliance costs as high as possible is highly desired by large companies.

[1] https://en.wikipedia.org/wiki/Regulatory_capture

My Google complies with local data protections and regulations as mandated by law.

>It seems that there are not enough US customers around here.

So you're telling me it's okay not to comply with a regulation because the market doesn't justify it and not because you're cartoonishly evil? Interesting. I wonder if we could apply that principle to other circumstances.

The SEC is empowered by Congress to enact regulation, see the Administrative Procedure Act.

Anyways, as a director of a publicly traded company, Elon Musk is well aware of information disclosure rules.

Your argument is couched in libertarian fantasy, not reality.

What a lousy system of regulation, then.

I feel like you'd be more effective finding someone (or twenty someones) that work in their IT department on LinkedIn and explaining to them that working to enrich such an outfit is a scumbag move.

Hit them where it hurts. Government regulators are not it for these fully integrated parasites.

Please read the site guidelines.

> This is complete nonsense and shows you weren't paying attention or have forgotten what happened after the GFC.

We're not talking about jail, though that's an interesting conversation to have. We're talking about fines big enough to put a company out of business. What banks went out of business because of government action? What pharmaceutical companies? What tobacco companies. I'll bet I was paying much closer attention than you, and I didn't see anywhere this level of "add another zero" hysteria then. Even people who didn't totally agree with "too big to fail" seemed to agree with enough of it to stop short of where they are now regarding Facebook.

> I'm hoping for a GDPR clone to come out of the tech industry's GFC

So am I. It just has to be general regulation that can be enforced fairly on anyone who transgresses, not a targeted hit against the pundits' favorite target.

Can you name a piece of US federal legislation regulating a major industry passed in the last, say, 30 years, where this was not the case?

As a person who's data is being sold I would one up it and wish that each county would produce their own regulations. That business is a cancer.

Public outrage seems to be based on a very low-res view of reality drawn from viral sound-bites, so I doubt that's how any public outrage would work.

This doesn't make any sense to me.

a) OpenAI just barely has a product. I mean it's pretty amazing but so very clearly just emerging. Regulation increases the barrier to market entry for other players, but OpenAI entire continued research, that is just about to maybe bear fruit, depends on upcoming regulations not fucking them over.

b) Right now, the lynchpin (and how this industry could realistically be regulated) seems to be a compute. For a lot of compute, you need a lot of money.

So here is what we are assuming: An evils genius OpenAI, that is masterfully steering American regulation to create a scenario in which, on the one hand, the most scary competitors (those with the big credit lines) will be effectively kept from entering the market, while on the other hand warding off any AI policies that run a high risk of impacting their own business more than anything else.

You claim people have seen such things before. I am not sure what you are referring to, but to me the above sounds exceedingly wild and improbable.

> Sam will be okay, he can handle some haters.

Sure. I really don't care about Sam. I just wish people tried to be a little kinder, for everyone.

The SEC is the only financial regulatory body that is a real public institution. Isn't everything else just private corporations who only give the impression that they're public regulatory bodies?

Given Wall Street's lobbying power, the regulatory bodies for Wall Street has always been weak. I don't foresee this changing for the same reason.

I honestly don't know how you can say that with a straight face if you have ever looked into this for more than 5 minutes.

The regulation is not clear and they refuse to clarify when asked on many important topics. Compare that to other security related issues, where regulators are very proactive about clearly defining what is what, publishing explainers, etc. etc.

I'm not sure why you make it sound like an decision. We're already seeing that improved computing power and statistical methods, coupled with the falling costs of these, are giving us transparency which can guide both consumers and regulators.

Its one of the reasons I'm a fan of "legible" societies once the asymmetry if power and information is overcome. We can all hold each other accountable.

If you check my comment history you'll see I'm a big fan of the CFPB and generally want the government to make bad behavior more expensive, so I appreciate the rest if your post but you're preaching to the choir. I'm furious at what the Executive has done putting a scam artist at the wheel to dismantle it.

It doesn’t follow the law. And it doesn’t attempt to challenge it. It hand-waves it away with an unprovable hypothesis. It’s lazy in a way that encourages unthinking and stupid behaviour.

Interstate legal competition exists, but it’s slow and complicated. It’s especially unusual in finance. Furthermore, cryptocurrencies are, in many jurisdictions, starting from a hands-off position. Deregulation is less likely than further regulation.

> Your statement is 1-dimensional and makes the assumption that every law is good

I don’t assume that. If there is a law one finds unjust (a) work to change it or (b) break it in an act of civil disobedience. Don’t tell other people to break it with false assurances around why they won’t get in trouble because regulators are competing or whatever.

The ex-Google employee is calling on Congress to be reactive to Google's activities. Do you agree then with their proposal?

I actually don't agree; bad behavior hurts people and that harm should be prevented if reasonably possible. For example, we should be proactive about airplane safety. We should have been proactive about regulating the securitization of mortgates - that would have saved maybe billions of people from harm, many losing their homes, jobs, and savings.

Of course, anything can be taken too far ...

> Instead of blanket calls for regulation, we should be specific and considerate when making new rules

I don't think anyone would disagree, but am I overlooking someone?

In fairness, you earlier wrote the following, which seems like a much broader, stronger statement:

> any solution that requires foregoing independent corporate decision making would be foolish

If you're not collecting data, then all of this is irrelevant. You just say "I'm not collecting data". There's no nuance here.

Or to their benefit when the regulations affect their competitors, often to the detriment of the rest of us.