[HN Gopher] Google said it had successfully 'slowed down' Europe...
___________________________________________________________________
Google said it had successfully 'slowed down' European privacy
rules
Author : visitednews
Score : 430 points
Date : 2021-10-23 12:12 UTC (10 hours ago)
(HTM) web link (www.nytimes.com)
(TXT) w3m dump (www.nytimes.com)
| dbernick wrote:
| What's been hard recently in regards to EU privacy laws is the
| impact of SchremsII ruling. We have found multiple EU countries
| that interpret the guidance of "you can't use US-owned clouds (Ie
| all of them)" even with client encryption and data locality
| enforcement for fear of FISA.
|
| That's not privacy concerns but it piggybacks on privacy concerns
| via GDPR.
|
| https://www.theregister.com/2020/11/23/european_recommendati...
|
| There's still a lot to work out for these privacy laws.
| [deleted]
| jimmaswell wrote:
| Europe continues to slowly make itself a no-man's land for
| tech. How long until the great firewall of the EU?
| belter wrote:
| Uhmm...need to dig deeper into this SchremsII rullling. Looking
| at the comments going on in the Register reference you included
| and what are the moment recommendations:
|
| https://edpb.europa.eu/sites/edpb/files/consultation/edpb_re...
|
| ...It would look like using GSuite or Office365 would also not
| be allowed.
|
| Although I am strongly in favor all possible privacy measures,
| the move to onsite solutions is likely to cause an decrease in
| privacy safety. Most data center and private companies are
| completely unable to match anything near the SOC controls and
| internal procedures of most cloud providers.
| fmajid wrote:
| That's eminently sensible. What country, if I may ask?
| malermeister wrote:
| All of the EU. It's a ruling by the Court of Justice of the
| European Union.
| mrweasel wrote:
| We have the same "problem" the AWS team is most helping
| customers migrate of AWS to on-prem (well our datacenters).
| Nothing new have been built on public cloud for almost a year.
|
| That's also why I'm currently extremely negative about new SaaS
| solution presented on HN. We can't use ANY of them. There's a
| huge market for anyone who care to built and ship on-prem
| software right now. Atlassian for instance just left a massive
| hole in the EU market, by killing Jira and Confluence server
| products.
| joshuaissac wrote:
| > Atlassian for instance just left a massive hole in the EU
| market, by killing Jira and Confluence server products.
|
| They still provide the Data Center product for those who
| really want to self-host, but the cost is a lot higher.
| mrweasel wrote:
| I know, we use data center edition, but we have perhaps 15
| customers who cannot afford the licens, but also can't use
| Atlassian Cloud.
| hulitu wrote:
| Corruption is everywhere. The way GDPR is enforced is a joke.
| dninednjwryv wrote:
| Everywhere I look in society, another instance of corruption
| pops out
| christkv wrote:
| There should be zero negotiation between the EU and the tech
| giants when it comes to privacy from my perspective.
|
| There should be a no track law that disallows any company to hold
| private data without an explicit direct customer relationship.
| Data would have to deleted completely at end of any business
| relationship with a short grace period.
|
| There should also be a digital fast track process to report and
| receive damages when companies are fast tracked with similar
| legal penalties to illegally harboring medical information.
|
| The acceptance of data trading should end yesterday.
| k8sToGo wrote:
| I think consulting tech companies should be something they need
| to do, otherwise we end up with crap like that cookie banner.
| chmod775 wrote:
| That cookie banner is mostly corporations trying to be sneaky
| and trying to trick people into giving consent, or just flat-
| out misunderstanding the regulation.
|
| You need no cookie banner if you only use cookies as required
| by the service you provide to the user.
|
| For instance if a user is trying to log in, you don't need to
| ask for permission to set a cookie for that. The consent is
| implicit.
|
| If you want to set tracking cookies on the other hand...
| kiklion wrote:
| > That cookie banner is mostly corporations trying to be
| sneaky and trying to trick people into giving consent, or
| just flat-out misunderstanding the regulation.
|
| If the cookie banner satisfies the regulations and is the
| path of least resistance, then companies are going to use
| it.
|
| If the EU doesn't want the cookie banner everywhere then
| the regulations need to not allow it.
|
| It is much, much easier to put a banner up than to audit
| every application and technology used to ensure nothing
| tracks the user.
| mastax wrote:
| You still need to audit every application and technology
| so that you can create a cookie banner that lets you
| disable them, if necessary.
| chmod775 wrote:
| > If the cookie banner satisfies the regulations
|
| That's joke though. Most of them don't. And upon getting
| called out and/or fined, corporations right now just edge
| a bit further towards an actually compliant
| implementation - rinse and repeat. Currently we're in the
| state of "what if we made it really sloooow and
| convoluted to opt out?" - which is also not compliant
| because that makes not giving consent harder than giving
| consent.
|
| At some point we're going to be there, but right now
| we're not.
|
| The cookie banners as they are implemented right now are
| mostly wishful thinking by adtech: "Hopefully this will
| be enough?"
|
| It's not. But nobody wants to be the first to stop widely
| tracking people and going back to good old contextual
| ads. They're going to wait until the EU turns the heat up
| to 100 and maybe even then wait for a competitor to blink
| first.
| rndgermandude wrote:
| Max Schrems' (of the SchremsI and SchremsII court
| decisions) noyb group is now aiming for sites with non-
| compliant banners[1], having filed a first round of over
| 400 GDPR complaints. It will take years before the
| regulators come up with rulings and those decisions have
| been litigated, like it usually does, but it's good to
| see that somebody at least started the process as the
| regulators themselves have been - as usual - dragging
| their feet.
|
| [1] https://noyb.eu/en/noyb-files-422-formal-gdpr-
| complaints-ner...
| pgeorgi wrote:
| Regulators are massively understaffed. Except maybe the
| DPA in Ireland, that office seems to have enough
| resources to rubber stamp whatever comes their way from
| outside the EU.
| Symbiote wrote:
| > It is much, much easier to put a banner up than to
| audit every application and technology used to ensure
| nothing tracks the user.
|
| It is _REQUIRED_ to audit every application and
| technology to determine what tracks the user. That isn 't
| negotiable, it's the law: you must know where, when and
| for what purposes you are handling personal data.
|
| After that audit, you can either show a cookie banner
| etc, or remove the problem applications/technologies.
|
| https://gdpr-info.eu/art-30-gdpr/
| WA wrote:
| At this point, I don't think they misunderstand. They try
| to be sneaky.
|
| Thought experiment: if the cookie consent banner was a
| payment form, things would be A LOT easier to understand.
| They are ambiguous on purpose. From a UX perspective, most
| of them don't make sense at all.
| fmajid wrote:
| They make perfect sense as dark patterns.
| matheusmoreira wrote:
| Why can't they just hire expert advisors themselves? That way
| they don't need to consult companies who have conflicts of
| interest.
| krono wrote:
| Imagine the number of ex-bigcorp applicants for those
| positions that coincidentally left their previous employee
| on exactly the date the job offers went up ;)
| matheusmoreira wrote:
| Just exclude anyone with _any_ relation to corporations.
| krono wrote:
| Filling corruption-sensitive positions is a really
| difficult problem. On one hand it's near impossible to
| trust the purity of anyone with ties to the opponent,
| whilst on the other it is precisely and pretty much only
| those people that have expertise, experience, and inside
| knowledge that one requires to achieve meaningful
| success.
|
| Also, if you were chief evil at bigco, wouldn't you keep
| some people without any backlink around precisely for
| situations like these?
| Jensson wrote:
| They do. I know software engineers who work for the
| government on regulations etc. Then those experts consults
| with the company experts to talk about what regulations
| should look like.
| junon wrote:
| They should consult organizations that aren't out to invade
| privacy for monetary gain. For example, EFF.
| input_sh wrote:
| There's plenty of EFFs out there in Europe. Most of them
| are country-specific, but they also have an EU-wide...
| coalition, for the lack of a better word:
| https://edri.org/about-us/our-network/
| BiteCode_dev wrote:
| The banner is not because of the law, it's because of the
| sites. You don't have to put that banner: just don't track
| people.
|
| When you see such banner, don't get angry at the law, get
| angry at all those websites that are tracking you.
| specialist wrote:
| Yes and:
|
| Laws must be technically possible to implement.
|
| Sadly, the USA has gutted scientific and technical review.
| Which makes policy makers more dependent on industry funded
| think tanks and lobbyists.
|
| https://en.wikipedia.org/wiki/Office_of_Science_and_Technolo...
|
| https://en.wikipedia.org/wiki/Office_of_Technology_Assessmen...
| mike_hock wrote:
| > explicit direct customer relationship
|
| Be careful what you wish for.
|
| Which is better?
|
| Cookies "without consent" (which you can trivially clear with
| the click of a button, or have the browser clear automatically)
| every time you visit YouTube or Google search.
|
| Or no YT or Search for you unless you make a Google account
| tied to your real email (no 10minutemail) and real phone
| number.
|
| GDPR is privacy snakeoil.
| croes wrote:
| They are way beyond tracking by cookies or account, they just
| fingerprint your device. And cookie consent questions are
| better because you can sue them if they still track you with
| them. It is not only about technology and possibilities but
| also about laws and rights.
|
| GDPR is leverage.
| mike_hock wrote:
| So then they'll just make signup mandatory and circumvent
| the legislation that way.
|
| Device fingerprinting is still something you (or the
| browser vendor) can mitigate.
| croes wrote:
| Mandatory signup doesn't get them rid of the GDPR. You
| still aren't simply allowed to store data that isn't
| necessary to deal with your customer or user or the
| service you are providing.
| [deleted]
| rdiddly wrote:
| I don't know why, but my reaction today upon reading some of the
| quotes was along the lines of, jeez who ARE all these sad,
| scheming paranoiacs? Obviously Google hired them to be just that,
| but it's a far fuckin cry from "innovation" of the sort that's
| always being defended and trumpeted. Clearly innovation is a
| pretense now, maybe always was? Or maybe finding innovative ways
| of circumventing the public will still counts as innovation?
| gnulinux wrote:
| > who ARE all these sad, scheming paranoiacs?
|
| Same, it's puzzling to me what is the mechanism that creates
| people like this.
| pizza wrote:
| I imagine it's the steady state result of getting promoted a
| lot of times for bringing home truckloads of money for Google
| echelon wrote:
| The same ones that call privacy advocates the "screeching
| minority".
| Valakas_ wrote:
| Trauma.
| rdiddly wrote:
| I bet they think we're the fools though!
| gerash wrote:
| A good law IMO is: provide quantifiable anonymity metrics and
| post it visibly on your website somewhere (like nutrition
| labels). For example your likelihood of being personally
| identified is 14%). This obviously needs a body of research to
| come up with these metrics and methods to verify them.
| Governments can fund that research.
|
| Yet right now all I've seen from EU and California regulations
| have been friction upon friction both for the end user and the
| service provider:
|
| Every website I visit I need to go adjust cookie settings (enable
| essential and telemetry and remove targeting).
|
| So I'd vote for repealing all these useless laws
| mindslight wrote:
| > _Every website I visit I need to go adjust cookie settings
| (enable essential and telemetry and remove targeting)._
|
| > _So I 'd vote for repealing all these useless laws_
|
| This is called malicious compliance, and you're falling right
| for it. The entire goal of these "settings" is to trick/tire
| users into accepting fake consent that has not been freely
| given. They are a priori illegal under most privacy laws as
| well as common law principles. But enforcement takes time and
| resources. Meanwhile companies can play dumb, straight up lie
| about the necessity of such dialogs, and get users to
| mistakenly assign blame to those pesky laws rather than the
| malicious companies themselves.
| gerash wrote:
| I don't think so. The law can simply ban it but they know
| it'll break things. So they opt for the most annoying
| alternative.
|
| This reminds me of California prop 65 which is as useless if
| not more than the cookie law. You see it at every random
| place with the note that "this product may contain a chemical
| known to the state of California to cause cancer or birth
| defects ..." People have become fully desensitized to it
| because it shows up at the parking garage of their work
| place. If it was a real deal well perhaps it should've been
| banned.
|
| I'd like to repeal both prop 65 and these cookie laws. Either
| ban something or fine the perpetrators if it's harmful or
| stfu /rant
| 6gvONxR4sf7o wrote:
| I had a cookie consent form today that literally spun and said
| "processing" with a progress bar for a while. Clearly, it's
| artificial and it's just pushing me to accept all. The cookie
| consent stuff is trash because of implementers being malicious
| in implementation. If anything, the laws need to go further and
| keep the consent, but ban/enforce against dark patterns.
| blntechie wrote:
| > Every website I visit I need to go adjust cookie settings
| (enable essential and telemetry and remove targeting).
|
| Easiest way to not care about the cookie notices much is to
| always use incognito or private mode with each website on their
| own container. It's not foolproof of course as multiple
| fingerprinting tests will reveal but combined with tracker
| blockers at system level it's better than most and don't have
| to worry about those cookie notices.
| nerbert wrote:
| Visiting everything in incognito mode has the side effect of
| being asked each time what I want to do with my cookies.
| https://klima.com/ is the first website I ever visit that
| actually manages that properly.
| blntechie wrote:
| There are nice cookie notice blockers lists for most of
| these sites. Just have to add to uBlock origin or
| equivalent.
| zibzab wrote:
| Well, maybe that's what they think. But EU is coming with new
| security and AI regulations that will change things forever.
| numair wrote:
| I can guarantee you, from conversations I have had with senior
| executives at these companies, that they fully believe they've
| got the regulators in their back pockets. Until we throw people
| like Nick Clegg in prison for their revolving door betrayal of
| their citizens, you'll have some suspiciously incompetent and
| sympathetic politicians handling these issues. The whole
| Federal Reserve stock trading scandal should show you that
| these "public servants" will bend their morals for depressingly
| small amounts of money.
| mathattack wrote:
| Should we be more surprised that they're selling us out, or
| more angry that it's for so little?
| pjc50 wrote:
| It costs about PS150k to become an unelected member of the
| UK permanent legislature, and bribe your way into an office
| of state:
| https://www.dailyrecord.co.uk/news/politics/arise-lord-
| offor...
| toyg wrote:
| Those are the donations that were _declared_ , to
| maintain a pretense of propriety. What sits in Panama,
| you'll probably never know. 150k is too low a price for
| that seat, particularly since the cash-for-peerages
| practice is now so old that the competition must be
| significant. Either there is more undeclared or this guy
| knows where the bodies are buried.
| [deleted]
| thrower123 wrote:
| If you wanted to ensure that only companies with the resources
| of FAAMG could operate in your jurisdiction, you could hardly
| do better than the EU has done.
| azalemeth wrote:
| The thing I noticed most is that in Denmark, Danish sites
| follow both the letter and the _spirit_ of GDPR. I was
| looking at trying to pay my electricity bill the other night
| and got told that because my version of FF sent the Do Not
| Track header, they 'd automatically "objected" to all cookies
| and branding beyond necessary ones and I didn't need to do
| anything else. Those big banners have a simple "yes to only
| necessary" or "yes to all" button at the bottom.
|
| American sites on the other hand tell me either "tough, take
| our spyware if you want to see this site, or to to a
| restricted list of five pages" (which I'm pretty sure isn't
| legal under GDPR); throw up the gauntlet of 1000 tick-boxes,
| infinitely nested, or say "you're from the EU and we can't
| serve you page".
|
| The problem is cultural. I've de-googled myself as much as
| possible, but I don't like the fact that all of my real
| mobile device choices are written in California and made in
| china.
| thawSeh6s2p wrote:
| Almost every site has the "Yes to necessary" or "yes to
| all" now, it's not in the banner but generally IME if I
| click the "select" option it automatically has all the
| "optional" cookies turned off. Just two clicks instead of
| one. I think since the majority of people are too lazy for
| two clicks they see "select which ones", say whatever and
| just accept all so hiding the fact you don't actually have
| to select works in the site's favor.
| azeirah wrote:
| Samsung is neither Chinese nor Californian. Their phones
| are designed in south korea and manufactured in South
| korea, indonesia and brazil.
| onedognight wrote:
| The GP's point was that Android/G-Suite/Firmware, the
| software on Samsung phones, is substantially "written in
| California". That seems true enough in spirit.
| 12baad4db82 wrote:
| I think you are spot on, but maybe for a different reason.
| The EU has looked at the practices of large tech companies in
| the USA and decided that the way that these companies are
| collecting personal information and selling it for profit is
| something that should be progressively phased out. So not
| being able to create a company that harvests personal data
| seems like a win for the GDPR. The next step would be to
| reign in the large companies that have been able to use their
| resources to continue the practices that the GDPR has set out
| to limit.
|
| As a side point, I work in a tech startup in the EU that was
| founded post GDPR. We have no issues being competitive and
| also complying with the GDPR, however we do not make our
| revenue by selling personal data.
| ausbah wrote:
| I've heard this a lot on HN, any data to back it up?
| Jensson wrote:
| I still see plenty of small companies operating online in the
| country I live in. GDPR isn't particularly hard or expensive
| to follow if you are small and barely have any data,
| especially if you build your system to be GDPR compliant from
| the start. The expensive part comes when you are already
| large and have to make that large system GDPR compliant after
| it is already built.
| systemvoltage wrote:
| As a consumer, all I got for GDPR is a lipservice in the
| form of cookie banners and annoyance everywhere on the web.
| sharken wrote:
| Exactly, cookie banners are an annoyance where the user
| ends up clicking Accept All just to make the banner go
| away.
| Jensson wrote:
| You got the ability to demand to see your data from every
| company and get it deleted, you didn't have that before.
| They could just keep whatever data they want and there is
| nothing you could do to discover or stop them from doing
| that.
|
| If you care about privacy at all you should be very happy
| that is possible today. It is how we got all those
| articles showing what data Google and all other companies
| collects about you, since they asked about this referring
| to this EU law and the companies has to comply. So even
| if you don't use it yourself it greatly helps you anyway.
| systemvoltage wrote:
| I can see this useful for sites that collect a lot of
| data (Banks, Social Media, etc.) but for buying shoes
| from a shopify website, I really don't give a shit. If
| anything, GDPR has been a nuissance to me as a consumer.
| Being 100% honest. Cookier banners are so ubiquitious
| that we've all gotten used to just accepting them and
| moving on.
|
| This is the problem with EU regulation. Good intentions,
| bad implementations and unforeseen consequences. In fact
| this goes so far into the reasons why EU cannot harbor a
| growing startup scene or make rockets. I am not against
| regulations but if you lay a landmind in front of every
| endeavor in the form of regulations, it bears down on
| people that want to disrupt existing and overweight
| companies that can afford to abide by regulations. I've
| talked to many Europeans and they resonate with the same
| sentiments.
|
| I own a small business and I've gone through the process
| GDPR compliance. It is not too bad but there is a reason
| why there are upteen number of GDPR compliance consulting
| firms and checklist makers out there.
|
| What should have happened is a complete solution to
| privacy in the browser instead of playing cat and mouse
| games with businesses that will find loop holes.
| Jensson wrote:
| > Cookier banners are so ubiquitious that we've all
| gotten used to just accepting them and moving on.
|
| Cookie banners has nothing to do with GDPR.
|
| > I own a small business and I've gone through the
| process GDPR compliance. It is not too bad but there is a
| reason why there are upteen number of GDPR compliance
| consulting firms and checklist makers out there.
|
| The reason is that GDPR compliance gets more expensive
| the more technical debt you have. For big enough
| companies with bad engineering practices it can costs
| hundreds of millions of dollars. For a small business
| with a straightforward product they likely are all but
| compliant without even trying.
|
| > What should have happened is a complete solution to
| privacy in the browser instead of playing cat and mouse
| games with businesses that will find loop holes.
|
| GDPR has nothing to do with browsers, it has to do with
| forcing companies to ask for and track data they keep on
| you no matter where it comes from. It applies to apps, to
| hiring interviews, to storing transaction data when you
| buy groceries etc. What you are talking about is a
| completely different issue.
| systemvoltage wrote:
| I am sorry Jensson, but _everything_ you said is wrong
| and misleading.
|
| > The proliferation of such alerts was largely triggered
| by two different regulations in Europe: the General Data
| Protection Regulation (GDPR), a sweeping data privacy law
| enacted in the European Union in May 2018; and the
| ePrivacy Directive, which was first passed in 2002 and
| then updated in 2009. They, and the cookie alerts that
| resulted, have plenty of good intentions. But they're
| ineffectual.
|
| https://www.vox.com/recode/2019/12/10/18656519/what-are-
| cook...
| Jensson wrote:
| You are talking about the ePrivacy Directive, not GDPR.
| Cookie banners has been a thing for well over a decade.
|
| What you probably meant is the user data banners/popups
| you have to click on that are new since GDPR. They are
| not cookie banners, they are a different thing, calling
| them cookie banners gives people the wrong impression.
|
| The fact that you mix these two makes it look like you
| don't understand what you are talking about here.
| Especially since you talk as if this was the only thing
| GDPR changed. The cookie law is stupid, but GDPR is not.
| sharken wrote:
| For larger companies i can tell you that the red tape and
| additional overhead from GDPR is horribly expensive to
| implement.
|
| Not to mention the reduced happiness from working with
| GDPR.
|
| If Google could help remove GDPR and the Cookie law i would
| welcome it.
| Cipater wrote:
| >Not to mention the reduced happiness from working with
| GDPR.
|
| I'm of the opinion it should be even more onerous to deal
| with people's data than it currently is. GPDR doesn't go
| far enough.
| csydas wrote:
| >For larger companies i can tell you that the red tape
| and additional overhead from GDPR is horribly expensive
| to implement.
|
| My company had about a week of design of our data
| handling infographic and policy page and that was it for
| GDPR. The transition was incredibly simple, as we just
| didn't keep such data in the first place.
|
| Because we did collect voluntarily submitted items from
| users which might contain such protected data, we simply
| explained our retention process to users and documented
| in full the data's life-cycle once it hit our servers. I
| think we had to add a few extra S3 regions for uploads
| also, but that was just a few clicks.
|
| GDPR is anything but a headache unless you're trying to
| do the things the GDPR doesn't want you to be doing; then
| yeah, it's probably quite a headache.
| Jensson wrote:
| I am really happy that EU forces you to properly track
| what and where you store data about users. Sloppily just
| storing data everywhere and not properly deleting it is a
| huge security/privacy hazard, making such reckless
| behaviour illegal is a great thing.
| cblconfederate wrote:
| For whom?
| schleck8 wrote:
| I think they've realized that privacy centrism creates an
| industry in which the EU can compete well, independently from
| the US and China. Or at least I hope so.
| cblconfederate wrote:
| because that strategy has worked well so far?
| marcinzm wrote:
| Here's the issue. Google can use private data in the US to
| design a model such as say a personal voice assistant. It
| then deploys this model in the EU and then uses no EU private
| data either for training or running it live. Google can then
| use non-private data to adjust the model to the EU market.
|
| A company in the EU has to design the whole model with no
| private data which means they will have more difficulty
| competing with Google rather than less.
| kevingadd wrote:
| Poverty wages, child labor, ignoring emissions regulations,
| evading taxes, etc are all ways a company could improve
| margins and charge lower prices. That doesn't mean you want
| to legalize all of that just to compete in the global
| market.
| marcinzm wrote:
| Why do you put words in my mouth that we should legalize
| something when I said nothing of the kind? If this is how
| you react when someone points out flaws with a
| legislative approach then good luck ever getting one that
| isn't flawed.
| pessimizer wrote:
| It's ultimately going to be a race to the bottom if you
| allow companies who engage in those practices all over
| the world into your market on even terms. That's honestly
| what tariffs are for. Tax your citizens for engaging in
| commerce with companies that gain efficiencies through
| operating in ways that disagree with local values.
| MisterBastahrd wrote:
| That would only work for the percentage of the European
| population who uses English as their primary language. It'd
| be damned near useless.
| marcinzm wrote:
| I already noted that and plenty of languages are spoken
| outside the EU aside from just English.
|
| >Google can then use non-private data to adjust the model
| to the EU market.
|
| Google can do everything a EU-only company can do. They
| can also do things a EU-only company cannot do. The
| reverse is not true. So at worst they'll be roughly as
| good and at best much better.
| throwawayay02 wrote:
| And why is the company EU-only? What X-only company is
| trying to compete with Google anyways?
| MisterBastahrd wrote:
| No they won't.
|
| There are regional differences between the same language
| that can be pretty severe, all the way down to the
| pronoun level.
|
| So, no they can't.
| marcinzm wrote:
| I don't think you understand the point. Google can get
| all the same data as an EU company. They literally can do
| the same job an an EU company by simply not leveraging US
| data. The fact they have US data doesn't mean they are
| forbidden of getting EU compliant data like any other
| company.
|
| They can also get US data that doesn't follow EU privacy
| requirements. So Google has two source of data they can
| combine into a better product.
| indymike wrote:
| It just pours cement on industry~wide invention and replaces
| it with bureaucratic innovation.
| lumost wrote:
| Alternately, it may counter incentives towards digital
| monopolies.
|
| I'm not convinced that large amounts of personal data is
| required for search to work well, at the very least I'm not
| convinced the personal data must leave an individuals
| control.
|
| We don't see a lot of innovation in this direction as hyper
| personalized search seems to work reasonably well and the
| startup costs to compete are massive.
| christophilus wrote:
| I'd love it if Duck Duck Go would let me assign priority
| to websites. Prefer Wikipedia, GitHub, StackOverflow over
| spammy copy cats. Maybe the ability to flag results as
| spammy copy cats would also be nice.
| alisonkisk wrote:
| They already do this at scale for everyone. Sometimes
| they fail.
| WarOnPrivacy wrote:
| I'd love it if DDG didn't pointlessly ignore operands.
| truffdog wrote:
| > may counter incentives towards digital monopolies.
|
| Doesn't the cost of compliance inherently favor larger
| companies with better lawyers and deep experience in
| passing audits?
| 3np wrote:
| Take it far enough and it will force new innovations in the
| fields of p2p and distributed networks, homomorphic
| encryption, etc.
|
| It's still profitable enough with data silos that this is
| not happening yet
| orwin wrote:
| Which invention/innovation couldn't have come out with
| better privacy laws? I guess Palantir? Do you have another
| example? Theranos?
| rsynnott wrote:
| Theranos is largely agnostic to privacy laws; it came
| about due to shoddy medical regulation (specifically,
| while medicines and medical devices deployed to hospitals
| and homes are heavily regulated in the US, medical labs
| are not).
|
| Also, arguably, shoddy financial regulation. In many
| countries, large private companies have to submit audited
| accounts to the regulators, and that would likely have
| raised alarms about the other problems with the business
| earlier.
| indymike wrote:
| Theranos happened because the founders chose to lie.
| Plenty of laws were violated there. Medical regulation is
| not to blame. Investor hubris is.
| rsynnott wrote:
| Oh, sure! But the primary purpose of regulatory
| enforcement is to catch people lying, and Holmes was
| pretty effective at exploiting the weak points in the
| regulatory regime to avoid that detection.
| indymike wrote:
| What? Holmes (allegedly) misled people that were willing
| accomplices in being misled. There wasn't a regulatory
| failure, just investors that did not do their homework.
| whatshisface wrote:
| Medical labs are heavily regulated. Theranos mislead
| inspectors by not showing them their entire lab.
| rsynnott wrote:
| Well, depends on how you define 'heavily'. Theranos did
| hide a lab, but even beyond that they were depending on
| rules that allowed novel tests with very minimal
| oversight, provided they were done in a lab rather than
| in the field.
| jan_Inkepa wrote:
| I shrunk down the interactive (with server-side or
| external functionality, like third-party comment-boxes)
| features my sites a lot because of being worried about
| GDPR, basically killing a small community and having a
| direct negative effect on users. The overhead/worry is
| real, even if as a consumer I'm a big fan of it. The
| toolchain/conventions may eventually catch up so that
| things are GDPR-compliant by default, but the downsides
| are still very palpable.
|
| [ And even with all of those cutbacks, I'm still not
| really compliant on all my sites... (legacy software/not
| knowing what exactly my data server is logging/etc.) ]
|
| But, as a direct answer to your question: I don't think
| many things in principle are impossible with the current
| privacy laws. But that doesn't mean it's not having a
| chilling effect.
| basisword wrote:
| Although I understand your worry about not being
| compliant, from my understanding it's unwarranted. The
| intent of any enforcement action is not punitive but to
| enforce compliance. In other words small companies will
| be told "please comply" and given a chance to comply.
| It's only if they refuse that action such as fines is
| taken. Maybe this has changed but at least when I was
| studying this a few years ago this seemed to be the case.
| skohan wrote:
| It's not about what you can and can't do, it's the
| friction and cost associated with achieving compliance.
| I'm not against privacy protections, but having released
| digital products in Europe I can say that the cost of
| achieving GDPR compliance could very well make the
| difference between whether some companies can succeed or
| not.
| basisword wrote:
| >> the cost of achieving GDPR compliance could very well
| make the difference between whether some companies can
| succeed or not.
|
| Is this a bad thing? If we take privacy seriously then it
| shouldn't be. We don't see too many people fighting food
| or drug regulations intended to keep us safe because it
| might be costly for companies to comply. Maybe if a
| company cannot afford to comply with privacy regulation
| they should not be handling our personal information. I
| guess the reason it seems heavy handed in the tech/web
| world is that the barrier to entry started at next to
| zero and so much of what we put on the web is not
| monetised that any cost/compliance seems like a massive
| burden.
| skohan wrote:
| I don't think it's necessarily a bad thing. Like you say,
| some regulations are needed, and we wouldn't want to
| allow unsafe cars on the road just because crash-tests
| are a barrier to entry for startups.
|
| However it does serve as a moat for players with more
| capital, and that's something we should also be mindful
| of. For instance, maybe we could have some of the
| requirements scale and only kick in when a product meets
| certain thresholds in terms of numbers of users.
| Lord_Baltimore wrote:
| It is a trade-off which is not always acknowledged. It is
| not something that has 0 potentially negative
| consequences. And the competition and innovation that is
| stifled is often invisible (hard to see what could have
| been).
|
| If you had less intervention with respect to privacy
| would there be more dynamic market-driven initiatives to
| fill the gaps? Would there be more incentive to develop
| technology that would be effective for privacy? I don't
| know.
|
| Regulation is just hard because reality is complex and
| dynamic and regulation is often complex but not very
| dynamic.
| guitarbill wrote:
| > If you had less intervention with respect to privacy
| would there be more dynamic market-driven initiatives to
| fill the gaps?
|
| This is hilarious. Because we had that, and it was
| lacking, to put it mildly. And some people still have
| that, in a way that's easy to compare (e.g. EU vs US, CA
| vs other states). For me, the results are in and obvious.
| Privacy regulations are the only thing that reflects the
| privacy externalities they might impose on society back
| onto them (and the shareholders).
| dvtrn wrote:
| I wonder if these kinds of discussions can be easier to
| have if concerns and critiques brought up were framed,
| from the start with an understanding that the cost to
| achieve and maintain compliance with the standard is a
| cost that gets paid either in money or work-hours (like
| for example SOC2 or PCI), that it can very tangibly halt
| non-compliance workloads and rollouts; instead of
| starting from a footing of assuming complaints are the
| cloaked dressing for being against user privacy.
|
| Understanding full well each standard solves different
| problems, for some of us in tech achieving compliance is
| a non-trivial amount of critical work and maintaining it
| similarly isn't always something you easily drop
| everything and make happen in a day or two.
|
| I think that's 100% relevant and shouldn't be immediately
| responded to as others have by assuming the relevance
| comes from a position of opposing the regulation or
| standing against user privacy
| sulam wrote:
| A certain amount of regulation runs the risk of leaving us in a
| situation where a competitive moat is established between
| companies large enough to handle the regulatory burden and
| everyone else for whom it represents an unsurpassable barrier
| between them and the EU market. It wouldn't surprise me at all
| to find that large tech companies are encouraging "just so"
| regulation of this sort.
|
| [I do not speak for my employer.]
| kosma wrote:
| https://archive.md/0hb72
| amelius wrote:
| The two people working for the EU's privacy organization must be
| scratching their heads.
| gundmc wrote:
| Dupe of https://news.ycombinator.com/item?id=28967575 which has a
| lot more information and is not paywalled.
| emodendroket wrote:
| I guess maybe I'm missing the scandal, but this is why they
| employ people in "policy" positions, isn't it? It's rather open
| that they're out to alter the law in their favor.
|
| e: Another article in the front page suggests this is highlighted
| because it draws attention to Google's supposed pro-privacy
| position as a sham. I hadn't realized they had one but OK.
| xg15 wrote:
| I think the scandal could be in the "successfully slowed down"
| part. if you employ people to openly state your position on
| certain issues and represent your interests, that's ok - that
| has always been the justification for "good" lobbyism.
|
| (Though enough people point out that the ability for groups to
| effectively "represent their interests" differs dramatically
| between groups)
|
| However, the memo sounds as if they didn't simply stated their
| position - but also used their power to sabotage the lawmaking
| process itself and undercut all the usual mechanisms of
| democratic will formation. That's abuse of power and rightly
| seen as a scandal - even though google is likely far from the
| only one doing it.
| emodendroket wrote:
| I don't understand the distinction you're making. Influencing
| lawmakers and regulators to change policy in your favor is
| exactly what lobbying is.
| xg15 wrote:
| If someone influenced lawmakers by promising to pay them a
| lot of money if they voted in their favour, that would be
| different, would it?
| snowwrestler wrote:
| It would, but that is not what the unredacted docs say.
| emodendroket wrote:
| Well, legally speaking, yes, that would likely constitute
| bribery, which is illegal. But in your case you're saying
| the lobbying is scandalous because it worked, not because
| someone broke the law.
| WarOnPrivacy wrote:
| > Well, legally speaking, yes, that would likely
| constitute bribery, which is illegal.
|
| Trading law for campaign cash is not illegal in the US,
| at least not in any meaningful way.
|
| Nor is that sort of bribery objectionable to most US
| voters or news orgs - again, in any meaningful way.
| hash872 wrote:
| I'd like to see the reaction from libertarian types who always
| insist that regulation just entrenches large incumbents and makes
| competitors emerging tougher. (Ben Thompson of Stratechery has
| been banging this drum forever). If large companies actually want
| privacy regulation because it slows down emerging rivals- why did
| Google 'slow down' European privacy rules here? This seems to
| disprove Thompson's argument
| christophilus wrote:
| I'm a libertarian type, but I think any company that is large
| enough to sway government policy is a danger to society and
| should be broken up until their influence is indistinguishable
| from noise. No idea how to effectively execute that idea,
| though.
| CuriousSkeptic wrote:
| My thinking is that companies can grow that large due to the
| capital assets under their command.
|
| Taking some inspiration from geo-libertarian thinking the key
| would be to figure out if, and how, those capital assets can
| be made into a commons rather than privately owned.
| pessimizer wrote:
| Sadly, the breaking up companies does very little to the
| political influence of the people who own them, other than
| giving them a lot of different names to speak in the same
| voice.
|
| You break up companies, I think, in order to make room for
| innovative competitors, and to make corruption more difficult
| by making the lines of communication lengthier (and forcing
| them to stretch _between_ companies.) When it comes to
| politics, industries aren 't afraid to "unionize" amongst
| themselves and speak with a pretty singular voice. Most of
| their interests will always be identical.
|
| Those massive accumulations of power aren't actually located
| in supercorporations or ideal groups of competing companies
| making up an industry, but in individuals. The problem is
| that there's such an wealth/income disparity that small
| groups of people are going to be more powerful than larger
| groups of people by orders of magnitude, and that they're
| naturally going to use that power to increase that disparity.
| Their ideal world has the people who have accumulated the
| most ruling the rest through a system of benevolence and
| patronage. That's what libertarianism is.
|
| edit: The breakup of Standard Oil made Rockefeller far more
| wealthy and influential than he was pre-breakup.
| mountainriver wrote:
| Because it makes them so much money?
| Enginerrrd wrote:
| The narrative here seems not so hard to predict. Large
| incumbents may still have revenue which is negatively impacted
| by the regulation at the same time that the regulation raises
| the barrier to entry for smaller competitors. They're not
| mutually exclusive concepts.
| Lord_Baltimore wrote:
| Yes, a pebble in the shoe of Google but could be a mountain
| in the way of smaller company.
| Jensson wrote:
| The cost of GDPR is mostly related to technical debt, not
| company size. A small company with little debt will not
| face any issues with GDPR. Google just bet on they
| themselves having much less technical debt than the other
| giants.
| hash872 wrote:
| Sure, but this NYT times piece that says Google specifically
| tried to 'slow down' European privacy rules disproves
| Thompson's argument that they _want_ privacy to impede
| competition. It 's pretty binary- if they wanted privacy
| regulations they wouldn't have slowed them down, if they
| slowed them down then clearly they don't want privacy
| regulations. I don't see what other conclusion could be drawn
| asvitkine wrote:
| One reason to slow it down could be that the company needed
| more time for implementation work to get compliant.
|
| At Google's scale, I wouldn't be surprised if this was a
| factor.
| cblconfederate wrote:
| I m a european, GDPR did not change anything substantially.
| Instead people have to click a few hundreds "I accept" boxes
| per day and whatever was left of european advertising has
| completely vanished now. The EU did not have a plan to change
| advertising, instead you got a rather inane law for the web ,
| spearheaded by the german green left, that did nothing to
| correct the course of the advertising industry. The EU after
| gdpr should have required google to break up in europe, to
| force it to become one of the players. Instead we get
| politicians flexing and patting themselves on the back for the
| large fines they are able to impose on US tech, while the EU
| continues to render itself internet-irrelevant. The brussels
| microcosm is an overpaid crowd that s not good for business
| hownottowrite wrote:
| General question to EU people: do you enjoy trading data privacy
| for consolidation of goods/services into larger and larger
| corporations? After all, they are the only ones can afford such
| expensive relationships.
|
| Edit: This question isn't about compliance. That's easy. It's
| about the downstream impact of "missing" data in the advertising
| ecosystem.
|
| Some posters have pointed out that the EU still has a viable
| local press and a history of supporting smaller businesses. All
| true and something that sets it apart from the US.
|
| Also, my original question is a admittedly cheeky, but I am
| interested in how smaller companies actually compete if their
| options for targeted marketing are limited.
| kiryin wrote:
| People saying that the laws are only there to ruin your
| business are mainly non-Europeans who have at most read a
| shallow blog posts on the topic, also written by non-Europeans.
|
| The EU laws and regulations are quite simple to follow, and I
| dare say that it's much _more_ difficult for those large
| corporations you mentioned because they usually have much more
| responsibilities. Smaller companies with a smaller scope do not
| have to worry about rules which do not concern them and their
| business.
|
| So, to answer your question, yes, this is exactly what I want
| personally. For-profit actors need to be scrutinized.
| hownottowrite wrote:
| But if the rules impact a smaller company's ability to market
| against larger and better funded competitors isn't that an
| issue as well?
|
| Ultimately my question isn't about compliance. That is
| relatively simple. It's about the downstream effects.
| guerrilla wrote:
| I believe you are misinformed and have formed a false dichotomy
| here. It's easy to primarily use small businesses, who are
| doing relatively fine. The only exception I can think of is
| grocery stores but that was the case here long before GDPR and
| also isn't the case in the rest of Europe. I suspect it's to do
| with the geography of my country.
| hownottowrite wrote:
| Then explain how a smaller company markets goods and services
| in the EU without resorting the brand level advertising? Lack
| of targeting data makes it financially impossible until a
| company reaches a certain size.
| Jensson wrote:
| I type into Google "buy computer online" and get 9
| different local online shops where I can buy computers,
| none of them are Amazon. One of them was an ad, but the
| rest were just search results.
|
| Not sure why you think this wouldn't work in Europe.
| guerrilla wrote:
| The same way they always have, obviously? Also, they seem
| to have no problem reaching me on Facebook (the only place
| I can't block ads.)
| Fargren wrote:
| > Lack of targeting data makes it financially impossible
| until a company reaches a certain size.
|
| This seems to be a premise you are working with, but as
| someone with my feet in Europe, it just is not true. Lack
| of targeting data may make it a bit more expensive to
| market goods, not "financially impossible". I see ads from
| small companies all the time. Some are even related to my
| interest, specially when they are located close to things
| related to the ads.
| mopsi wrote:
| I use newspaper ads, billboards and social media presence.
| Works fine. I don't need to see your nudes, know your
| friends, hoard your browsing history.
| hownottowrite wrote:
| Newspaper ads are a fair point. Europe still has a
| functional local press ecosystem. That's dead in the US.
| kenty wrote:
| As an IT professional, I don't like it at all. The plethora of
| laws makes it much harder to do business in the EU: If you want
| to process any kind of data you are immediately forced to spend
| a lot of money on security certifications. This increased cost
| and velocity reduces the competitiveness of EU based companies
| which need to capture their home-market first. This is one of
| the potential factors why the EU loses out to other markets in
| startup-friendliness.
| MisterBastahrd wrote:
| As a human being who wants his information to be secure, I
| love it. If companies are going to peddle the personal
| information of individuals, and that information could
| potentially harm them if it became public, then getting
| security certifications is the very LEAST a company can do if
| they want to do business in that sphere. Everyone everywhere
| should demand it.
| jandorn wrote:
| Human rights also makes it much harder to do business in the
| EU. Your point?
| hownottowrite wrote:
| This is what I expected to hear. We had similar issues in the
| US with corporate tech when various financial regulations
| came down in the early '00s
| throwawaymanbot wrote:
| That turned out well for American and the world in 2008
| didn't it?
| guerrilla wrote:
| So you're going to keep asking people until you hear what
| you expect to hear instead of looking at the evidence?
| Based on your behavior here, it seems like you have already
| formed your conclusion and are only looking to hear
| specifically what you want instead of listening to the
| majority.
| hownottowrite wrote:
| Not at all on either account.
| [deleted]
| dmitriid wrote:
| > If you want to process any kind of data you are immediately
| forced to spend a lot of money on security certifications
|
| No, you don't
|
| > This is one of the potential factors why the EU loses out
| to other markets in startup-friendliness.
|
| No, it doesn't.
|
| What it "loses out on" is on price dumping through unlimited
| investor money and wholesale private data collection
| emptysongglass wrote:
| Do you actually work for a small to medium-sized EU
| business? Because I do and the amount of money we need to
| throw at compliance, both in direct costs and dev hours, is
| _immense_. And we 're not doing ads, user targeting, or any
| other such "nasty" industry practices. Our product is
| widely thought of by both our customers and investors, as
| wholesome! But our product does require customer accounts
| and data storage because wheeling in a server rack to
| wherever they are is the last thing they want.
|
| I used to be think GDPR was a good thrust for user privacy
| but years later what I see is an adorned web already
| suffering under the weight of its own crap super-adorned
| with these cookie banners that impact my actual, day to day
| life of the net.
|
| That's not a failure of the companies doing the tracking,
| that's a failure of regulation. The EU could have legally
| enforced the existing Do Not Track flag but instead we get
| a worse web that has literally shaved off hours (days?) of
| my life clicking through cookie forms. And no number of
| uBlock scripts that promise to erase them from the web has
| been enough to stop them.
|
| So, report these privacy invading companies to your local
| data protection body, you say! Sir, madam or epithet of
| your choice, have you _tried_ reporting a breach to the
| Danish Data Protection Agency? They will do _everything_ in
| their power to invalidate your claim. That was the last
| straw for me. Our protectors are indolent or powerless and
| here we proclaim victory!
|
| All I've seen from these rulings is spinning wheels, wasted
| labor, money set fire and pain.
|
| Our German clients have screamed and hollered (thanks,
| Schrems II!) to bifurcate our clouds so that one side is
| AWS and the other is a German cloud that moves with the
| glacial pace of the 90s and with that decade's service
| portfolio. Don't even get me started on the service level
| difference:
|
| AWS: how can we literally give you everything you need to
| build your successful business? How about these free
| recruits who just graduated out of our program that
| specifically re-trains people from disadvantaged
| backgrounds to be cloud all-stars? How about regular
| consulting sessions with our teams to identify how you can
| save money with us?
|
| German cloud: let's make setting up a managed DB the most
| horrifically onerous process possible that's unreliable and
| flaky with your data and then charge you thousands of euros
| for support fees fixing the things that were our fault to
| begin with.
| dmitriid wrote:
| > Do you actually work for a small to medium-sized EU
| business?
|
| I did. And I do.
|
| > Because I do and the amount of money we need to throw
| at compliance, both in direct costs and dev hours, is
| immense.
|
| It's not _immense_ , with emphasis. It's just the cost of
| doing business.
|
| If you run into having to do compliance or certification,
| it means that you're doing something that requires you to
| be, you know, compliant.
|
| For example, financial institutions have to be compliant.
| And we, as society, really-really want them to be
| compliant _and_ responsible for what they are doing. Not
| like Equifax in the US.
|
| > And we're not doing ads, user targeting, or any other
| such "nasty" industry practices.
|
| It doesn't matter, if you do it or not. The "immense"
| cost of compliance is just your business deciding to cut
| corners and then realising that no, you shouldn't cut
| corners, and then scrambling to fix that when you were
| most likely caught red-handed.
|
| I worked at a company which was a bit lax with its
| practices, and then had a run-in with an unexpected
| audit. Omg, you wouldn't believe, but the cost of
| compliance with laws was _immense_ as we rushed to meet
| al requirements before the deadline imposed on us. Had we
| not been lax, this wouldn 't even be a problem.
|
| > I used to be think GDPR was a good thrust for user
| privacy but years later what I see is an adorned web
| already suffering under the weight of its own crap super-
| adorned with these cookie banners that impact my actual,
| day to day life of the net.
|
| Ah yes. Another person who complains about compliance,
| and then immediately pretends that the state of the web
| is the result of a law.
|
| No, the web is the way it is now precisely because these
| companies _flaunt and break the law_. All those cookie
| banner with dark patterns? They are _illegal_. The only
| real downside of GDPR is that it 's not enforced as
| rigidly as required, and nowhere on the required scale.
|
| As for compliance with GPDR, it's essentially zero added
| cost for small companies with greenfield projects. For
| small-to-medium companies the cost of GDPR compliance is
| the function of data practices. If it's "immense" for
| you, this only means that you were already siphoning user
| data you didn't need and did nothing to protect it. I
| can't feel sorry for you.
|
| > Our German clients have screamed and hollered (thanks,
| Schrems II!) to bifurcate our clouds so that one side is
| AWS and the other is a German cloud that moves with the
| glacial pace
|
| Once again, you blame _your own technical decisions_ on
| the law. Of course German customers would want their data
| in Europe. Why wouldn 't they? Data on American servers
| is basically forfeit, and can be examined, analysed, and
| seized by the US at any moment. Wow, I can only imagine
| why German customers would not want that. Whatever might
| be the case, hm?
|
| > German cloud: let's make setting up
|
| Once again: it was _your_ decision. AWS (and GCP, and
| Azure) literally provides a service to European customers
| where they keep data in Europe only, and that is more
| than enough for most any compliance (I know _banks_ in
| Europe who use AWS and /or GCP). [1]
|
| So, your poor technical decisions have lead you to suffer
| increased costs, and you blame that on laws. Keep it up,
| it's a good way to stay in business.
|
| [1] AWS: https://aws.amazon.com/compliance/eu-data-
| protection/, Azure:
| https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-
| boun..., GCP
| https://support.google.com/cloud/answer/6329727?hl=en
| emptysongglass wrote:
| You don't know my company and you've ascribed practices
| to my company that we don't practice to create a straw
| man. Please don't do this.
|
| We're working, willingly and early, with an independent
| auditor we hired.
|
| As for the German cloud, no AWS Outpost or anything else
| we (and AWS' legal team) pitched was enough.
|
| > The only real downside of GDPR is that it's not
| enforced as rigidly as required, and nowhere on the
| required scale.
|
| Whose actual fault is this? The EU pushed through a
| ruling without teeth. It's a lose-lose for everyone from
| business all the way down to the person assaulted by
| these cookie notices.
|
| > So, your poor technical decisions have lead you to
| suffer increased costs, and you blame that on laws. Keep
| it up, it's a good way to stay in business.
|
| This is just rude, please don't.
|
| > If it's "immense" for you, this only means that you
| were already siphoning user data you didn't need and did
| nothing to protect it.
|
| Why are you continuing to state things as fact you don't
| have a clue of? This is completely false.
| GordonS wrote:
| What are these security certifications you are referring to,
| and who required you to get them?
| wongarsu wrote:
| What kinds of security certifications? GDPR doesn't require
| any certifications
| Levitz wrote:
| This really gives me "Western regulations on labor hurts its
| economy compared to China" vibes.
| hugi wrote:
| As a European running multiple sites and services, you seem to
| have no idea what you're talking about. The EU rules are quite
| simple and easy to follow, and I love having real privacy
| protection from corporate interests.
| hownottowrite wrote:
| Sure they are simple to follow. The question I have for you
| is how do you attract new customers?
| wutwutwutwut wrote:
| As a company you need to follow the law. As a company, to
| attract new customer you sell something useful. Those two
| aren't mutually exclusive. For example, you can sell a
| service to a customer even if you respect their privacy.
| mrweasel wrote:
| Ads are still legal, that hasn't changed. You can still
| target customer based on the sites the visit or the
| sesrches they make.
|
| Sales people, well agencies, are just super pissed that
| they now have to do actual work. For years they've been
| able to make money by clicking around in AdWords and
| Facebook ads, now the real sales people has to get back to
| work.
| hownottowrite wrote:
| A couple people here have said "make something useful."
| Fascinating. So make something useful but then how do you
| actually get it in front of people without resorting to
| very expensive and inefficient brand advertising?
| madmoose wrote:
| By providing useful products or services?
| wongarsu wrote:
| I can see how reworking an existing system to be GDPR
| compliant can be a major headache. But for anything designed
| from the ground up the rules are really easy to follow and
| quite sensible.
| pyrale wrote:
| > do you enjoy [...] consolidation of goods/services into
| larger and larger corporations?
|
| I mean, it seems the US has completely abandoned their policy
| of breaking anti-competitive companies in favor of what
| essentially looks like surveillance mercantilism.
|
| In that context, your question is ambiguous: are you, as often
| happens here, arguing that EU attempts at regulation entrench
| monopolies, or are you arguing that the EU should take
| significant actions to break US tech monopolies' presence in
| Europe?
|
| In the first case, I believe there is ample evidence that anti
| competitive behaviour by tech companies is widespread enough
| that regulation doesn't significantly improve their position.
|
| As for the second argument, the US government has always
| vigourously pushed back against any EU attempt at unfavourable
| regulation.
| hownottowrite wrote:
| Neither actually. My question is more about downstream
| impacts on smaller companies.
|
| For example, Apple rolls out privacy controls in iOS 14. The
| story is about big adtech vs Apple privacy, but the
| downstream impact is that smaller businesses can no longer
| target effectively.
|
| GDPR and similar privacy moves in Europe have the same
| impact.
|
| The result is that smaller companies either evaporate or move
| to marketplaces because they can no longer acquire customers
| at acceptable rates.
| pyrale wrote:
| > The result is that smaller companies either evaporate or
| move to marketplaces because they can no longer acquire
| customers at acceptable rates.
|
| I am a bit stuck here, what do you call smaller businesses?
| Rolling out effective targeted advertising is hard in the
| first place. It's even more so in an environment like
| Europe where potential buyers are fragmented across
| countries with different languages, cultures, and so on.
|
| If anything, effective privacy laws levels the playing
| field. That's good for companies that can't afford a large
| marketing budget.
| hownottowrite wrote:
| Let's say companies with revenue between 500K and 5M Euro
| in annual income, but certainly smaller businesses can
| stand up targeted ads even if they're just going self-
| serve.
| hnlmorg wrote:
| Smaller companies have fewer compliance concerns and thus have
| an easier and cheaper job conforming.
|
| As for the comment about " _consolidation of goods /services
| into larger and larger corporations_", that's very much an
| Americanisation. It's usually the American firms that go for
| global monopolies. I'm not saying we don't have large multi-
| nationals in the Europe as well but there is a real culture for
| supporting independent businesses here which I've not noticed
| in America (it might exist there but I've not seen it as
| prevalent there during my visits).
|
| Frankly, the only people GDPR affects is those it's expressly
| there to protect us from. So I consider that a win.
| hownottowrite wrote:
| The culture for supporting small businesses is a very fair
| point. Americans talk about it but in practice the support is
| very weak.
|
| Europe also retains strong local press operations so
| advertising in newspapers is actually viable. That's dead in
| the US.
| lotsofpulp wrote:
| I wonder what demographic is reading physical newspapers in
| Europe to cause a difference compared to the US.
| marginalia_nu wrote:
| In general I feel the EU bureaucracy doesn't understand the
| problems well enough, so the solutions typically tend to be
| annoying and expensive without mitigating the problem (and
| often the problem they attempt to solve sounds like it was
| formulated 10-15 years ago).
| drawfloat wrote:
| The alternative being weak data privacy laws and the same
| consolidation happening anyway?
|
| But yes, I'm fine with it. Compliance is really not that hard
| until you reach the scale of those same dominant players.
| hownottowrite wrote:
| So you're saying yes because you believe the consolidation is
| happening regardless?
|
| Probably true in Europe. Regulation and taxation schemes are
| onerous there. Only the large can survive.
| Jensson wrote:
| Big companies dominate much more in USA than Europe though,
| Europe has way more small local companies that compete with
| Amazon etc.
| hownottowrite wrote:
| Absolutely a fair point. How do they get your attention
| though?
| Jensson wrote:
| They play local ads? Google lets you advertise in an
| area, you see them in Google, in youtube, in facebook
| etc. And since these companies has much stronger local
| brand recognition than the American giants they win out
| in the local markets.
|
| Also advertisements is more than just spending money, you
| need to mesh with the local culture as well. An American
| multinational doesn't really mesh well with most people
| and people reject their marketing, while local companies
| understand much better what the local people wants. In
| theory the giants could just hire locals, but in practice
| that has been really hard for them to do, as we can see
| every country has their own grocery store chains, brands
| etc.
| hownottowrite wrote:
| But local ads without interest context are really no
| different than large scale brand ads. What's missing is
| the information about the users interests, which in turn
| makes the ads more relevant.
| Jensson wrote:
| It is good that you are concerned, but EU is not lacking
| small companies. Where I live Uber is not the biggest
| ride sharing app for example, an European based
| competitor that started after Uber is bigger. They
| started after GDPR, so from my perspective it isn't EU
| that needs to fix its small businesses, it already works.
| It is USA that needs to prevent businesses from growing
| huge and dominating their entire market and effectively
| making it impossible for new entrants to appear.
|
| Anyway, we can't refute all your points. It is really
| easy to just ask more and more questions, but at the end
| the results is what matters. And the real world results
| says that Europe is very good for small new businesses.
| drawfloat wrote:
| That's a very weird reading of that response. But no,
| that's not at all what I said.
| hownottowrite wrote:
| I just read your edit. It doesn't seem like I had a weird
| reading at all.
| Jensson wrote:
| The companies consolidate in USA regardless of what
| Europe does, nothing Europe does will change that.
| krono wrote:
| Today this is not something that affects day-to-day lives in
| any meaningful way I don't think.
|
| Additionally, the EU seems to be big enough of a market for
| corporations to still bother with providing privacy-friendly
| variants of their products that mostly function in exactly the
| same way.
| hownottowrite wrote:
| But how do smaller companies make you aware of their products
| if they can't target you?
| Semaphor wrote:
| I don't know, I have all ads blocked everywhere and still
| discover new products. I also discovered new things, before
| the internet was such an ad-ridden mess that adblockers
| became a requirement for decent UX.
| Un1corn wrote:
| Just like before there were targeted ads?
| hownottowrite wrote:
| Well, before targeted ads there were blogs and they were
| well read. Not so much anymore since Google decimated
| that channel.
| pgeorgi wrote:
| Think "before blogs". Windows 3.1 rose to dominance when
| the Internet wasn't a factor for the vast majority of
| computer users (and even less for everybody else).
|
| How could they possibly have acquired customers back
| then?!?
| hownottowrite wrote:
| With money... lots and lots of it spent on brand level
| marketing in print media as well as with direct sales
| reps.
| krono wrote:
| Do they really need to know with which hand I am likely to
| wipe my arse with, though?
|
| Smaller companies using the services provided by the bigger
| fish have caused a self-perpetuating circle of ever
| increasing imbalances in many areas.
|
| The resources that are being spent on not only keeping this
| machine in tact, but as seen in the article, grow it even
| further, show that this machine isn't going to stop itself
| and that higher intervention is required.
|
| This is going to be costly and hurt in other ways, but with
| it being a massive stap towards a sort of post-scarcity
| society as was shown in Star Trek and by the Venus project,
| it's worth every tear and every penny.
| hownottowrite wrote:
| If anything the society depicted in Star Trek has even
| less privacy, but ok.
| krono wrote:
| I don't want privacy just for the sake of having it. It's
| a tool that serves a purpose that's no longer or
| significantly less relevant in that story.
| pirocks wrote:
| Sometimes I have a problem that could be solved with money.
| I google/whatever favorite search engine is for a product
| that solves the problem that I want to solve. At no point
| adtech is required, in fact I would prefer if adtech wasn't
| involved.
| retrobox wrote:
| The data privacy laws makes people think harder about the
| collection and usage of data. That's definitely a good thing.
| What I don't want to see is big corporations subvert that
| hownottowrite wrote:
| But how do smaller companies function in such an environment
| without being subsumed into larger marketplaces?
| hugi wrote:
| -
| hownottowrite wrote:
| Lack of accurate targeting leads to lower ROI. If you're
| trying to build a direct sales business that would seem
| to be a rather large impediment.
| reaperducer wrote:
| The same way they have for the last thousand years?
|
| Tech isn't magic. It's still just a business.
| phicoh wrote:
| Larger and larger corporations are needed to violate EU privacy
| rules and get away with it.
|
| After the initial scare of the GDPR, most organisations found a
| way to live with them.
|
| But obviously, it will become very tricky, and potentially
| costly if you want to violate people's privacy.
| hownottowrite wrote:
| I guess it depends on the products and services and where
| they originate. Many media companies outside the EU have
| simply opted out of doing business there. I know the same is
| true of some smaller direct retailers.
| phicoh wrote:
| That makes sense. For company that has a few potential
| customers in a region with complex legislation it may make
| sense to get avoid those customers because of cost of
| complying with the legislation may be higher than what the
| customers are worth.
|
| A similar example is that many banks outside the US prefer
| not to have US citizens as customer. This is also because
| complying with US laws is more costly than the money made
| from US citizens.
|
| When it comes to smaller retailers, that is probably due to
| the EU tax rules. That's a pity. But possibly hard to
| improve.
| hownottowrite wrote:
| Yes, the VAT structure is particularly painful for
| retailers outside EU for many reasons.
| throwawaymanbot wrote:
| The arrogance In The comments is incredible. The gasping fetish
| for "targeting" and hoarding data and any attempt to put manners
| on said activities by the EU as making business not worthwhile is
| really laughable.
| DeathArrow wrote:
| Google motto is "don't be evil".
| rvense wrote:
| Nope, they scrapped that years ago.
|
| And I really, really want to know exactly what happened at that
| meeting. Did someone sit there and say something like 'Look,
| I'm not saying we should "be evil"...'? How does that
| conversation start?
| d0gsg0w00f wrote:
| I always wondered this too. Would love to have been a fly on
| the wall in the "let's drop the 'don't be evil' motto"
| meeting.
|
| Maybe at the time it seemed intuitive, not representative of
| the _positive_ goals of the company, and just something
| people could point at whenever there was a minor
| disagreement. In hindsight they may have been able to avoid
| the dumpster fire that they're in now if they had kept it.
| rsj_hn wrote:
| On the first slide was a graph where the "evil" line was
| moving up and to the right.
| amelius wrote:
| Would you bring your kids to Disney World if its motto was
| "we won't kill your children"?
| d0gsg0w00f wrote:
| Yes
___________________________________________________________________
(page generated 2021-10-23 23:01 UTC)