[HN Gopher] Europe is scaling back GDPR and relaxing AI laws
___________________________________________________________________
Europe is scaling back GDPR and relaxing AI laws
Author : ksec
Score : 412 points
Date : 2025-11-19 14:41 UTC (8 hours ago)
(HTM) web link (www.theverge.com)
(TXT) w3m dump (www.theverge.com)
| AndrewKemendo wrote:
| > The changes, proposed by the European Commission, the bloc's
| executive branch, changes core elements of the GDPR, making it
| easier for companies to share anonymized and pseudonymized
| personal datasets. They would allow AI companies to legally use
| personal data to train AI models, so long as that training
| complies with other GDPR requirements.
|
| Put together and those two basically undo the entire concept of
| privacy as it's trivially easy to target someone from a large
| enough "anonymous" set (there is no anonymous data, there only
| exists data that's not labeled with an ID yet)
| josefritzishere wrote:
| This is criminal.
| ch4s3 wrote:
| To make the popup requirement for non critical cookies in GDPR
| less onerous? Or the change in data operation recording
| requirements that will kick in at a company size of 750
| employees instead of 250?
|
| I assume you mean the AI related stuff?
| andrewshadura wrote:
| It was never required to show a pop-up for essential cookies.
| josefritzishere wrote:
| I work in data privacy and I really hold the GDPR in high
| esteem. The "Ai stuff" is worrisome. The UK has left the EU
| and rolled back privacy rights. The EU is experiencing the
| slow erosion of privacy rights; and the US is a morass of
| highly variable state-level rights. I had such high hopes
| when the CCPA passed.
| nonethewiser wrote:
| How so? Like, figuratively, as-in outrageous?
| schnitzelstoat wrote:
| > One change that's likely to please almost everyone is a
| reduction in Europe's ubiquitous cookie banners and pop-ups.
| Under the new proposal, some "non-risk" cookies won't trigger
| pop-ups at all, and users would be able to control others from
| central browser controls that apply to websites broadly.
|
| Finally!
| aurareturn wrote:
| So they finally admit that it was a mistake.
|
| Even EU government websites had annoying giant cookie banners.
|
| Yet, some how the vast majority of HN comments defend the
| cookie banners saying if you don't do anything "bad" then you
| don't need the banners.
| m00dy wrote:
| worst implementation ever. I bet it is the reason that most
| people are now taking anti depressants.
| basisword wrote:
| It worked to highlight the insane amount of tracking every
| fucking website does. Unfortunately it didn't stop it. A
| browser setting letting me reject everything by default will
| be a better implementation. But this implementation only
| failed because almost every website owner wants to track your
| every move and share those moves with about 50 different
| other trackers and doesn't want to be better.
| GardenLetter27 wrote:
| You can just set your browser not to send whichever cookies
| you don't want to.
|
| Cookies are a client-side technology.
|
| Why does the government need to be involved?
| webstrand wrote:
| Not all cookies are bad for the user, for instance the
| one that keeps you logged in or stores the session id.
| Those kind were never banned in the first place.
|
| Blocking cookies locally doesn't allow you to easily
| discriminate between tracking and functional cookies. And
| even if the browser had a UI for accepting or rejecting
| each cookie, they're not named such that a normal user
| could figure out which are important for not breaking the
| website, and which are just for tracking purposes.
|
| By passing a law that says "website providers must
| disambiguate" this situation can be improved.
| youngtaff wrote:
| Cookies that keep you logged in or maintain a session
| don't need consent
| layer8 wrote:
| The website wouldn't inform you about which cookies are
| doing what. You wouldn't have a basis to decide on which
| cookies you want because they are useful versus which you
| don't because they track you. You also wouldn't be
| informed when functional cookies suddenly turn into
| tracking cookies a week later.
|
| The whole point of the consent popups is to inform the
| user about what is going on. Without legislation, you
| wouldn't get that information.
| stavros wrote:
| Because it's not like the browser has two thousand
| cookies per website, it only has one and then they share
| your data with the two thousand partners server-side. The
| government absolutely needs to be involved.
| immibis wrote:
| Actually it often is a separate cookie per tracker
| because that's convenient for the trackers. But the only
| reason they don't put in the effort to do it the way you
| said is that browsers don't have the feature to block
| individual cookies. If they did, they would.
| 1718627440 wrote:
| Some browsers like Midori do the sensible thing and ask
| you for every cookie, whether you actually want to have
| it. Cookie dialogs are then entirely redundant. You can
| click accept all in the website, and reject all in the
| browser.
| AnthonyMouse wrote:
| To begin with that isn't true, because the worst
| offenders are third party cookies, since they can track
| the user between websites, but then you can block them
| independently of the first party cookies.
|
| Then you have the problem that if they _are_ using a
| single cookie, you now can 't block it because you need
| it to be set so it stops showing you the damn cookie
| banner every time, but meanwhile there is no good way for
| the user or the government to be able to tell what
| they're doing with the data on the back end anyway. So
| now you have to let them set the cookie and hope they're
| not breaking a law where it's hard to detect violations,
| instead of blocking the cookie on every site where it has
| no apparent utility to you.
|
| But the real question is, why does this have anything to
| do with cookies to begin with? If you want to ban data
| sharing or whatever then who cares whether it involves
| cookies or not? If they set a cookie and sell your data
| that's bad but if they're fingerprinting your browser and
| do it then it's all good?
|
| Sometimes laws are dumb simply because the people
| drafting them were bad at it.
| stavros wrote:
| > If you want to ban data sharing or whatever then who
| cares whether it involves cookies or not?
|
| Nobody. The law bans tracking and data sharing, not
| cookies specifically. People have just simplified it to
| "oh, cookies" and ignore that this law bans tracking.
| AnthonyMouse wrote:
| > The law bans tracking and data sharing, not cookies
| specifically.
|
| From what I understand it specifically regards storing
| data on the user's device as something different, and
| then cookies do that so cookies are different.
| stavros wrote:
| Not really, it disallows tracking even if you aren't
| storing anything (eg via fingerprinting):
|
| https://gdpr.eu/cookies/
| AnthonyMouse wrote:
| That link seems to say the opposite:
|
| > The EPR was supposed to be passed in 2018 at the same
| time as the GDPR came into force. The EU obviously missed
| that goal, but there are drafts of the document online,
| and it is scheduled to be finalized sometime this year
| even though there is no still date for when it will be
| implemented. The EPR promises to address browser
| fingerprinting in ways that are similar to cookies,
| create more robust protections for metadata, and take
| into account new methods of communication, like WhatsApp.
|
| If the thing they failed to pass promises to do something
| additional, doesn't that imply that the thing they did
| pass doesn't already do it?
|
| And I mean, just look at this:
|
| > Strictly necessary cookies -- These cookies are
| essential for you to browse the website and use its
| features, such as accessing secure areas of the site.
| Cookies that allow web shops to hold your items in your
| cart while you are shopping online are an example of
| strictly necessary cookies. These cookies will generally
| be first-party session cookies. While it is not required
| to obtain consent for these cookies, what they do and why
| they are necessary should be explained to the user.
|
| > Preferences cookies -- Also known as "functionality
| cookies," these cookies allow a website to remember
| choices you have made in the past, like what language you
| prefer, what region you would like weather reports for,
| or what your user name and password are so you can
| automatically log in.
|
| So you don't need consent for a shopping cart cookie,
| which is basically a login to a numbered account with no
| password, but if you want to do an actual "stay logged in
| with no password" or just not forget the user's preferred
| language now you supposedly need an annoying cookie
| banner even if you're not selling the data or otherwise
| doing anything objectionable with it. It's rubbish.
| rebolek wrote:
| Of course, let ME decide if I want to keep
| fdfhfiudva=dsaafndsafndsoai and remove
| cindijcasndiuv=fwiaqfewjfoi. I know best what those
| cookies do!
| eitau_1 wrote:
| If there's no regulation, nothing stops a website from
| telling hundreds of third-party entities about your
| visit. No amount of fiddling with browser settings and
| extensions will prevent a keen website operator from
| contributing to tracking you (at least on ip/household
| level) by colluding with data brokers via the back-end.
| troupo wrote:
| Because it's not about cookies. Ad trackers shouldn't
| store my precise geolocation for 12 years for example:
| https://x.com/dmitriid/status/1817122117093056541
| fmbb wrote:
| 50 is not even close.
|
| Those banners often list up to 3000 "partners".
| graemep wrote:
| The cookie law made this worse.
|
| I used to use an extension that let me whitelist which
| sites could set cookies (which was pretty much those I
| wanted to login to). I had to stop using it because I had
| to allow the cookie preference cookies on too many sites.
| immibis wrote:
| There could be an extension to block the banners, too. I
| think uBO has a feature to block certain CSS classes?
| graemep wrote:
| The only thing that works well for me is using an
| extension that automatically gives permissions and
| another that auto deletes cookies when i close the tab.
|
| The problem with Ublock etc. is that just blocking breaks
| quite a lot of sites.
| whstl wrote:
| uBlock blocks most of those for me lately.
| pessimizer wrote:
| You can fix that. I use an extension called "I don't care
| about cookies" that clicks "yes" to all cookies on all
| websites, and I use another extension* that doesn't allow
| any cookies to be set unless I whitelist the site, and I
| can do this finely even e.g. to the point where I accept
| a cookie from one page to get to the next page, then drop
| it, and drop the entire site from even that whitelist
| when I leave the page, setting this all with a couple of
| clicks.
|
| * Sadly the second is unmaintained, and lets localStorage
| stuff through. There are other extensions that have to be
| called in (I still need to hide referers and other things
| anyway.) https://addons.mozilla.org/en-
| US/firefox/addon/forget_me_not.... I have the
| simultaneous desire to take the extension over or fork
| it, and the desire not to get more involved with the
| sinking ship which is Firefox. Especially with the way
| they treat extension developers.
|
| https://addons.mozilla.org/en-US/firefox/addon/cookie-
| autode... does a similar thing.
| graemep wrote:
| I use the first of those extensions, its the cookie
| whitelist one that no longer works for me.
| youngtaff wrote:
| Cookie banners are made obtrusive by the people running CMPs
| as they want to make it as hard as possible to stop
| collecting the data
| Mountain_Skies wrote:
| Funny thing is that I often will go out of my way to find
| the least permissive settings if the banner is obnoxious or
| has a dark pattern.
| LogicFailsMe wrote:
| every accusation is a confession you see...
| legitster wrote:
| > Yet, some how the vast majority of HN comments defend the
| cookie banners saying if you don't do anything "bad" then you
| don't need the banners.
|
| There are a LOT of shades of gray when it comes to website
| tracking and HN commenters refuse to deal with nuance.
|
| Imagine running a store, and then I ask you how many
| customers you had yesterday and what they are looking at. "I
| don't watch the visitors - it's unnecessary and invasive".
| When in fact, having a general idea what your customers are
| looking for or doing in your store is pretty essential for
| running your business.
|
| Obviously, this is different than taking the customer's
| picture and trading it with the store across the street.
|
| When it comes to websites and cookie use, the GDPR treated
| both behaviors identically.
| pseudalopex wrote:
| > Imagine running a store, and then I ask you how many
| customers you had yesterday and what they are looking at.
|
| Server logs can provide this information.
| legitster wrote:
| Not for the amount of stuff on the web now that is
| client-side rendered.
| pseudalopex wrote:
| Client side rendering means in practice clicking a
| product retrieves JSON and images instead of HTML and
| images. This can be logged.
| crazygringo wrote:
| Only in very simple ways.
|
| Realistically, you want to know things like, how many
| users who looked at something made a purchase in the next
| 3 days? Is that going up or down after a recent change we
| made?
|
| Many necessary business analytics require tracking and
| aggregating the behavior of individual users. You can't
| do that with server logs.
| croes wrote:
| > if you don't do anything "bad" then you don't need the
| banners.
|
| Because that's how it is. For instance why does a site need
| to share my data with over 1000 "partners"?
|
| And the EU uses the same tracking and website frameworks as
| others so they got banners automatically.
|
| It wasn't a mistake but website providers maliciously
| complied with the banners to shift the blame.
|
| Seems you fell for it.
| jonesjohnson wrote:
| the issue was never the law.
|
| the issue were the 100s of tracking cookies and that websites
| would use dark patterns or simply not offer a "no to all"
| button at all (which is against the law, btw.)
|
| Most websites do. not. need. cookies.
|
| It's all about tracking and surveillance to show you different
| prices on airbnb and booking.com to maximise their profits.
|
| https://noyb.eu/en/project/cookie-banners (edit: link)
| rpastuszak wrote:
| I'm not sure why this is being downvoted?
| zdragnar wrote:
| The premise is that the intent of the law was good, so
| everyone should naturally change their behavior to obey the
| spirit of the law.
|
| That isn't how people work. The law was poorly written and
| even more poorly enforced. Attempts at "compliance" made
| the web browsing experience worse.
| norman784 wrote:
| The implementors of the banners did it in the most
| annoying way, so most users will just accept all instead
| of rejecting all (because the button to reject all was
| hidden or not there at all), check steam store for
| example their banner is non intrusive and you can clearly
| reject or accept all in one click.
| nemomarx wrote:
| people intentionally made the banners annoying or tried
| to make the reject button smaller / more awkward so that
| they could keep tracking.
|
| Definitely a failure of enforcement, but let's not
| pretend that was good faith compliance from operators
| either
| masfuerte wrote:
| I'd settle for companies obeying the letter of the law.
| They don't do that either.
| dspillett wrote:
| _> Attempts at "compliance" made the web browsing
| experience worse._
|
| Malicious compliance made the web browsing experience
| worse. That and deliberately not complying by as much as
| sites thought they could get away with, which is
| increasing as it becomes more obvious enforcement just
| isn't there.
| Qwertious wrote:
| The law wasn't poorly written, most websites just don't
| follow the law. Yes, they're doing illegal things, but it
| turns out enforcement is weak so the lawbreaking is so
| ubiquitous that people think it's the fault of the law
| itself.
| JumpCrisscross wrote:
| > _law wasn 't poorly written, most websites just don't
| follow the law_
|
| I honestly haven't found the banners on EU websites any
| less annoying or cumbersome than those on shady
| operators' sites.
| whstl wrote:
| Most websites in the EU also aren't following the law.
| filoleg wrote:
| > [...] most websites just don't follow the law. Yes,
| they're doing illegal things, but it turns out
| enforcement is weak so the lawbreaking is so ubiquitous
| [...]
|
| I just checked the major institutional EU websites listed
| here[0], and every single one (e.g., [1][2][3]) had a
| different annoying massive cookie banner. In fact, I was
| impressed I couldn't find a single EU government website
| without a massive cookie banner.
|
| I don't know if it is due to the law enforcement being so
| weak (or if the law itself is at fault or whatever else).
| But it seems like something is not right (either with
| your argument or EU), given the EU government itself
| engages in this "lawbreaking" (as defined by you) on
| every single one of their own major institutional
| websites.
|
| The potential reason you brought up of "law enforcement
| is just weak" just seems like the biggest EU regulatory
| environment roast possible (which is why I don't believe
| it to be the real reason), given that not only they fail
| to enforce it against third parties (which would be at
| least somewhat understandable), but they cannot even
| enforce it on any of their own first party websites (aka
| they don't even try following their own rules
| themselves).
|
| 0. https://guides.libraries.psu.edu/european-
| union/official-ser...
|
| 1. https://www.europarl.europa.eu/portal/en
|
| 2. https://www.consilium.europa.eu/en/
|
| 3. https://european-union.europa.eu/index_en
| weberer wrote:
| Because the issue is due to a failure in the law. The
| failure of not enforcing the "do not track" setting from
| browsers that would avoid the need for these annoying pop-
| ups in the first place.
| whstl wrote:
| A lot of people at HN work in industries that track, or are
| the ones choosing to use the banners in the first place.
| layer8 wrote:
| The issue is the lack of enforcement of the law. And instead
| of strengthening the enforcement, they are diluting the law
| now.
| rebolek wrote:
| I think that most websites need cookies. I have a website
| with short stories. It lets you set font size and dark/bright
| theme, nothing special. Do I want to store your settings on
| server? No, why should I waste my resources? Just store it in
| your browser! Cookies are perfect for that. Do I know your
| settings? No, I don't, I don't care. I set a cookie, JS reads
| it and changes something on client. No tracking at all.
| Cookies are perfect for that. People just abuse them like
| everything else, that's the problem, not cookies.
|
| And BTW because I don't care about your cookies, I don't need
| to bother you with cookie banner. It's that easy.
|
| Also, if I would implement user management for whatever
| reason, I would NOT NEED to show the banner also. ONLY if I
| shared the info with third side. The rules are simple yet the
| ways people bend them are very creative.
| nightpool wrote:
| Unfortunately, because these types of preferences (font
| size, dark/light mode theme) are "non-essential", you _are_
| required to inform users about them using a cookie banner,
| per EU ePrivacy directive (the one that predates the GDPR).
| So if you don 't use a cookie banner in this case, you are
| not in compliance.
| graemep wrote:
| > lets you set font size and dark/bright theme,
|
| You do not need cookies for either of these. CSS can follow
| browser preferences, and browsers can change font sizes
| with zoom.
|
| I am not sure these cookies are covered by the regulations.
| No personal so not covered by GDPR. They might be covered
| by the ePrivacy directive (the "cookie law").
| zrn900 wrote:
| > Most websites do. not. need. cookies.
|
| All websites need cookies, at least for functionality and for
| analytics. We aren't living in the mid-1990s when websites
| were being operated for free by university departments or
| major megacorps in a closed system. The cookie law screwed
| all the small businesses and individuals who needed to be
| able to earn money to run their websites. It crippled
| everyone but big megacorps, who just pay the fines and go
| ahead with violating everyone's privacy.
| amelius wrote:
| Can we get the do-not-track header instead?
|
| https://en.wikipedia.org/wiki/Do_Not_Track
|
| Because that made more sense than the cookie banner ever did.
|
| Edit: it looks like there is a legal alternative now: Global
| Privacy Control.
| stavros wrote:
| Instead of what? Instead of the central browser controls?
| weberer wrote:
| >Instead of what?
|
| Instead of a different cookie pop-up on every single site
| you visit
|
| >Instead of the central browser controls?
|
| This is the central browser control. The header is how the
| browser communicates it to the websites.
| stavros wrote:
| This very article is about how we're getting a central
| browser control, and your comment was "can we finally get
| a central browser control instead?".
| phendrenad2 wrote:
| Well, it's a minor details hidden in the middle of the
| article, I also missed it.
| stavros wrote:
| But the person weberer replied to was quoting the exact
| place.
| arielcostas wrote:
| Or a new, opt-in "Do-Track" that means consent to tracking,
| and anything else means tracking is not allowed. Why should
| it opt-out?
| whstl wrote:
| As long as there is Do-Not-Track as well, and companies
| must follow BOTH, this would be ok by me.
|
| But this one alone opens the door to behavior similar to
| tracking cookies, where accepting all was easy and not
| accepting was hard af.
| dang wrote:
| Related ongoing thread:
|
| _Europe 's cookie nightmare is crumbling. EC wants preference
| at browser level_ -
| https://news.ycombinator.com/item?id=45979527 - Nov 2025 (80
| comments)
| wkat4242 wrote:
| The cookie thing sounds good at first but then it shows that
| they rant to reduce cookiewalls by making more things ok
| without asking :(
| nightpool wrote:
| Yes. I don't think you should have to show a popup to track
| the user's language preferences, whether they want a header
| toggled on or off, or other such harmless preferences. Yet,
| the EU ePrivacy directive (separately from the GDPR) really
| does require popups to inform users of these "cookies".
| shaky-carrousel wrote:
| That's the real news. There's no U turn, no weakening of GDPR.
| This article is propaganda.
| hdgvhicv wrote:
| Those "cookie banners" are nonsense aimed at getting this
| outcome.
|
| This is a loss for European citizens and small businesses and a
| win for the trillion dollar ecosystem of data abuse.
| immibis wrote:
| There's the confusion about whether ePD (which is all cookies
| even functional ones) was superseded by GDPR or whether it
| wasn't and both rules apply. Personally I think common sense
| is that GDPR replaced ePD or at least its cookie banner rule,
| but I'm also not a company with billions of euros to sue.
| nonethewiser wrote:
| How can you comply with the current requirements without
| cookie banners? Why would EU governments use cookie banners
| if they are just nonsense meant to degrade approval of GDPR?
| BadBadJellyBean wrote:
| By not putting a billion trackers on your site and also by
| not using dark patterns. The idea was a simple yes or no.
| It became: "yes or click through these 1000 trackers" or
| "yes or pay". The problem is that it became normal to just
| collect and hoard data about everyone.
| tantalor wrote:
| > billion trackers ... dark patterns
|
| Straw man argument.
|
| The rule equally applies to sites with just one tracker
| and no dark patterns.
| nonethewiser wrote:
| Again, then why does the EU do this? Clearly its not
| simply about erroding confidence in GDPR if the EU is
| literally doing it themselves.
|
| Besides, you seem to be confusing something.
|
| GDPR requires explicit explanation of each cookie,
| including these 1000s of trackers. It in no way bans
| these. This is just GDPR working as intended - some
| people want to have 1000s of trackers and GDPR makes them
| explain each one with a permission.
|
| Maybe it would be nice to not have so many trackers.
| Maybe the EU should ban trackers. Maybe consumers should
| care about granular cookie permissions and stop using
| websites that have 1000s of them because its annoying as
| fuck. But some companies do prefer to have these trackers
| and it is required by GDPR to confront the user with the
| details and a control.
| pseudalopex wrote:
| > Besides, you seem to be confusing something.
|
| No. You asked How can you comply with the current
| requirements without cookie banners? Not How can you have
| trackers and comply with the current requirements without
| cookie banners? And don't use dark patterns would have
| answered this question as well.
| nonethewiser wrote:
| >No. You asked How can you comply with the current
| requirements without cookie banners?
|
| Within the context of the discussion of if its malicious
| compliance or a natural consequence of the law. Obviously
| you could have a website with 0 cookies but thats not the
| world we live in. Maybe you were hoping GDPR would have
| the side effect of people using less cookies? It in no
| way requires that though.
|
| I mean just think of it this way. Company A uses Scary
| Dark Pattern. EU makes regulation requiring information
| and consent from user for companies that use Scary Dark
| Pattern. Company A adds information and consent about
| Scary Dark Pattern.
|
| Where is the malicious compliance? The EU never made
| tracker cookies or cookies over some amount illegal.
| pseudalopex wrote:
| > Within the context of the discussion of if its
| malicious compliance or a natural consequence of the law.
|
| You ignored I said don't use dark patterns answered the
| question you meant to ask.
|
| > Obviously you could have a website with 0 cookies but
| thats not the world we live in. Maybe you were hoping
| GDPR would have the side effect of people using less
| cookies?
|
| We were discussing trackers. Not cookies.
|
| > I mean just think of it this way. Company A uses Scary
| Dark Pattern. EU makes regulation requiring information
| and consent from user for companies that use Scary Dark
| Pattern. Company A adds information and consent about
| Scary Dark Pattern.
|
| I will not think of it using an unnecessary and incorrect
| analogy. And writing things like Scary Dark Pattern is
| childish and shows bad faith.
|
| > Where is the malicious compliance? The EU never made
| tracker cookies or cookies over some amount illegal.
|
| The malicious compliance is the dark patterns you
| ignored. Rejecting cookies was much more complicated than
| accepting them. Users were pressured to consent by
| constantly repeating banners. The "optimal user
| experience" and "accept and close" labels were
| misleading. These were ruled not compliance in fact.[1]
| But the companies knew it was malicious and thought it
| was compliance.
|
| Ignoring Do Not Track or Global Privacy Control and
| presenting a cookie banner is a dark pattern as well.
|
| [1] https://techgdpr.com/blog/data-protection-
| digest-3062025-the...
| croes wrote:
| Don't track your site visitors.
|
| No tracking, no banner.
|
| Or respect the now deprecated DNT flag, no banner
| necessary.
|
| Now we get DNT 2.0 and the website owner will once again
| maliciously comply.
| nonethewiser wrote:
| OK sounds great.
|
| But some companies prefer to have trackers. They are
| required by GDPR to explain each cookie and offer a
| control for permissions. They probably had trackers
| before GDPR too. So how is that malicious compliance?
| They are just operating how they did before except now
| they are observing GDPR.
|
| It sounds like maybe you just want them to ban trackers.
| Or for people to care more about trackers and stop using
| websites with trackers (thereby driving down trackers)
| Great. Those are all great. But none of them happened and
| none of that is dictated by GDPR.
| Neikius wrote:
| You can have first party trackers. That is not so hard.
| Every site onto itself is a first party tracker, but if
| your developers can't do it there are opensource
| solutions available to host.
| nonethewiser wrote:
| Again, great. Didn't happen and isn't required by GDPR
| though.
| croes wrote:
| Malicious compliance are those dark patterns where it
| takes on click to accept all but multiple clicks to
| reject all.
|
| I remember the early day cookie banners of Tumbler accept
| all or deselect 200 tracking cookies by clicking each
| checkbox.
| hdgvhicv wrote:
| By not setting a cookie until the user does something
| active when I then tell them (say on "log in" or "add to
| basket".
| nonethewiser wrote:
| I dont think you actually need a cookie for that,
| technically. But I take your point.
|
| What about trackers which they want to set immediately on
| page load? Just separate prompts for each seems worse
| than 1 condensed view. You might say "but trackers suck -
| I don't care about supporting a good UX for them" and it
| would be hard to disagree. But I'm making the point that
| its not malicious compliance. It would be great if people
| didn't use trackers but that is the status quo and GDPR
| didn't make theme illegal. Simply operating as normal
| plus new GDPR compliance clearly isnt malicious. The
| reality is cookie banners everywhere was an inevitable
| consequence of GDPR.
| watermelon0 wrote:
| You don't need a cookie banner for
| authentication/shopping basket cookies, since these are
| essential.
|
| However, you are still required to provide a list of
| essential cookies and their usage somewhere on the
| website.
| phendrenad2 wrote:
| This. I don't know why there's a heavy overlap between
| the "GDPR didn't go far enough" people and not actually
| reading the GRPR. I'd think they would overlap a lot with
| people who actually read it.
| vouwfietsman wrote:
| > Why would EU governments use cookie banners
|
| They generally don't, because you don't need banners to
| store cookies that _you need to store to have a working
| site_.
|
| In other words, if you see cookie banner, somebody is
| _asking to store /track stuff about you that's not really
| needed_.
|
| Cookie banners were invented by the market as a loophole to
| continue dark patterns and bad practices. EU is catching
| flak because its extremely hard to legislate against
| explicit bad actors abusing loopholes in new technology.
|
| But yeah, blame EU.
|
| And before you go all "but my analytics is needed to get 1%
| more conversion on my webshop": if you have to convince me
| to buy your product by making the BUY button 10% larger and
| pulsate rainbow colors because your A/B test told you so, I
| will happily include that in the category "dark patterns".
| nonethewiser wrote:
| In terms of whether or not the ubiquity of cookie banners
| is malicious compliance or if it was an inevitable
| consequence of GDPR, it doesnt matter if trackers are
| good or necessary. GDPR doesn't ban them. So having them
| and getting consent is just a normal consequence.
|
| We can say, "Wouldn't it have been nice if the bad UX of
| all these cookies organically led to the death of
| trackers," but it didn't. And now proponents of GDPR are
| blaming companies for following GDPR. This comes from
| confusing the actual law with a desired side effect that
| didn't materialize.
| troupo wrote:
| No, those companies do not follow GDPR. They are testing
| how far they can go without triggering mass complaints
| etc.
|
| See https://noyb.eu/en/where-did-all-reject-buttons-come
| Neikius wrote:
| you CAN use analytics! Just need to use first party
| analytics... it is not so hard to set up, there are many
| opensource self-hosted options.
|
| I hate how everyone and their mother ships all my data to
| google and others just because they can.
| crazygringo wrote:
| Let's not deceive ourselves -- first-party analytics are
| much, much harder to set up, and a lot less people are
| trained on other analytics platforms.
|
| They're also inherently less trustworthy when it comes to
| valuations and due diligence, since you could falsify
| historical data yourself, which you can't do with Google.
| inkysigma wrote:
| Can you actually do meaningful analytics without the
| banner at all? You need to identify the endpoint to
| deduplicate web page interactions and this isn't covered
| under essential use afaik. I think this means you need
| consent though I don't know if this covered under GDPR or
| ePrivacy or one of the other myriad of regulations on
| this.
| Neikius wrote:
| By not tracking and setting any third party cookies. Just
| using strictly functional cookies is fine, just put a
| disclaimer somewhere in the footer and explain as those are
| already allowed and cannot be disabled anyway.
| croes wrote:
| Non-risk cookies never required a banner.
| port11 wrote:
| Truly non-risk cookies were already exempt from the cookie
| banner. In fact, the obnoxious consent-forcing cookie banners
| are themselves in violation of the law. It's ironic that
| instead of enforcement we dumb it all down for the data
| grabbers. And most of them non-European to boot, so clearly
| this is amazing for the EU tech ecosystem.
| theoldgreybeard wrote:
| jokes on them i never followed the law anyway
| goobatrooba wrote:
| The funny part is that many banners are already now not
| required. But there has been much propaganda by adtech around
| it, to rule people up against tracking protections and promote
| their own "solutions". That's the reason you see the same 3-5
| cookie banners all around the web. Already today websites that
| use purely technical cookies would not actually not need any
| banners at all.
| bpodgursky wrote:
| > The EU folds under Big Tech's pressure.
|
| This is a very odd framing, because the actual reason from quotes
| in the article is that the EU is acutely feeling the pain of
| _having no big tech companies_ , due in part to burdensome
| privacy regulations.
|
| The pressure isn't really from big tech, it's from feeling poor
| and setting themselves up as irrelevant consumers of an economy
| permeated by AI.
| m00dy wrote:
| europe got stuck in the old world, they will never have tech
| companies.
| yardie wrote:
| > due in part to burdensome privacy regulations.
|
| A large part is due to their approach to startup investing and
| chronic undercapitalization. GDPR is coming up 10 years now and
| the worries about it were overblown. What hasn't budged is
| Europe is very fiscally conservative on technology. Unless it's
| coming from their big corporations it's very hard to get
| funding. Everyone wants the same thing, a sure bet.
| bpodgursky wrote:
| I think this is a very rosy framing.
|
| GDPR showed that once you are a ten-billion dollar company,
| your compliance team can manage GDPR enough to enter the
| market. For a _startup_ , starting in the EU or entering the
| EU early is still extremely difficult because the burdens do
| not scale linearly with size.
|
| This means that yes, US tech giants can sell into the EU, but
| the EU will never get their own domestic tech giants because
| they simply cannot get off the ground there.
| yardie wrote:
| My company did not retain customer data or retained very
| little. So compliance for us was very simple. If your
| business venture relies on that PII data you're going to
| have a hard time. And I'm not exactly sympathetic since I'm
| regularly getting notified from HaveIbeenPwned about
| another PII leak.
| bpodgursky wrote:
| I'm not sure what you're looking for here. If your
| position is "it should be difficult to make a company
| that has PII" you won't get any significant AI or
| consumer tech companies in your jurisdiction. That's just
| reality, they use PII, they personalize on PII, they
| receive PII, that's how they work.
|
| If that is your goal, OK, that's a choice, but then you
| can't say "oh GDPR fears were overblown". They caused
| exactly the problems people were predicting, and that's
| what EU leadership is now trying to change.
| hdgvhicv wrote:
| If I sign up your company I can opt into that
| personalisation at signup time.
|
| You have no business stealing my personal data until we
| enter an equal agreement.
| shaky-carrousel wrote:
| The EU is not folding. The article is two facts surrounded by a
| huge ball of propaganda.
| m00dy wrote:
| I used to live and work in EU, get out of EU before it is too
| late.
| jonesjohnson wrote:
| like UK, you mean? boy that did really work out well for them!
| m00dy wrote:
| Watch out for French government bonds (10yr), France will be
| the next before 2030.
| ljosifov wrote:
| So far so good - and I say this as one voting remain. The
| only gripe I have is that our domestic doomers were even more
| stupid than the EU ones. Ours were the progenitors of many of
| EU dumb ideas. So even outside EU, we in the UK not only did
| not repeal the utterly imbecilic laws we inherited. No - we
| added even more stupid laws. Consequence being people are put
| in jail for writing stuff on the Internet. I hope someone
| puts in jail the lawmakers that voted for these laws. To the
| cheering of and with public support, it must be said. It was
| not without consent, it was not only bi-party, but omni-party
| consent.
| kmeisthax wrote:
| I think a lot of Brexiteers don't entirely understand _why_
| the EU was a problem.
|
| The only thing they saw was the EU migrant crisis and the
| UK not having total control over its own borders. Things I
| don't care about[0]. The actual problem with the EU is only
| tangentially related to that concern, and it's the fact
| that the EU is a democratically unresponsive accountability
| sink. When a politician wants to do something unpopular,
| they get the EU to do it, so they can pretend like they're
| powerless against it. See also: the 10,000 attempts to
| reintroduce Chat Control.
|
| The easiest way to fix this would be a new EU treaty that
| makes the EU directly elected. But that would also mean
| federalizing the EU, because all the features that make the
| EU undemocratic are the same features that protect the EU
| from doing an end run around member states. The alternative
| would be for EU member states' voters to deliberately
| sacrifice their local votes in order to vote in people who
| promise to appoint specific people at the EU level. That's
| what happened in America with its Senate, and why it moved
| to direct election of Senators, because people were being
| voted in as Governor just to get Senators elected.
|
| A lot of times we talk about political issues on a
| partisanship spectrum - i.e. "partisan" vs "bi-partisan" or
| "non-partisan" issues. The reality is that, in WEIRD[1]
| countries, most parties have a common goal of "keep the
| state thriving". The primary disagreement between them is
| how to go about doing such a thing and what moral lines[2]
| shall be crossed to do so. That's where you get shit like
| America's culture war. The people who live in the country
| and are subject to its laws are far less hospitable to the
| kinds of horrifying decisions politicians make on a daily
| basis, mainly because they'll be at the business end of
| them. This creates a dynamic of "anti-partisanship" where
| the people broadly support things that the political class
| broadly opposes.
|
| For example, DMCA 1201. The people did not want this, the
| EFF successfully fought a prior version of it off in
| Congress, then Congress went to the WTO and begged them to
| handcuff America to it anyway. The people would like to see
| it reformed or repealed; that's where you get the "right-
| to-repair" movement. But the political class _needs DMCA
| 1201 to be there_. They need a thriving cultural industry
| to engage in cultural hegemony, and a technology sector
| that can be made to shut off the enemy 's tanks. The kinds
| of artistic and technological megaprojects the state
| demands require a brutal and extractive intellectual
| property[3] regime in order to be economically sustainable.
| So IP is a bi-partisan concern, while Right-to-Repair is an
| anti-partisan concern.
|
| In terms of WEIRD countries, the UK is probably one of the
| WEIRDest, and thus a progenitor of a _lot_ of stupid
| bullshit legislation. If they had not left the EU, the
| Online Safety Act would have been the EU Online Safety
| Directive.
|
| [0] To be clear, my opinion regarding migration is that the
| only valid reason to refuse entry to a country is for a
| specific security reason. Otherwise, we should hand out
| visas like candy, for the sake of freedom. Immigration
| restrictions are really just _emigration_ restrictions with
| extra steps.
|
| [1] Western, Educated, Industrialized, Rich, Democratic
|
| [2] All states are fundamentally "criminals with crowns".
| Their economies are rapine. When they run out of shit to
| steal all the gangsters turn on each other and you get a
| failed state.
|
| [3] In the Doctorowian sense: "any law that grants the
| ability to dictate the conduct of your competitors". This
| actually extends back far further than copyright, patent,
| or trademark law does. Those are the modern capitalist
| versions of a far older feudalist practice of the state
| handing out monopolies to favored lords.
| nitwit005 wrote:
| The UK was known for bureaucracy even before they joined
| the EU. The idea that the red tape would vanish was always
| silly.
| saubeidl wrote:
| I did the opposite, I moved to the EU before it is too late.
|
| It's the only power left that stands for rule of law.
| drstewart wrote:
| Wow. Powerful statement. I suppose other places are probably
| scaling back GDPR and relaxing AI laws, unlike the glorious
| EU?
| saubeidl wrote:
| I disagree with this move. However, I disagree with moves
| made in other places even more. Especially the US has been
| moving away from rule of law at a rapid pace.
| m3kw9 wrote:
| the consequences of their laws is pushing their hands
| bitpush wrote:
| Incredible to see the 180 both from EU and also from the HN
| sentiment. HN was cheering on as EU went after Big Tech
| companies, especially Meta. Meta is no perfect company, but the
| amount of 'please stick it to them' was strong (I reckon that is
| still a bridge too far for a lot of folks here).
|
| Even extreme proponents of big tech villanery in the US (Lina
| Khan's FTC) is also facing losses (They just lost their
| monumental case against Meta yesterday).
|
| What I really want to see is Meta getting irrelevant ON MERIT.
| People stop using Meta products, and then I want to see it die.
| But not by forcing the hand - that's bad for everyone, especially
| the enterpreuer / hacker types on this site
| surgical_fire wrote:
| I live in EU. I am totally in support to force Meta down
| through government's big stick.
|
| While they are at it, I hope they do it to the other big techs
| too.
|
| Being a "hacker type" (whatever that means) does not equate to
| being complacent to these companies abusing their economic
| power.
| stavros wrote:
| Yeah, seconded, and I also live in the EU.
| jonesjohnson wrote:
| Then I propose you should support https://noyb.eu/
|
| Their track record is pretty good.
| stavros wrote:
| If you support them (I do, they do great work), please set
| up a yearly subscription. Predictable revenue is very
| valuable for organizations.
| trinsic2 wrote:
| Do we have anything like this in the U.S.?
| rebolek wrote:
| I wonder what kind of people downvote you. They must have
| interesting priorities.
| __loam wrote:
| It's pretty telling that people here think enforcement of anti-
| trust laws that are already on the books is "extreme". The
| implicit goal of half of tech startups is basically becoming
| the platform for whatever and getting a soft monopoly, so I
| guess it's not surprising that that people who are temporarily
| embarrassed monopolists have these views.
| GardenLetter27 wrote:
| Look at what happened to iRobot vs. Roborock though.
| radicalbyte wrote:
| There has been a change in the community here over the last
| decade, we've lost a lot of the hacker spirit and have a larger
| proportion of "chancers", people who are only in tech to "get
| rich quick". The legacy of ZIRP combined with The Social
| Network marketing.
| sandworm101 wrote:
| The hackers are still here, lurking in the shadows. Bananas.
| They are just tired of being berated by fanboys anytime they
| criticize the will of the tech bros. There is no fun in
| typing out a well-researched answer only to face a torrent of
| one-second "nah, you are wrong" replies mixed in with AI
| slop. Bananas.
| danem wrote:
| Am I the victim of the algorithm? Because all I see on HN
| these days is people pessimistic about tech and society.
| The tenor here is overwhelmingly negative.
|
| Where are you seeing anyone defend big tech, tech bros, or
| any tech in general?
| filoleg wrote:
| > _There is no fun in typing out a well-researched answer
| only to face a torrent of one-second "nah, you are wrong"
| replies mixed in with AI slop. Bananas._
|
| That "AI slop replies" excuse you mentioned would only
| apply to the past 3 years at most (aka ChatGPT 3.5 release
| on Nov 30th 2022). While the grandparent comment's take
| felt true to my perception for at least the past 10-15
| years, way before "AI slop replies" were even a remote
| concern.
| GardenLetter27 wrote:
| Hackers should know the government is never on your side.
| layer8 wrote:
| Growth hackers aim for regulatory capture.
| JumpCrisscross wrote:
| > _Hackers should know the government is never on your
| side_
|
| Never is naive. Hackers should understand governments are
| complex, dynamic and occasionally chaotic systems. Those
| systems can be influenced and sometimes controlled by
| various means. And those levers are generally available to
| anyone with a modicum of intelligence and motivation.
| argomo wrote:
| In addition, hackers should know government is
| inevitable. Even in anarchy, governments spontaneously
| begin to form.
| buildbot wrote:
| If I am not mistaken, the anarchist school of thought is
| okay with governance and even governments, but not with
| the concept of the state - an entity that exists to
| enforce governance with violence. For example,
| https://en.wikipedia.org/wiki/Anarchy,_State,_and_Utopia
|
| I'm not 100% sure though.
|
| edit - a (vs. the) school of thought is more accurate.
| xboxnolifes wrote:
| That may be one of them, but there isn't a singular
| anarchist school of thought.
| JumpCrisscross wrote:
| > _there isn 't a singular anarchist school of thought_
|
| Would be oxymoronic if there were one.
| mc32 wrote:
| Isn't that like saying there must be as many universes as
| theoretical physicists can think up? Slight maybe but it
| could also just be one.
| JumpCrisscross wrote:
| > _Isn't that like saying there must be as many universes
| as theoretical physicists can think up?_
|
| Schools of thought are theories. It's saying there can be
| as many theoretical universes as theoretical physicists
| can think up.
|
| This is true for any social construct, of course. But
| anarchy's nature means you get less alignment.
| cess11 wrote:
| The ideal of self-governance as opposed to alienated
| state or institutional governance is quite common in
| anarchist thought. Some would probably consider it
| foundational for the tendency.
| cholantesh wrote:
| Nozick's libertarianism is not really an anarchist school
| of thought.
| gary_0 wrote:
| I think of anarchy as a theoretical end state, where
| power is perfectly distributed among each individual, but
| that this is less of an actually achievable condition and
| more of a direction to head in (and away from monarchy,
| where power is completely centralized).
| 1970-01-01 wrote:
| Yep. The FBI swings from lawful good to lawful evil on a
| case by case basis. Trusting them is dangerous, but a
| world where they can be ignored is more dangerous.
| cess11 wrote:
| No, the naive position is to assume that the state is on
| your side because you occasionally gain something from
| it.
| HardCodedBias wrote:
| "Hackers should understand governments are complex,
| dynamic and occasionally chaotic systems"
|
| No. Hackers should understand that government is _force_.
| This is the definition of government.
|
| And force is the antithesis of the hacker ethos.
| vkou wrote:
| Neither are the billionaires and their deputies who both
| own and run all the megacorps.
|
| 99% of the current AI push is _entirely anti-hacker ethos_.
| It is a race to consolidate control of the world 's
| computing and its economic surplus to ~5 organizations.
|
| A few people do interesting stuff on the edges of this, but
| the rest of the work in it is anathema to hacker values.
| arbol wrote:
| The client ai push has also enabled people to run local
| llama models and build products without those companies.
| Presumably there'll be more of this to come
| vkou wrote:
| That's the 1%. It's the hair on the back of the elephant.
|
| Their capabilities will fall further and further behind
| models that need a billion dollars to train, and a
| supercomputer to run. You're making a faustian bargain.
| NalNezumi wrote:
| A hacker should probably know that it's usually trade offs
| and blanket statements are very useless. Certain tools are
| good for certain tasks and situations, but bad for others.
| No free lunch and all that.
|
| If you make that blanket statement, you're definitely not a
| hacker (or just a novice). But you'd make a heck of a
| politician or tech bro salesman
| purple_turtle wrote:
| That is an absolute nonsense.
|
| At minimum, government will be useful as defence against
| worse government.
|
| I know that some anarchist had dream of a stateless world,
| but it is not viable.
|
| And while I am not going to say that any government is
| ideal, many are better than USSR, Third Reich or Cambodia
| under Pol Pot.
| palata wrote:
| In a democracy, the government is its citizen. It sucks
| when you disagree with the majority of the voters, of
| course. But it's wrong to say that the government is
| against the majority of the voters: it was elected by them.
| nrhrjrjrjtntbt wrote:
| A government or president can definitely be against its
| voters interests.
| poszlem wrote:
| The truly "eternal" September.
|
| https://en.wikipedia.org/wiki/Eternal_September
| bsimpson wrote:
| I don't know if it's a changing of the audience or a change
| in how people behave generally, but this place has been
| insufferable lately whenever anything remotely related to
| Donald Trump's administration comes up.
|
| One of the things that made this place special relative to
| other online communities is the ethos to interrogate through
| a lens of curiosity. Now, there's a lot of vitriol that's
| indistinguishable from any other comment section.
| taurath wrote:
| It's a difference in values. To some, the ends justify the
| means and human life has no inherent value and the world is
| zero sum, and to some, a lying malignant narcissist
| deciding who lives and who dies is a personification of
| evil.
|
| To some people, it's literally a choice between that "lens
| of curiosity" and their families lives. But people for whom
| politics has never directly impacted them past a few % up
| or down in their paychecks can't understand that, or feel
| safe in the idea that "they won't come for me".
| rootusrootus wrote:
| Yeah I still remember my first interaction with a supporter
| back in 2016. It was startling, and the first hint I had
| that politics was about to shift abruptly.
| pipes wrote:
| In the last few years I think sentiment on hacker news has
| shifted from libertarian leaning to much mored left leaning.
| The same happened on Reddit a few years before. Anyway, just
| my gut feeling, nothing scientific.
| bitpush wrote:
| Keen observation both you and OP. We've gone from a sense
| of techno optimism to tech blaming.
|
| Valid criticism is OK (I stand by crypto being a scam) but
| bring up any topic that is neutral to popular(VR,
| Autonomous Driving, LLM) and people are first to be
| luddites come out.
| aylmao wrote:
| > We've gone from a sense of techno optimism to tech
| blaming.
|
| IMO this is simply because the tech industry isn't what
| it was 20+ years ago. We didn't have the monopolistic
| mammoths we have today, such ruthless focus on
| profiteering, or key figures so disconnected from the
| layperson.
|
| People hated on Microsoft and they were taken to court
| for practices that nowadays seem to be commonplace with
| any of the other big tech companies. A future where
| everyone has a personal computer was exciting and seemed
| strictly beneficial; but with time these "futures" the
| tech industry wants us to imagine have just gotten either
| less credible, or more dystopic.
|
| A future where everyone is on Facebook for example sounds
| dystopic, knowing the power that lays on personal data
| collection, the company's track record, or just what the
| product actually gives us: an endless feed of low-quality
| content. Even things that don't seem dystopic like VR
| seem kinda unnecessary when compared to the very
| tanginble benefit the personal computer or the internet
| brought about.
|
| There are more tangible reasons to not be optimistic
| nowadays.
| radicalbyte wrote:
| I find it really hard to classify myself. I've always
| called myself a "libertarian" - I believe the best strategy
| to Civilization is to maximise freedom for anyone. As
| freedom enables enlightenment an enlightenment drives
| progress. To actually achieve that, in the real world,
| means that you have to distribute and limit power. That
| means limiting not only government power but also corporate
| power. That means regulation, strong regulators (breaking
| monopolies), policies to keep prices down (including
| rent/housing!) and to enable free market competition and
| innovation. And provide an economic system where risks can
| be taken, enabled by a social let (and social healthcare).
|
| I felt that that was more common here 15 years ago before
| Big Tech pivoted into the cynical extractive and, in the
| case of the socials, net economic drag industry that it is
| now.
|
| The really weird thing is that my views are considered both
| very right-wing (free markets, globalisation are great,
| maximal freedom, maximal responsibility, freedom of
| religion) and very left wing (strong regulation, policy to
| minimise rent/house prices, strong social net, progressive
| taxation and wealth limits, freedom to be LGBTQ+ etc).
| nofriend wrote:
| This is such a laughable comment. Being in favour of a
| regulation - any regulation - is not part of the "hacker
| spirit". A hacker qua a hacker is interested in a regulation
| insofar as they can work around it, or exploit it to their
| ends, not to put one in place to directly achieve something.
| That's not to say all regulations are bad, or even that the
| GDPR is, just that HN being for or against it isn't proof of
| some demographic shift.
| mmooss wrote:
| > we've lost a lot of the hacker spirit and have a larger
| proportion of "chancers", people who are only in tech to "get
| rich quick".
|
| Doesn't that describe SV in general, and big tech in
| particular?
| radicalbyte wrote:
| > Doesn't that describe SV in general, and big tech in
| particular?
|
| Absolutely! It's just that the hopeful hacker/nerd culture
| used to be more dominant here (slashdot had the more
| cynical types).
|
| Now there are a generation who don't know anything but
| Javascript but think that they're God's gift to
| programming. I can understand it as ZIRP resulted in the
| bar being dropped to the floor for jobs which paid SV
| salaries. Imagine earning that kind of money straight out
| of school and all you had to be able to do was implement
| Fizzbuzz.
|
| The hackers ARE still here as are some really amazing
| people but this always seems to happen with communities.
| The only constant is change. And without change communities
| die.
| dewey wrote:
| As this is the message board of a VC fund it's not that
| surprising that it doesn't only attract hackers in the
| original sense?
| antoniojtorres wrote:
| True that. I went to a building in SF that dedicated floor
| space to every adjacent field like robotics, AI, crypto, etc.
| Zero hacking or even cyber related space.
|
| It made me feel kinda sad for a few days.
| yardie wrote:
| I believe the FTC had a case years ago. But the market has
| moved on. YT took off backed by Alphabet capital. Tiktok took
| off withe Bytedance capital. There was a time when FB/IG/WA
| commanded most of social media. And Meta did use that clout in
| some pretty grotesque ways.
|
| Prior to 2020, FTC would have had a much stronger case. But too
| little too late.
| kmeisthax wrote:
| > What I really want to see is Meta getting irrelevant ON
| MERIT.
|
| That happened a decade ago. Users dropped from Facebook like
| flies and moved to Instagram. Mark Zuckerberg's response was to
| buy Instagram. The Obama DOJ waved through what was obviously a
| blatantly illegal merger.
|
| Likewise, Google's only ever made two successful products:
| Search and e-mail. Everything else was an acquisition. In fact,
| Google controlled so much of the M&A market that YCombinator
| (the company that runs this forum) complained in an amicus
| brief that they were basically being turned into Google's farm
| league.
|
| So long as companies can be bought and sold to larger
| competitors, no tech company will _ever_ become irrelevant.
| They 'll just acquire and rebrand. The only way to stop this is
| with the appropriate application of legal force.
| eptcyka wrote:
| What about hp, dell, ibm, compaq, sun? Companies are
| temporary.
| pessimizer wrote:
| > The Obama DOJ waved through what was obviously a blatantly
| illegal merger.
|
| Speaking of buying Instagram[1], it's plain to see that the
| horrible judges that Obama appointed simply don't believe
| that antitrust should exist.
|
| Exactly what you would expect from the guy who let Citigroup
| appoint his cabinet[2]. The powers that be at the Democratic
| party thought that _Hillary Clinton_ was too independent for
| corporate elites, and she makes a fairly good case that they
| fixed the primary because they thought he was their best
| chance to "save capitalism" after the crash. They were
| right. She even sabotaged her next campaign with her
| desperate need to show bankers that she was a safe choice
| (e.g. the secret speech.)
|
| > Google's only ever made two successful products: Search and
| e-mail. Everything else was an acquisition.
|
| And search was only successful for 5 minutes, until SEO broke
| PageRank. Since that one fragile (but smart) algorithm, and
| the innovation of _buying Doubleclick_ , everything else has
| been taking advantage of the fact that we don't have a
| government that functions when it comes to preserving
| competition in the market. The West loves corporate
| concentration; it's better when your bribes come from fewer
| sources, and those sources aren't opposed to each other.
|
| [1] James Boasberg; "Meta prevails in historic FTC antitrust
| case, won't have to break off WhatsApp, Instagram"
| https://apnews.com/article/meta-antitrust-ftc-instagram-
| what...
|
| [2] https://wikileaks.org/podesta-emails/emailid/8190
| ljlolel wrote:
| ?? He bought instagram in 2012 when it was tiny. They all
| moved in 2016.
|
| His response was 4 years back in time because he can see the
| future?
|
| They moved from meta to meta.
| graemep wrote:
| > sers dropped from Facebook like flies and moved to
| Instagram.
|
| Even worse, bought Whattsapp.
| 4ndrewl wrote:
| This is a proposal from the EC. Whether the EU accept it is not
| clear.
| wkat4242 wrote:
| Yeah I really hope they don't. It's ridiculous to throw out
| all the great work they've been doing.
| 4ndrewl wrote:
| Nothing's been official published though, so this is
| largely a kite-flying exercise.
|
| You don't need a pop-up to use cookies on your site. You
| (quite rightly) need to get consent in some form if you're
| to track my (or your) behavior and sell that to rando
| third-parties.
| JoshTriplett wrote:
| > HN was cheering on as EU went after Big Tech companies
|
| HN is not a hive mind or a monoculture. Every time the EU goes
| after some company, some people always cheer, some people
| always boo, and some people will cheer some and boo others
| based on the impact/nuance of the particular policy or company.
| bitpush wrote:
| This is accurate, however if you look at any thread you can
| see an overwhelming consensus of opinion. The diversity of
| views are not equal - in the sense that there isnt equal
| number of for and against comments.
|
| In most of the threads I have observed about EU action on Big
| Tech, the overwhelming majority of thoughts are 'for', with
| perhaps few dissenting thoughts.
| gambiting wrote:
| It depends what time of the day you log in too. I'm in the
| GMT time zone, I can literally see a comment go from +20
| upvotes in the morning to negative numbers when Americans
| start waking up. It really shifts your perspective of the
| site too, because comments move down or even disappear
| based on the number of votes.
| dlcarrier wrote:
| On top of that, one thing that always gets support is
| complaining about the status quo, and those comments have
| been the most upvoted, on either side of the debate
| Aunche wrote:
| Hackernews has always been a venture capitalist forum and has
| always had a significant minority that generally sides with
| money. I don't think that is substantially different today.
|
| Most European regulations seemed to be less about helping
| regular people and more about protecting European ad firms,
| many of which are even shadier than big tech.
| paulryanrogers wrote:
| > ...more about protecting European ad firms, many of which
| are even shadier than big tech.
|
| Where can I read more about that phenomenon?
| Aunche wrote:
| There are lots of companies like this:
|
| https://zeotap.com/wp-content/uploads/2025/06/Zeotap_-
| Time-t...
| microtonal wrote:
| _What I really want to see is Meta getting irrelevant ON MERIT.
| People stop using Meta products, and then I want to see it
| die._
|
| The problem is that with a nearly infinite amount of money, you
| are not going to get irrelevant on merit. You just buy up any
| company/talent that becomes a threat. They have done that with
| Instagram and WhatsApp (which was and is really huge in Europe
| etc.).
| bitpush wrote:
| Didnt the judge rule literally yesterday that this wasnt
| illegal. This was one of Lina Khan's signature lawsuits, and
| judge didnt agree even a single one of FTC's arguments.
| xvector wrote:
| Where can I read more about this? Quick search turns up
| nothing for me
| WorldMaker wrote:
| https://arstechnica.com/tech-policy/2025/11/meta-wins-
| monopo...
| bitpush wrote:
| https://www.theverge.com/news/823191/meta-ftc-antitrust-
| tria...
|
| It is actually a monumental case ruling, and for some
| reason it wasnt reported or discussed here. Lina Khan's
| FTC has lost both their marquee cases now (Google, Meta)
|
| > Meta won a landmark antitrust battle with the Federal
| Trade Commission on Tuesday after a federal judge ruled
| it has not monopolized the social media market at the
| center of the case.
| xvector wrote:
| Wasn't the case here really weak to begin with? I
| remember reading the FTC's initial filings and they just
| sounded absurd. The very premise that Meta didn't face
| meaningful competition from TikTok was a farce.
|
| I'm not very happy with Lina Khan after she killed our
| only remaining low cost airline carrier. And killed
| iRobot to let Roborock, a a Chinese company, take over.
|
| She "stood up" to big tech, failed, and her remaining
| legacy is destroying American businesses that people
| actually relied on. Literally no value was added, but a
| bunch was subtracted. I never understood the hype for
| her.
| calgoo wrote:
| Just because something is not illegal does not make it a
| good thing. Judges have political ties and if the people in
| power dont want any monopoly laws, then there wont be any
| monopoly laws.
| dyslexit wrote:
| I think you might have a different definition of "merit"
| than OP. "Merit" to me means how much value the company
| brings to society. If I'm reading correctly about your
| point of it being legal, to you it seems like "merit" means
| how much value they bring to their investors.
|
| Social media companies becoming more consolidated and
| influential might be legal and good for their stakeholders
| but it doesn't mean it's a net positive for the rest of the
| world. And unfortunately, as much as so many people like to
| believe otherwise, being a net negative to society
| absolutely does not lead to a company becoming irrelevant.
| HWR_14 wrote:
| > What I really want to see is Meta getting irrelevant ON
| MERIT.
|
| That's impossible. The network effects are too strong. Facebook
| may die, or even Instagram, but WhatsApp is so intermeshed with
| the majority of the world that it can only be taken out by a
| government.
| tdrz wrote:
| I uninstalled WhatsApp last year after I sent a message to my
| most important contacts that I'm switching to Signal. In the
| mean time, I convinced a grand total of 2 people to install
| Signal so we can talk. Also, I realized that actually not
| being part in some of the WhatsApp groups that I left behind
| has quite a lot of advantages!
|
| Yes, the network effects are very strong, but each of us has
| the possibility of making a small sacrifice for this thing to
| change.
| pseudalopex wrote:
| Social connections can be a large sacrifice.
| Spivak wrote:
| Well yeah, the GPDR was great in theory and a huge win for
| privacy advocates until it did jack shit in practice. It turned
| out to have zero teeth and everyone just found ways to keep
| business as usual while 'complying' with the law.
| Spunkie wrote:
| I think it's ridiculous to say GDPR did "jack shit". I now
| have the ability to withdraw consent for tracking/marketing
| cookies on every major companies website I visit. An option
| that was near non-existent before GDPR.
| geraneum wrote:
| > What I really want to see is Meta getting irrelevant ON
| MERIT.
|
| Why? Is META relevant only on merit?
| energy123 wrote:
| Can contract killers become irrelevant on merit, or does it
| take government intervention?
| g-b-r wrote:
| Meta's only merit is having a lot of users and keeping them
| hooked at any cost.
|
| It might surprise you, but success is not always rooted in
| having done great things for the world
| ChrisArchitect wrote:
| Previously:
|
| _European Commission plans "digital omnibus" package to simplify
| its tech laws_
|
| https://news.ycombinator.com/item?id=45878311
| mikece wrote:
| How about this as a privacy law: if you collect data about people
| without their EXPLICIT permission[1] you can be charged with
| digital stalking. Same principle as stalking; escalating
| penalties for repeat offenses and for doing so in bulk or en
| masse.
|
| EDIT: And you cannot share information gained by permitted
| collection unless EXPLICIT permission to share is granted.
|
| [1] Eg: it's not sufficient to disclose this in equivocal text
| buried in 25k lines of EULA text.
| kragen wrote:
| Your proposed law would mostly be used against people who were
| publicizing the criminal record of the mayor's nominee for
| police chief or the ruling party's nominee for mayor.
| Aloisius wrote:
| What constitutes data about people?
|
| If I save your comment, am I a digital stalker? Is Google a
| digital stalker because they archived this page? Is HN a
| digital stalker because they didn't get your explicit
| permission to show a profile page with your karma on it?
| imiric wrote:
| You're being deceptively dense.
|
| PII has a very clear definition. Posts on a public forum are
| not part of it.
| mpyne wrote:
| > PII has a very clear definition.
|
| It doesn't, actually, as many would-be DoD IT system owners
| are surprised to find that simply generating a 32-bit
| random UUID as a user ID is, per the regs, PII, and
| therefore makes your proposed IT system IL4 with a Privacy
| Overlay (and a requirement to go into GovCloud with a cloud
| access point) instead of IL2 and hostable on a public
| cloud.
|
| Oh and now you need to file a System of Records Notice into
| the Federal Register (which is updated only by DoD, and
| only infrequently) before you can accept production
| workloads.
|
| There is a separate concept of "sensitive PII" (now
| Moderate or High Confidentiality impact under NIST 800-122)
| which replaces what people used to call the "Rolodex
| Business Exemption" to PII/privacy rules.
|
| But PII _is_ very clear: "Personally Identifiable
| Information". Any information that identifies a specific
| individual, like for example, your HN username. Unless a
| collective is posting on your handle's behalf?
| Symbiote wrote:
| Does anyone have a link to the proposal, preferably on the EU
| website?
|
| I'd like to see for myself, as I don't consider moving the
| consent method from the webpage to the browser settings "watering
| down" -- it's the opposite.
| weberer wrote:
| They seem to be reporting on two drafts that were leaked by
| Netzpolitik.
|
| https://cdn.netzpolitik.org/wp-upload/2025/11/EU-Kommission-...
|
| https://cdn.netzpolitik.org/wp-upload/2025/11/EU-Kommission-...
|
| The official website mentions these documents, but for some
| reason doesn't let you view them, saying "It will be possible
| to request access to this document or download it within 48
| hours".
|
| https://ec.europa.eu/transparency/documents-register/detail?...
|
| https://ec.europa.eu/transparency/documents-register/detail?...
| layer8 wrote:
| They can be downloaded here: https://digital-
| strategy.ec.europa.eu/en/library/digital-omn...
| GardenLetter27 wrote:
| About time. Startups and innovative business simply cannot get
| investment when there's the constant risk of a new AI Act
| massively increasing compliance and legal costs.
|
| But it's not enough - they need to completely repeal the DSA, AI
| Act, ePrivacy Directive, and Cybersecurity Act at least. And also
| focus on unifying the environment throughout the EU - no more
| exit taxes, no need for notaries and in-person verbal agreements,
| etc.
|
| There's just so much red tape and bureaucracy it's incredible.
| You can't hire or pay payroll taxes across the EU (without the
| hire relocating) - that's a huge disadvantage compared to the USA
| before you even get into the different language requirements.
| yardie wrote:
| > no need for notaries and in-person verbal agreements, etc.
|
| With the advancement of AI being used to commit fraud through
| chat, video, and audio calls I think we're at the precipice of
| needing to in-person verbal agreements again.
|
| And I thought the harmonization of markets in the EU would have
| reduced the red tape but some industries are built on it and
| will complain quite vocally if their MP makes any move on it.
| GardenLetter27 wrote:
| The law in Germany comes from when many people couldn't read,
| so all contracts must be read by a notary to both parties in-
| person.
|
| The bizarre thing is now they advertise how fast they can
| read! Like it serves no purpose other than giving notaries
| and lawyers a slice of all transactions.
|
| Europe is full of backwards stuff like this - where the
| establishment interests are so strong, it cannot be adapted
| for modern times. From blocking CRISPR and gene editing crops
| (while allowing the less controlled but older technology of
| radiation treatment), to blocking self-driving cars.
| theptip wrote:
| > users would be able to control others from central browser
| controls that apply to websites broadly.
|
| Great to see this finally. It's obviously the way it should have
| been implemented from the beginning.
|
| We still see this technically myopic approach with things like
| age verification; it's insane to ask websites to collect Gov ID
| to age verify kids (or prove adulthood for porn), rather than
| having an OS feature that can do so in a privacy-preserving way.
| Now these sites have a copy of your ID! You know they are going
| to get hacked and leak it!
|
| (Parents should opt their kids phones into "kid mode" and this
| would block age-sensitive content. The law just needs to mandate
| that this mode is respected by sites/apps.)
| ElectricalUnion wrote:
| That was what P3P was supposed to enforce automatically for
| you, until Google ruined it for everyone.
| philipallstar wrote:
| > (Parents should opt their kids phones into "kid mode" and
| this would block age-sensitive content. The law just needs to
| mandate that this mode is respected by sites/apps.)
|
| Good kid mode[0].
|
| [0] https://www.lego.com/en-gb/product/retro-telephone-31174
| poly2it wrote:
| Adding a kids mode to *all* sites seems like a huge
| investment to most of the tech industry. I predict most would
| just NGINX-block users with the kid header.
| GardenLetter27 wrote:
| > We still see this technically myopic approach with things
| like age verification; it's insane to ask websites to collect
| Gov ID to age verify kids (or prove adulthood for porn), rather
| than having an OS feature that can do so in a privacy-
| preserving way. Now these sites have a copy of your ID! You
| know they are going to get hacked and leak it!
|
| An OS feature is also a terrible option - remember when South
| Korean banks forced the country to use ActiveX and Internet
| Explorer?
|
| The government should offer some open digital ID service where
| you can verify yourself with 2FA online, after registering your
| device and setting credentials when you get your ID card +
| residence registration in person.
| JumpCrisscross wrote:
| > _OS feature is also a terrible option - remember when South
| Korean banks forced the country to use ActiveX and Internet
| Explorer?_
|
| Just let Estonia run the programme [1].
|
| [1] https://e-estonia.com/solutions/estonian-e-identity/id-
| card/
| everforward wrote:
| I'm dubious of the privacy-preserving approaches and would
| rather we just quit with digital age verification. I'm
| specifically worried about unification of data sources
| identifying users.
|
| The challenges presented to sites, and verifiers if the scheme
| uses those, would have to be non-identifiable in the sense that
| they can't tell that 2 of them came from the same key.
| Otherwise there's a risk users get unmasked, either by a single
| leak from a site that requires age verification and a real name
| (e.g. an online wine merchant) or by unifying data sources
| (timing attacks, or identifying users by the set of age-
| restricted sites they use).
|
| Perhaps I just don't understand the underlying crypto. That
| wouldn't be super surprising, I'm far from an expert in
| understanding crypto implementations.
| Neikius wrote:
| Another backhanded way to forbid opensource solutions? Because
| now they will argue we need secure booted tamper-proof
| windows/mac os to make sure the proof is legit.
| ChrisArchitect wrote:
| Related:
|
| _Europe 's cookie nightmare is crumbling. EC wants preference at
| browser level_
|
| https://news.ycombinator.com/item?id=45979527
| jakub_g wrote:
| > European Commission wants browsers to manage cookie
| preferences instead of pop-ups on every website.
|
| Better late than never, but it's insane it took them almost a
| decade to figure this out.
| shevy-java wrote:
| Poor Europe - lobbyists make sure that Europe stays weak.
|
| That statement includes Ursula by the way.
| stronglikedan wrote:
| Lobbyists make sure that ~~Europe~~ _the world_ stays weak.
|
| They need more strict financial regulation than politicians do!
| rafaelmn wrote:
| You can't build large ML models without swaths of data, and
| GDPR is the antitheses of collecting data. Therefore
| countries/companies that don't have to abide by it are at an
| obvious advantage.
|
| If anything this is coming from political elite being convinced
| that AI research is a critical topic, EU recognizing it's weak
| because of the self-imposed handicaps and trying to move past
| that. I'd be shocked if we manage to do anything concrete on
| the matter TBH.
| Manfred wrote:
| The GDPR is about protecting personal data, what personal
| data could you possibly need to train an AI model?
| xvector wrote:
| Let's turn that around. What personal data _wouldn 't_ help
| train an AI model?
| nikanj wrote:
| Companies made cookie banners as obnoxious as possible, because
| they knew that by making people hate the banners, the population
| would turn against the GDRP
| monocularvision wrote:
| Is that why most of the EU governmental websites have the same
| cookie pop up banners?
| hdgvhicv wrote:
| Lack of product ownership and cargo cult developers.
|
| Legislation can't change culture.
| WhereIsTheTruth wrote:
| Yet again, European countries are showing who their leaders are:
| US Big Tech
|
| No wonder we default to Google Chrome on Microsoft/Apple systems,
| and American social platforms, to debate issues affecting EU
| citizens
| nalekberov wrote:
| EU introduces Chat Control, then scales back GDPR, what's left?
| Digital ID and digital currency (with no possibility of paying by
| cash)?
| blablabla123 wrote:
| That's a pity, the government fails to capitalize on its own
| policies because they fail to set up long term investment. First
| environmental and e-Mobility and now AI.
|
| Sure, there's way too much bureaucracy. But I see there things
| like taxes, regulations about the cucumber radius etc.
| hdgvhicv wrote:
| What exactly did you see about cucumbers?
| blablabla123 wrote:
| They scrapped it actually but this law used to be the main
| example for overbearing EU bureaucracy
|
| https://www.theguardian.com/lifeandstyle/wordofmouth/2008/no.
| ..
| hdgvhicv wrote:
| He actual regulation said that you had to classify them
| based on their characteristics. If I wanted a straight
| cucumber and I ordered one I would get one. If I was happy
| with a bendy one then I'd simply order an "any shaped" one.
|
| I don't see a problem woth mandating truth in advertising.
| cm2012 wrote:
| This is such an important change for Europe. I've worked with
| 100+ start-ups as a consultant, and I've talked to EU ones who
| have been strangled by some of the regulations.
| hdgvhicv wrote:
| What were they doing with user data?
| cm2012 wrote:
| Number one use case is sending anonymized and hashed data
| back to the ad platform to trigger conversion events.
|
| Essentially all modern advertising is done algorithmically.
| The platform takes conversion events (a typical event is
| "someone fills out a form"), that signal is sent to the
| platforms, and the platforms use it to serve your ad to other
| people who may be interested. GDPR as it is means you need
| opt-in to do this, so it greatly reduces the effectiveness of
| online ad targeting.
|
| So in practice, say you make a new cool B2B tool for, say,
| plumbers. It automates your plumbing business and makes
| plumbers more money.
|
| In the US, you can make a Meta ad campaign with broad
| targeting and Meta will use algorithmic magic and be able to
| just find plumbers for you to show your ad to.
|
| In the EU, this doesn't work as well, so its harder to find
| plumbers to show your ads to. Less plumbers get to use your
| product as a result. So its just one reason it's hard to get
| your EU based Plumbing SaaS off the ground.
| Neikius wrote:
| Biggest issue with this is the modern web ads don't even
| work.
|
| You get ads for fridge AFTER you bought one since they now
| know you browsed them.
|
| What works is content based advertising - so advertise a
| power drill on a woodworking hobbyist site. No tracking
| required there. Conversion can be obtained when user clicks
| a link via redirect. Like in the good ol times.
|
| But this modern approach that massively invades privacy has
| been sold to businesses and now they require it even though
| it is probably ineffectual.
| debazel wrote:
| > What works is content based advertising - so advertise
| a power drill on a woodworking hobbyist site. No tracking
| required there. Conversion can be obtained when user
| clicks a link via redirect. Like in the good ol times.
|
| This still requires tracking to follow the user through
| the whole flow, which is required unless you want to be
| defrauded with fake users at the very least, but also
| very important to track the actual performance of each ad
| source.
| AlexandrB wrote:
| Why do things that are important to the advertiser trump
| what's important to the user? I don't care how hard it is
| for you to track the performance of your ad sources, I
| just want you to stop tracking me.
| debazel wrote:
| Because without ads we're not profitable so there would
| be no service?
|
| You can't just buy a domain, put your service out there,
| and expect it to gain traction. Advertising that you
| actually exist is essential for any service, but
| especially so for smaller businesses and startups.
| mihaaly wrote:
| They are strangled by rules in using personal data on
| algorithmic advertismenet?
|
| GOOD!
| saubeidl wrote:
| Essentially all modern advertising is evil.
| Telaneo wrote:
| > GDPR as it is means you need opt-in to do this, so it
| greatly reduces the effectiveness of online ad targeting.
|
| Good! I don't want ads to be a thing in the first place.
| It's a good thing that industry is being strangled by
| regulation.
| debazel wrote:
| Most are running ads and needs to track the performance of
| their ad spend I believe, at least that what we do. We don't
| care at all about tracking anything other than x amount of
| users came from x ad source with some basic device info like
| mobile/desktop/etc.
|
| We tried to get rid of any tracking banners but have been
| unable to do so.
| AlexandrB wrote:
| How do I stop you from tracking this information about me?
| naIak wrote:
| Do not consent when asked or, better yet, do not use
| websites that implement these techniques.
| hdgvhicv wrote:
| So can't abuse people's data without their consent is being
| strangled?
|
| Is that like I'm strangled with my start up of
| "cheapdvds.com" because I can't sell someone else's data?
| sojsurf wrote:
| Probably using off-the-shelf analytics because rolling your
| own analytics takes time away from solving the central
| problems your users are paying you for. No one is _using_ the
| data. It's often not even really PII except that GDPR's net
| is incredibly broad.
|
| I have not seen GDPR reduce the amount of data people track.
| It's just resulted in piles of cash being burned on lawyers'
| advice to make sure the company has as little GDPR-related
| liability as possible. Subprocessor agreements, updated Terms
| and Conditions, etc.
|
| Some good has come out of it, such as less backup retention,
| and some basic data breach plans, but a lot of it is theater.
| dannersy wrote:
| Honestly? Sounds like incompetence. I have never had issues
| with GDPR compliance. If their business is using people's data
| in an irresponsible or intrusive way, then they probably
| shouldn't succeed. The engineering problems it introduces
| aren't hard problems.
| mihaaly wrote:
| I do not care about 100s of startups and how they want to use
| my data for advertisement or other things they benefit from.
|
| I care about keeping my personal data private so it will be
| more difficult to use for profiling me for whatever (whatever!)
| reason, but all are for other's benefit on no or marginal
| benefit for me in overwhelmingly major part of the cases.
|
| If startups cannot do properly, then they should not do at all!
| They must spend on handling personal data well if they want to
| handle personal data at all! There are way enough already and
| most are just go out and bust, circulating data collected who
| knows where and how. And they are surprised it is so hard
| compiling data on people, people are increasingly reluctant to
| share because the so many abuse and actual damages caused by
| personal data abused.
|
| People are important, not the startups!
| debazel wrote:
| Sure and that's why EU now has the weakest tech sector of any
| service industry and have become absolutely dependent on US
| and Chinese software instead.
|
| I cannot even use my official government ID application that
| is mandatory almost everywhere without signing on to Google
| or Apple, so much for data privacy and sovereignty.
| rester324 wrote:
| This is pretty much untrue. Look at India, Africa, South
| America, Japan, Singapore or Australia and compared to them
| the EU is doing just fine
| generalizations wrote:
| You're comparing the tech sector of the EU to that of
| _Africa_?
| pdimitar wrote:
| Is EU suffering from FOMO?
|
| As an EU citizen, this is shameful and even kind of pathetic to
| read.
|
| Will we start outsourcing all our IT needs to USA again?
| seydor wrote:
| Start?
| pdimitar wrote:
| I stand corrected. :D
|
| You are quite right! They have never stopped. And I am
| ashamed on their behalf. We have _amazing_ tech talent in the
| EU but we are beholden to old and ultra-risk-averse rich
| aristocracy. What a damned shame.
| Qwertious wrote:
| Cowards.
| r3knak wrote:
| Good, GDPR is useless for the consumer as 99% of the people click
| "Accept everything". It's only a few of us who care about this
| kind of thing and we shouldn't have policy made for the 1%.
|
| I hope the changes they implement will actually benefit small
| startups instead of relaxing regulations for large data hoarders.
| harperlee wrote:
| GDPR is not about the cookie banner, it has massive
| implications around the whole lifecycle of data. For example
| you need to be able to gather all data of a particular client
| for them to access, and they have the right for all their data
| to be erased.
| baggy_trough wrote:
| Far less than 1% of people would care about either.
| jlokier wrote:
| But far more than 1% are harmed by it.
|
| Sometimes the harm is severe. Vast oceans of poorly handled
| personal data collected in exquisite and unnecessary detail
| by dark patterns, copied around to everyone who might be
| interested with low regard for security, kept forever,
| analysed by the best algorithms and sold to whomever will
| buy it, raise the risks and consequences of identity theft
| and fraud for everyone.
|
| Those are the sorts of things GDPR is designed to limit.
|
| The GDPR isn't about cookies or websites. It applies to
| non-web-based businesses too. It's basically just insisting
| on security best practices in every part of a business that
| handles personally identifying or sensitive data.
|
| Limiting its collection to what is necessary and consented
| to, deleting or anonymising it when it's no longer
| required, respecting wishes of the individuals the data,
| and giving people some confidence that security best
| practice is taken seriously.
| baggy_trough wrote:
| Most people don't care about these things. Who are you to
| say that the harm is severe to people who don't care?
| harperlee wrote:
| It is a government who says that...
| harperlee wrote:
| That is not surprising. Regulations are a way to ensure
| things that are not easily reached by market forces.
| Doesn't mean that we should not care for that.
| merqurio wrote:
| The news feels bittersweet. With 10+ of experience in healthcare
| AI, I have seen enough shitty products to genuinely welcome
| strict regulation for critical sectors; however, this shift
| threatens to dilute the sense of urgency that was growing in the
| sector.
|
| We recently built a platform specifically to navigate the complex
| intersection of MDR (Medical Device Regulation) and the AI Act,
| relying on the pressure of hard deadlines. By introducing
| flexible timelines linked to technical standards, the EU risks
| signaling that compliance is a secondary concern, potentially
| stalling the momentum... and at this point patient safety is my
| biggest concern, not our platform
|
| This introduces chaos rather than relief. Companies do not need
| lower standards; they need _clarity_.
|
| We can compete effectively against high standards as long as the
| rules are clear. EU AI Act was clear. This proposal substitutes
| the certainty of a high bar with the confusion of a sliding
| scale, which may hinder the industry more than it helps :/
| danishSuri1994 wrote:
| I sympathize with the startup argument: heavy compliance costs
| can stifle early innovation. But the solution shouldn't be
| "weaker rules." It should be smarter rules, clearer safe harbors
| for small actors, browser-level consent primitives for users, and
| stronger enforcement against dark-pattern CMPs. That keeps
| privacy meaningful without killing small businesses.
| jdasdf wrote:
| > clearer safe harbors for small actors
|
| Different rules for different people huh?
|
| Just because you like the group you're benefiting and dislike
| the group you're harming doesn't mean that is good policy.
| JumpCrisscross wrote:
| > _Different rules for different people huh?_
|
| Compliance has fixed costs. And smaller operations have a
| smaller blast radius when things go wrong. Reducing
| requirements for smaller operators makes sense.
| Swenrekcah wrote:
| Not different rules for different people.
|
| You would be subject to one rule for your small company and
| another rule as it grows.
|
| This is everywhere in society, from expectation difference
| between babies, kids, teenagers, adults and seniors and to
| tax bracket structures.
| rat9988 wrote:
| This is different for different people said differently.
| Why would small companies have access to things not allowed
| to big companies?
| kelseyfrog wrote:
| Because quantity is a quality of its own.
| alwa wrote:
| Yes, it is--gp's point being we do that _all the time_
| and often agree that it makes sense.
|
| A baby doesn't catch a sex pest charge for running around
| naked, but it also can't get a gun license. A mom-n-pop
| doesn't have to hire an auditor and file with the SEC,
| but it also can't sell shares of itself to the public.
|
| Why? The bigger you are, the more responsibility you
| bear: the bigger the impact of your mistakes, the subtler
| the complexities of your operation, the greater your
| sophistication relative to individual customers/citizens
| --and the greater your relative capacity to self-
| regulate.
| Levitz wrote:
| Because their conditions and abilities are different.
| rat9988 wrote:
| But the conditions aren't here to annoy big companies but
| because we want to shape society in a specific way. Why
| would I allow small companies to disrespct author rights
| and steal, or gather more private information about
| citizens?
| Swenrekcah wrote:
| Corporations are not people. This is not different rules
| for different people.
|
| In the traditionally implied sense of different rules for
| different social classes.
| andrepd wrote:
| In literally no place in the world are the rules the same for
| running a multinational or running a lemonade stand. I feel
| this should be obvious.
| veltas wrote:
| In almost every developed country the rules are exactly the
| same. No hairnet, no licence? Lemonade Stand Ltd can and
| will be shut down. The main difference is lenience in
| punishment which tends to tail off and disappear at the
| lemonade stand scale, and be stricter for large
| multinationals.
|
| I wish you were right though.
| hobs wrote:
| Seen house building regulations recently? Most countries
| will let the home owner do things they'd never let a
| contractor do without a permit. There's a lot of
| different laws for home or very small scale selling of
| various goods, brewing, canning, single person doing
| business as companies, etc.
| no-name-here wrote:
| > home owner
|
| But in this analogy, we aren't talking about a person
| doing coding at home only for their own use, are we?
| Isn't this about small companies - I.e. whether there
| should be different applicable laws if you hire a small
| construction company vs a large one to rewire your
| kitchen, etc?
| Spivak wrote:
| Yep, a single person contractor business is no more able
| to work on a home without a license and permit than a
| giant corporation.
| vouwfietsman wrote:
| I'm not sure how you got to this conclusion. The answer
| is a simple google away: smaller companies face lower
| taxes, lower standards of documentation on health &
| safety, don't need work councils, less reporting on
| workspace/financials, etc etc etc.
| ivan_gammel wrote:
| >Different rules for different people huh?
|
| That's how efficient market works. The bigger are the
| players, the higher are the chances they will distort the
| market. You need to apply the force proportional to size to
| return market back to equilibrium at maximum performance. We
| have anti-trust laws for this reason, so nothing new, nothing
| special.
| cess11 wrote:
| I think most people agree that the state should be subject to
| harsher rules than you are, because it is large and powerful.
|
| But you would actually prefer to be subject to the same rules
| as the state? I.e. typically nothing which isn't explicitly
| allowed is forbidden for you to do, you are forced to hand
| out copies of documents you produce, and so on?
| kazinator wrote:
| The problem is that an intellectually consistent position of
| being against "different rules for different people" means
| everywhere, in everything.
|
| For instance, poor people should not have any tax breaks:
| everyone should pay exactly the same percentage of their
| income, like 15% all across the board or whatever.
|
| Such ideas often have regressive effects.
|
| However, I get it. When it comes to handling personal
| information, you simply can't say that the "little guys"
| don't have to follow all the rules, and can cheerfully
| mishandle personal information in some way.
|
| Small operators have simpler structures and information
| systems; it should be easier for them to comply and show
| compliance, you would think (and maybe some of the
| requirements in the area can be simplified rather than rules
| waived.)
| veltas wrote:
| Regulation is a moat designed by and benefitting big
| corporations. Removing it for small businesses specifically
| would actually be fair.
| 47282847 wrote:
| Almost any corporate rule I am aware of has differences in
| how they apply depending on the size of the company. And as
| an entrepreneur and startup consultant I think that is a good
| principle. I don't even see how society could function
| without it.
| shadowgovt wrote:
| It could, however, be good policy independent of personal
| preference.
|
| I like folks who have to work for a living and dislike
| billionaires relaxing on yachts bought on their generational
| wealth, but in addition sociology metrics of the United
| States in the past 100 years suggest that the highest levels
| of happiness correlated pretty heavily with marginal tax
| rates as high as 100% based on wealth.
| port11 wrote:
| This would require politicians and policy-makers that think
| long-term, know what they're regulating, and maybe have been in
| the field. I don't think Law school Eurocrats can do any of the
| 3 items above, at least not well enough. This is either a way
| to chop at the (poorly designed and already watered down) GDPR
| or true, unapologetic lack of care.
|
| I'm hoping to go for my 3rd startup and 'compliance costs' have
| never been stifling; it's just more expensive to run a business
| here and there's far, far less funding available. That's really
| it.
|
| Belgium's tax haven will make some people willing to give you
| 10k in post-seed. Wow. We hunted VCs for 1.5 years to negotiate
| one million-ish euros after showing market traction. We just
| aren't on the same level as the US, and that's kinda okay.
| Grants might work, but I mostly see grants for things that
| won't compete well in the current market.
|
| AI nonsense won't make us more competitive -- but hey, we'll
| arrive late to the bubble. We need to be building the kind of
| core, dependable infrastructure that would honour privacy, make
| us more independent. Backing off on privacy protections won't
| yield a mobile OS, an independent browser, better cloud
| options, etc.
|
| It's just... lazy. "Slap AI on it"-level policy. Ugh.
| Retric wrote:
| Politicians don't need to know the details, they need to be
| advised by competent people with the best interests of the
| public in mind. Which may sound straightforward while being
| really difficult to get right.
| pants2 wrote:
| Why did you use an LLM to write a comment?
| gruez wrote:
| What makes you think it's LLM generated?
| marknutter wrote:
| The double quotes perhaps?
| stronglikedan wrote:
| colons and directional quotation marks scare folks who
| don't know how to use them properly
| pants2 wrote:
| Brand new account with 4 rapid & likely LLM comments,
| directional quotation marks, and common ChatGPT-isms such
| as "that does X without doing Y"
| barrkel wrote:
| The structure of what it wrote, and the banality of the
| point.
| marcosdumay wrote:
| Yes, the solution is clearer rules. What drives compliance
| costs up is rarely the compliance itself, it's usually the
| uncertainty about your being in compliance or not.
|
| That's also true for tax laws, labor laws, environment laws,
| almost every safety code out there, building zoning...
| mlyle wrote:
| Well, compliance itself is costly, but the cost is stuff that
| society decided it wanted to spend money on.
|
| But uncertainty in compliance and time spent navigating
| compliance is nearly pure waste.
| a4isms wrote:
| To continue a conversation from another thread on another
| post, uncertainty, complexity, ambiguity, and out-of-band
| context required are all costs that just happen to act as
| moats for entrenched incumbents. And no surprise, such
| incumbents often have so much influence over politics that
| they literally write the laws that regulate them.
|
| The folksy aphorism goes, _The more wild cards and crazy
| rules, the greater the expert 's advantage_.
| mlyle wrote:
| Yes-- I think most of us are familiar with regulatory
| capture. But the solution to regulatory capture isn't "no
| regulation."
| marcosdumay wrote:
| I'm not sure.
|
| Complexity is clearly hired by lobbyists all the time,
| but uncertainty and ambiguity seem to me to be mostly
| caused by incompetence. It's not even clear if
| uncertainty benefits incumbents more; it can just as
| likely destroy a market or benefit new entrants, and you
| can't predict which will happen at the time you create it
| (otherwise it's not uncertain).
|
| Legislative houses need technocratic QA. And that QA
| needs to be independent from the law-writing process.
| sothatsit wrote:
| Exactly this. As a recent example, the documents for the new
| Online Safety Act in the UK are over 2400 pages long! That
| means that even small businesses that want to comply have no
| reasonable option other than relying on summaries, and the
| regulator and big businesses will probably just negotiate on
| what the details actually mean in practice anyway.
|
| I understand that there's nuance when dealing with all the
| edge cases to regulations. But it seems that the answer
| should not be extending the regulations to insane lengths to
| try to cover everything. That way lies insanity.
| graemep wrote:
| I always felt applying the same rules to everyone was a big
| problem with GDPR.
|
| Not just small business, but even non-profits that just keep a
| list of people involved with them are subject to the same
| rules, even if they only use the information internally and do
| not buy or sell any personal information.
|
| Its not just cookies and websites, its any personal information
| stored electronically.
| MangoToupe wrote:
| I just don't see the issue. The GDPR isn't exactly difficult
| to comply with, nor does it hamper any of the clear successes
| of the last 25 years outside of the ad industry. What's the
| benefit of backing out on it? Is this just an effort to make
| a homegrown surveillance network?
| graemep wrote:
| I am not saying privacy laws should be repealed (if you
| look at my other comments, quite the opposite).
|
| I am saying that the same regulations are both too easy for
| big business to evade (or ignore and treat fines as a cost
| of doing business) AND too burdensome on small
| organisations that do not trade information. Something as
| simple as a membership list can draw you in.
| pembrook wrote:
| Ughhh here we go again.
|
| Every time GDPR is brought up on HN, the same "it's super
| simple to comply, just read it yourself!" religious
| incantation gets repeated ad-nauseam.
|
| I think it's because people love the idea of what they
| _think_ GDPR actually represents (the fuzzy abstract idea
| of "privacy"), without ever diving into any of the
| implementation details.
|
| Almost nobody on this forum has ever talked to a lawyer
| about this, and even less people have followed the actual
| court rulings that have determined what GDPR actually means
| in practice.
|
| My favorite example, under GDPR over the last 5 years,
| regardless of whether you follow the spirit of GDPR to the
| letter...due to the various schrems rulings, back-and-forth
| on SCCs, data-transfers, and EU-US political
| spats...there's been multi-year periods where if you're
| using any service touching data in any part of your
| business even remotely connected to the US or any non-EU
| country (so, almost everything), it's been a violation that
| exposed you to massive fines should any EU resident have
| filed a complaint against you. This was recently resolved
| again, but will continue to go back and forth if GDPR
| remains as-is.
|
| And this is just one of many weird situations the law has
| created for anyone running a business more complex than "a
| personal blog."
| SiempreViernes wrote:
| I mean, if _your_ domestic legislation makes it
| impossible for _you_ to ensure the privacy of your
| customers, why do you insist could be responsible
| custodians?
| troupo wrote:
| > but will continue to go back and forth if GDPR remains
| as-is.
|
| Yes, it should remain as is and _enforced_. Yes, storing
| your users ' data in the US is extremely problematic
| because the US really couldn't give two shits about
| privacy, or user data.
| pembrook wrote:
| I totally get it, it's fun to take wildly impractical
| ideological stances on things and ignore reality.
|
| However, this generation is beginning to learn the lesson
| every generation learns: one has to deal with the world
| as it is, not as one wishes it were. Scarcity exists.
|
| Unfortunately, in globalized economic reality, you will
| have to transfer data to other countries to conduct
| business.
|
| Unfortunately, in fossil fuel driven reality, you can't
| just shut off the fossil fuels and switch to paper
| straws, you have to build actually viable alternatives
| first.
|
| Unfortunately, in non-world-peace reality, you can't just
| stop having a military and become pacifist. Turns out you
| still need missiles and tanks.
|
| Unfortunately, in low-birth and low-economic-growth
| reality, you cannot let people retire at 62 and draw
| inflation-pegged pensions until death.
|
| Unfortunately, in non-0 interest rate reality,
| governments can't keep deficit spending to prop up a
| broken socialist economic model.
|
| Etc. Etc.
| shadowgovt wrote:
| Browser level consent primitives would be a significant
| improvement on the status quo.
| recursive wrote:
| Do Not Track was a spectacular failure.
|
| You can still turn cookies off in your user agent though.
| lenerdenator wrote:
| It was a spectacular failure because the people who thought
| of it didn't stick to it.
| bigfatkitten wrote:
| In no small part because the people who thought of it
| (the browser makers) had a powerful commercial incentive
| to ditch it, because they are funded by advertising.
| pseudalopex wrote:
| Microsoft enabled Do Not Track by default. Advertisers
| said they would ignore it for this reason. Most of them
| never respected it. Apple removed it from Safari years
| later because it was used for tracking. Mozilla removed
| it from Firefox years after Safari. Chrome has it even
| now.
| shadowgovt wrote:
| > Advertisers said they would ignore it for this reason
|
| That was the missed opportunity. Had the EU stepped in
| and said "I'm sorry, the user expressed explicit intent
| to not be tracked and you're planning to ignore that? How
| about that's a fine?" it would have survived.
|
| But they weren't prepped to take action yet.
| pseudalopex wrote:
| Microsoft made the user expressed intent and the user
| expressed no opinion look the same.
| K0nserv wrote:
| That doesn't track (pun not intended). It's a binary
| state so either side has to be the default, they just
| changed which side the default fell on. Prior to the
| change no opinion expressed and expressed intent (in
| favour of tracking) still looked the same.
| recursive wrote:
| I don't think so. It was conceived on the user agent side
| AFAIK. The publishers decided not to honor it. At that
| point, there's not much point to keeping it on the UA
| side.
| d-lisp wrote:
| I second this; I have never been "into" these problematics
| and as a user I generally just disallow everything I can,
| which can be a pain (I mean I do want to often don't store
| anything when I'm browsing the web, which leads to meeting a
| lot of "cookie banners"). While there are probably browser
| extensions that can perform the automatic opt-out, it would
| be nice if browsers provided an API as an unified and
| centralized way to communicate consentment as a set of
| privilege access to different browser features and APIs (you
| could e.g. forbid the use of canvas, or even JS entirely).
|
| But that's only a small part of a huge legal frame, and as I
| said I don't know much about these problematics.
| clickety_clack wrote:
| So "smart rules" only means "more rules"?
|
| Smart rule making includes reducing the regulatory burden when
| it overreaches. The weight of regulation around tech in the EU
| is creating an environment such that the only companies that
| can operate in a space are the ones who can afford massive
| compliance overhead. That leaves you with the very same big
| tech firms that people are writing these rules to protect
| themselves from in the first place.
| cael450 wrote:
| Well, yeah, they were written to prevent at least some of the
| privacy abuse from those big tech companies, not to get rid
| of them. Sometimes the answer is more rules, such as rules
| protecting smaller businesses while continuing to place
| regulatory burdens on the tech giants, who are responsible
| for the most egregious invasions of privacy.
| MangoToupe wrote:
| Innovation isn't worth it for innovation's sake, though. Europe
| could easily profit watching others innovate and taking what
| makes sense for europe. I don't see anything about GDPR that
| would harm innovation or long-term success for europe.
| jedberg wrote:
| > I don't see anything about GDPR that would harm innovation
| or long-term success for europe.
|
| It's the same thing as any other regulation -- regulatory
| burden. Laws aren't code, they need interpretation. That
| means you need your own lawyer to tell you an interpretation
| that they feel they can defend in front of a judge.
|
| There is a cost to that. In both time and money. I am the CEO
| of a startup who is subject to GDPR. The amount of time and
| money we've spent just making sure we are in compliance is
| quite high, and we barely operate in Europe and don't collect
| PII.
|
| You can wing it and say "this looks easy, I can do this on my
| own!" and maybe you can. For a while. But no serious business
| is going to try to DIY any regulations.
| troupo wrote:
| > The amount of time and money we've spent just making sure
| we are in compliance is quite high, and we barely operate
| in Europe and don't collect PII.
|
| So either you're lying or your lawyers are lying to you.
|
| In 9 years you could've finally read and understood the
| rather small law yourself.
| jedberg wrote:
| I have read and believe I understand it. That does not
| matter. What matters is can your decisions be defended in
| front of a judge. I am not qualified to figure that out,
| and unless you're a lawyer, neither are you.
| ljm wrote:
| Putting conditional logic in legislation still benefits big
| companies, if it still requires legal expertise to unpack all
| of the complexity added to the law. GDPR is a mess exactly
| because of this, and so is the UK's ridiculous OSA. It's
| loopholes and malicious compliance all the way down.
|
| Ignoring that, the other problem is enforcement. Is it not
| unrealistic to have a law that says "if you have a data breach
| you are subject to a penalty?" And "if you fail to report that
| breach the penalty can go as far as corporate death or
| executive incarceration?"
|
| Or even more simply - replace the wrist-slapping fines with
| criminal charges and imprisonment.
| YetAnotherNick wrote:
| Smarter rules and clear rules are kind of contradictory. GDPR
| is smart but not clear(as it operates on intent). Tax laws are
| clear, but not smart(as the interpretation is literate and
| there are multiple loopholes).
| seanmcdirmid wrote:
| AI should also be seen as an opportunity for small actors to
| actually understand and follow numerous complex rules. You
| don't need a huge legal and compliance team anymore, you just
| need to feed chatgpt the right amount of legal and ruling
| documentation, and then consult it on how you can actually
| comply.
| noitpmeder wrote:
| HAHAHAHA good joke. Oh wait. You're serious. Oh god please
| no.
| thfuran wrote:
| But 60% of the time, it works every time.
| superkuh wrote:
| Does this mean that whois information can come back? The
| destruction of the whois databases by GDPR really made the
| internet a more closed, proprietary place. No more could one just
| contact the people behind any domain and communicate... pretty
| much impossible after GDPR came into effect. Especially if you
| don't use twitter/corporate crap.
| hdgvhicv wrote:
| That was already the case for the majority of domains.
| superkuh wrote:
| We must have lived on different internets. I have much lived
| experience of finding cool domains, looking up their email,
| and talking to them all the way up to GDPR coming into
| effect. "whois privacy" options at registrars were starting
| to take off but at least those still had the email to
| contact. Now it's nothing.
| das_keyboard wrote:
| I for one like it to be able to post stuff on my website
| without the risk of someone sending me pizza or swat teams to
| my home address...
| rvz wrote:
| The EU is a great example of a spineless paper tiger to Big Tech
| and is the reason why AI startups run to the US.
|
| Promoting degrowth is the best way to lose the race and the EU
| have finally admitted that they got it completely wrong.
| legitster wrote:
| Let me steelman the new proposal a little bit:
|
| You run a merch store. You want to share with your suppliers
| order data so that you can get the right number of
| sizes/colors/etc. Is this PII under GDPR rules? Technically, yes!
| Not only is there information on gender, but also people's height
| and weight and maybe even family makeup. Does it make sense to
| call this data sub-processing? Eh? Maybe? (To my knowledge, I
| don't know if any examples like this actually caught any
| enforcement.)
|
| Under the new proposal, sharing this data is okay, so long as you
| use pseudo-anonymous identifiers (customer-1234, customer-1235).
| You still can't share sensitive identifiers (name, address,
| email, login, etc).
|
| Obviously the elephant in the room is AI and training data. But
| this also simplifies a lot of the ticky-tacky areas in GDPR where
| PII rules are opaque and not-consistently enforced anyway.
| tavavex wrote:
| > You run a merch store. You want to share with your suppliers
| order data so that you can get the right number of
| sizes/colors/etc. Is this PII under GDPR rules? Technically,
| yes! Not only is there information on gender, but also people's
| height and weight and maybe even family makeup.
|
| That seems like a very long stretch. First of all, why assume
| that clothes sizes constitute PII at all? The store never asks
| me for my height, weight or family relations. It asks me what
| item variants I'd like to order. Even if the item size happens
| to match me, there's no telling that I'm ordering it for
| myself. They're just fulfilling an order that's built to my
| request, not collecting my biometrics. It would have to be an
| insane world in which "Supplier, send me 20x unisex medium
| sizes with XYZ illustration" is considered a breach of privacy.
| Each time the GDPR comes up, there are so many hypotheticals
| that never happened (and likely can't happen) in the real
| world, when the much simpler line of reasoning is that privacy
| regulation is digging too much into the profit motive of
| corporations and the US at large, so the sore thumb that is the
| EU needs to be pushed back in line in their minds.
|
| Tracking and ad companies don't need your real name or email to
| track you across the internet. And even if they did want that,
| with a large enough corpus of data, a social media company can
| probably deduce who most people are anyway based on their
| behavior even if they're technically marked with an "anonymous
| identifier". Letting business identify you in any way and trade
| that "anonymized" data back and forth will effectively be a
| reversal to full tracking.
| l-one-lone wrote:
| I think you don't understand the GDPR. The GDPR does not
| disallow the processing of personal data, nor does it disallow
| the sharing of personal data with suppliers or other entities
| in the supply chain. For example, if you run a merch store,
| it's perfectly OK to share the buyer's address with DHL or
| whoever does the shipping.
|
| What the GDPR requires is that the user is informed about the
| processing and the suppliers used, and in some cases, provides
| consent to the processing.
|
| The new proposal which suggests that pseudonymized data is not
| always PII is a different thing. It actually opens the door to
| a lot of new problems in my opinion. For example, with this new
| interpretation, big tech might question whether IP addresses
| are still personal data (which is something EU top courts had
| previously established)? What about cryptographically hashed
| values of your social security number (easy to break)?
| gcbirzan wrote:
| > You run a merch store. You want to share with your suppliers
| order data so that you can get the right number of
| sizes/colors/etc. Is this PII under GDPR rules? Technically,
| yes!
|
| Not at all. Your shirt size is not PII. Given this information,
| you couldn't be identified.
|
| > Under the new proposal, sharing this data is okay, so long as
| you use pseudo-anonymous identifiers (customer-1234,
| customer-1235).
|
| This was okay even before. Given this information (and your
| shirt size), you couldn't be identified.
| nonethewiser wrote:
| >One change that's likely to please almost everyone is a
| reduction in Europe's ubiquitous cookie banners and pop-ups.
| Under the new proposal, some "non-risk" cookies won't trigger
| pop-ups at all, and users would be able to control others from
| central browser controls that apply to websites broadly.
|
| Wait, what? So they are now mandating browsers implement this?
| Also, something bothers me about the conflation of regulators
| changing the regulation (accurate) with regulators changing the
| thing that resulted from the previous version of the regulation
| (inaccurate). They arent getting rid of the cookie banners. They
| are changing the underlying rules that gave rise to them. It
| remains to be seen what the effects of the new rules will be.
| zrn900 wrote:
| While this is being done to boost corporations, it also must be
| said that GDPR just did not work. It became impossible due to
| constant reinterpretations and decisions of the Eu courts over
| time. Big corps just violate it by counting the eventual fines as
| a cost of doing business. Small corps and individuals get
| shafted. It ended up like the 'regulatory moat building' that so
| frequently happens in the US.
| nonethewiser wrote:
| If the EU passed GDPR despite knowing it would be offensive to
| the US and big tech, why would they now care that it's offensive
| to the US and big tech?
|
| The article claims this is because of big tech and Donald Trump.
| It just states that they have applied pressure. I would love to
| see more information on how those forces specifically are
| precipitating the change.
|
| Meanwhile the EU commission claims that this is for the benefit
| the European tech sector.
|
| >our companies, especially our start-ups and small businesses,
| are often held back by layers of rigid rules
|
| The latter seems like the more obvious explanation and what
| critics said about GDPR all along.
| saubeidl wrote:
| Shameful decision, caving to foreign capital interests.
|
| Do better, EU.
| Manfred wrote:
| In comparison with healthcare information systems the GDPR is
| really not that hard to follow. You can get guides for business
| owners which can be read and understood in under an hour.
|
| If you design your system according to the guidelines you usually
| end up with a product where it's easier to service your customer
| (eg. with full account exports). Deleting inactive accounts is
| great because it means less migration headaches in the future.
|
| This is also why our privacy statement starts with "We [...]
| don't really want your personal data."
| bcye wrote:
| Can you point to any of these guides?
| Manfred wrote:
| In our case we were working on a Dutch project so we used
| this; AVG is the GDPR implementation for the Netherlands:
|
| https://ictrecht.shop/en/products/handboek-avg-compliance-
| in...
| cess11 wrote:
| It would have been nice if we instead had actually enforced these
| rules and given the world an alternative digital regime. I
| suspect it would eventually seem quite attractive to most.
|
| "Well, you can say what you like but it doesn't change anything
| 'Cause the corridors of power, they're an ocean away"
|
| https://www.youtube.com/watch?v=Xpo2-nVc27I
| jmclnx wrote:
| That is too bad, I had hope in this case regular people would win
| and get privacy we deserve. But as always big money wins, it just
| takes time.
| ultra_nick wrote:
| It's crazy how many adults think regulation is free, especially
| here. All consuming vague regulations like GDPR increase the cost
| of a startup by 500%. Europe should have just banned startups
| entirely. It would have the same effect.
|
| Imagine being a college student with 240 hours and $1,000 to
| release an MVP over the summer. How long would it take to read
| GDPR yourself, 100 hours? How much would it cost to hire a lawyer
| verify that your startup meets GDPR guidelines, $5,000? It would
| be almost impossible for any young person to start a business.
| GDPR was obviously a failure from the start. Anyone who couldn't
| see that has a child's understanding of business. Grow up.
| Ylpertnodi wrote:
| > All consuming vague regulations like GDPR increase the cost
| of a startup by 500%.
|
| Source?
| omnimus wrote:
| I would say it's a lot more than 500%. If your business is
| based on doing things that are illegal under GDPR then the
| cost of doing that startup is close to infinite. But that's
| kinda the point of GDPR.
| Telaneo wrote:
| This. Sure, it's X% more difficult to do Y in Europe,
| because Europe doesn't want you to do Y, either at all, or
| unless you clean up after yourself so the costs aren't just
| eaten up by the environment or whatever, or unless you do
| it without causing harm. That's not a problem. That's the
| system working as intended.
|
| Sure, Europe doesn't have it's own Microsoft, probably
| because of regulations like this, but I don't want Europe
| to have its own Microsoft, because Microsoft, for the most
| part, _sucks_.
| aerhardt wrote:
| > That's not a problem. That's the system working as
| intended.
|
| You really think that supra-national legislators
| regulating the fine-print of unfathomably complex systems
| manage to have everything working "as intended"?
|
| Why do Draghi or the EC want to roll back this mess then,
| other than the evident loss of competitiveness respective
| of the blocs who did not do this? Was _that_ intended or
| foreseen?
| Telaneo wrote:
| > You really think that supra-national legislators
| regulating the fine-print of unfathomably complex systems
| manage to have everything working "as intended"?
|
| For values of, yes. Things obviously aren't perfect, but
| I at-least generally prefer them over their proposed
| alternatives. I find they have made things better.
|
| > Why do Draghi or the EC want to roll back this mess
| then, other than the evident loss of competitiveness
| respective of the blocs who did not do this? Was that
| intended or foreseen?
|
| From the article:
|
| > Under intense pressure from industry and the US
| government,
|
| I think that says what needs to be said. And my opinion
| is that they shouldn't yield to US government and
| industry interests, since they clearly aren't the same as
| European interests.
| omnimus wrote:
| I think what they mean is that what EU in general kinda
| knows that for various they won't be able to make their
| version of money machine big tech. So why not to try
| different path? The individual laws will always be flawed
| because there is huge pressure to make them flawed by
| corps and lobby that want's to exploit them.
|
| But if you ask anyone in europe on the street they have
| no sympathy for big tech. If anything they want stronger
| GDPR and more of it.
| tonyhart7 wrote:
| Europe learn the hard way that you cant have a cake and eat it
| too
| 1970-01-01 wrote:
| EU citizens: WE DEMAND XYZ PROTECTIONS
|
| EU: WE SHALL BUILD XYZ FOR EVERYONE
|
| (years pass)
|
| EU citizens: WE HATE XYZ PROTECTIONS
| zrn900 wrote:
| From Europe, I agree with big tech getting it. But i dont agree
| with random flower shop somewhere getting fined because they dont
| know how to deal with a f _cking complicated, ever-changing law
| that is designed for megacorps who have the cash to just keep
| paying the fine and abusing everyone. I also dont agree with
| dealing with f_ cking cookie banners on every other website
| either.
|
| The law got SO convoluted over 9 years of interpretation by the
| European courts that its now impossible to be 100% compliant. It
| now requires you to give an easy 'Accept' button to accept the
| listed cookies at the first pop up, but penalizes you if the user
| actually uses it to accept cookies because the user has to
| manually go through all the listed cookies and approve them by
| hand one by one.
|
| So:
|
| - If you dont provide the easy 'accept' button, you are in
| violation.
|
| - If you do and the user actually clicks it, you are still in
| violation because you didnt make the user approve each cookie one
| by one
|
| - If you give a list of cookies to the users and force the user
| to manually approve what he wants in the first pop up, you are
| still in violation because its not easy and your easy 'Accept'
| button is meaningless as a result
|
| And this is just one of its contradictions. The more you dive,
| the more convoluted it gets. Its a sh*tty law that got more
| complicated over time and only helped megacorps.
|
| People need to understand that the early days of the Pirate Party
| are gone and the current crop of tech-savvy politicians that
| remain from those days are those who made a career out of it. And
| like every politician who made a career out of something, the
| only way for those politicians to keep getting elected is by
| doing 'more' of what they have been doing. So they just keep
| bloating tech regulation to keep their career, making it
| difficult for everyone but the large corporations. It must also
| be noted that some of them sold out and are basically the tech
| lobbies' henchmen, pushing for American-style legislation to
| build regulatory moats for big corporations.
| HardCodedBias wrote:
| @complaintvc on X has been doing amazing work in this area.
|
| The EU, especially the EU post 2008, seems to be infatuated with
| regulation it has likely bitten them with their lackluster GDP
| growth and their very lackluster AI developments.
|
| I suspect that this is too little too late, and more importantly
| I highly doubt it signals a shift in the biases/incentives of the
| EU regulators. The second the scrutiny is off of them they will
| go back to their ways. It is their nature.
|
| (I look forward to the loss of karma. I hope that the link to
| @complaintvc at least makes a few people chuckle).
| zrn900 wrote:
| While they are at it, the EU should also correct another sh*tty
| law: The Digital 'Resilience' Act (or whatever it was) that holds
| the Open Source developers responsible for unlimited fines for
| security issues in their projects.
|
| The Open Source community fought it, and thought that it won a
| concession, but it really was not a concession: The Eu commission
| will 'interpret' the law. So it will be interpreted politically -
| or worse, lobby-driven - with every other Eu commission that
| takes office.
|
| The law does not allow you to make any kind of income from your
| open source project in ANY way, and basically forces you to be
| free labor for megacorps. Charging for support? Responsible for
| fines that can go up to millions of Euros. Charging for
| 'downloads'. Same. Licenses? Same.
|
| It looks like this was another law pushed by Eu big software
| lobbies: Cripple any small player that may be a competitor by
| building a moat against small players and those pesky Open Source
| startups that may challenge your online service, but still keep
| Open Source developers as the free labor for your company's
| infrastructure.
|
| The tech legislation landscape in the Eu has been co-opted by Eu
| megacorps. Like I said in another comment, we arent in the early
| days of the Pirate Party anymore. Now career politicians and
| sold-out lobbyists make laws to protect megacorps. Therefore Im
| against any new tech legislation from the Eu, despite having been
| an early Pirate Party advocate back when even using the word
| 'pirate' put you in legal trouble.
| xvector wrote:
| Big players don't want this either, we rely on open source
| software and frequently contribute back
|
| This is just another dumb EU reg that hurts everyone
| loloquwowndueo wrote:
| Does this mean fewer less-annoying cookie pop ups?
| seydor wrote:
| Too late , and it's not just because of the regulations but the
| whole mentality. This will probably lead to a series of
| committees about how to scale back the laws which will create new
| rules which will be put in place, and then the career eurocrats
| will move on to their next job, without anyone ever being held
| accountable for the mistakes of the past. Without such
| accountability every regulation will be excessive, even the
| scaling-back regulation. Such a process oriented, and feels-over-
| reals environment is not attractive to competitive business
| filoleg wrote:
| > This will probably lead to a series of committees about how
| to scale back the laws [...]
|
| > [...] which will create new rules which will be put in place
| [...]
|
| > [...] and then the career eurocrats will move on to their
| next job, without anyone ever being held accountable for the
| mistakes of the past
|
| As intended by design.
|
| I don't think there is some grand conspiracy or anything like
| that in the EU government around this, but it is clear where
| their priorities are. With those priorities being:
|
| 1. Perpetual rule of bureaucracy that exists for the sake of
| bureaucracy, with the best outcome of it being creation of even
| more bureaucracy. Anything of actual usefulness being done is
| just a side effect, not the goal. Bonus: this principle ensures
| perpetual job security for those career bureaucrats as well
| (and it helps with creating even more of them), as you can
| never have one too many committees or processes.
|
| 2. Hyperfocus on things that actually need to get done to
| consolidate power needed to ensure staying power for those
| bureaucrats and that the previous priority is not encroached
| upon. Case in point: an HN post[0] from yesterday about the EU
| pushing forward another new Chat Control proposal, shortly
| after their previous one failed earlier this year. For the EU
| governing bodies being stereotyped as ineffectual and too
| bogged down by their own bureaucracy, they surely are really
| efficient when it comes to repeatedly pushing publicly
| unpopular (but seemingly popular among the EU government
| bureaucrats) measures like Chat Control so quickly after their
| previous attempt had failed.
|
| 0. https://news.ycombinator.com/item?id=45970663
| rckt wrote:
| I get that too many regulations is a bad thing. But when we talk
| privacy and personal data there should be no gray zone. It has to
| be black and white. When I see a stupid cookie banner I search
| for "Reject all". There's no some data that companies can collect
| and process without my consent, they just shouldn't be able to
| collect anything without me actively opting in. Business never
| respects anything, but profits. Seeing news about relaxing these
| laws with the "AI" going after this leaves a bitter taste. And
| with them also trying to push the Chat Control thing, it gets
| even worse.
| betaby wrote:
| That cookie thing should a browser's default.
| Fargren wrote:
| That would be fine, if there was a law that forced every
| browser to have this setting and every company to respect the
| setting.
| bryanrasmussen wrote:
| arguably if there was a browser setting for this the
| current GDPR would require you to respect that setting. But
| that's arguably, it would still need to adjudicated.
| 1718627440 wrote:
| The browser setting already exists (DNT), so I don't know
| what you want to conlude.
| Someone wrote:
| FTA: _"Under the new proposal, some "non-risk" cookies won't
| trigger pop-ups at all, and users would be able to control
| others from central browser controls that apply to websites
| broadly."_
| mmooss wrote:
| Like Do Not Track?
| tsoukase wrote:
| Using an Ad blocker I feel regret for stealing the site's
| revenue. So I allow them to collect my personal data. Anyways,
| I think most of them will not respect my rejection.
| zelphirkalt wrote:
| A site that cannot exist without collecting not needed
| personal data and without selling out its visitors, has no
| justification of continuing to exist. Don't let them guilt-
| trip you.
| tonyhart7 wrote:
| that just shallow and one sided argument that never respect
| another side of coin
| user34283 wrote:
| Do you think anyone cares in the slightest about your
| 'personal data'?
|
| It's garbage and no one would waste energy for it, if it
| weren't for the ability to serve more effective
| advertisements.
|
| If I'm going to offer an application monetized with Ads,
| I'm going to use a big ad network like Google which
| requires cookies to personalize the ads and prevent fraud.
| I could not care less about collecting your personal data.
|
| And that's probably the same for 99% of websites.
| s1mplicissimus wrote:
| > It's garbage and no one would waste energy for it, if
| it weren't for the ability to serve more effective
| advertisements.
|
| Advertisements, among other things, for political views,
| influencing voter behavior. Which lots of interest groups
| care about
| zelphirkalt wrote:
| Well, without any personal data, FB/Meta and Google would
| have nothing. Their whole business model is selling the
| idea, that they are able to advertise better, due to them
| knowing things about people and their preferences or
| interests.
|
| Obviously you need to consider what happens in the large.
| Telaneo wrote:
| They should feel ashamed for collecting your personal data in
| the first place.
| zelphirkalt wrote:
| Yep, it is exactly what the EU shouldn't do. This will actually
| further disadvantage EU companies, when US companies are left
| to run rampant. It also will take away any "made in EU"
| advantage that EU-local companies had over US competition. GDPR
| was exactly the right step. In fact it was not enforced
| strictly enough and should have been enforced much stricter,
| punishing all the shady businesses which employed dark pattern
| to extract personal data from citizen.
| impulser_ wrote:
| Yeah, but a lot of the rules around privacy and personal data
| make it hard to accept business from Europeans. If you are a
| small business or startup you might not even accept business
| from Europeans because navigating these rules are almost
| impossible.
| Etheryte wrote:
| I'm not sure how this makes sense. Functionally the rules are
| the same across the entire bloc and it's pretty
| straightforward: unless you have a legitimate reason to store
| the data, you need to ask for consent and the consent must be
| free. I want to make more money is not a legitimate reason. I
| have a legal requirement to fight financial fraud is a
| legitimate reason. Obviously the reality is more nuanced, but
| understanding this basic idea gets you there 95% of the way.
| energy123 wrote:
| I've stopped thinking of regulations as a single dial, where
| more regulations is bad or less regulations is bad. It entirely
| depends on what is being regulated and how. Some areas need
| more regulations, some areas need less. Some areas need altered
| regulation. Some areas have just the right regulations. Most
| regulations can be improved, some more than others.
| l5870uoo9y wrote:
| I disagree with this otherwise seemingly reasonable position.
| Draghi's latest report pointed out that overregulation is a
| major problem in the EU and costs EU companies the equivalent
| of a 50% tariff (if I remember correctly). Of course,
| Draghi's report has led to nothing more than a few headlines.
| wizzwizz4 wrote:
| That 50% figure seems extremely dubious. I'd expect either
| methodological failures, or a definition of "costs" that I
| disagree with (e.g. fair-competition regulations preventing
| price-hikes, "costing" EU companies the profit they could
| obtain from a cartel). However, skimming the report (https:
| //commission.europa.eu/topics/competitiveness/draghi-r...),
| I can't find the 50% figure.
| l5870uoo9y wrote:
| > Mario Draghi has argued that the EU's internal
| barriers, which are equivalent to a high tariff rate,
| cost more than external tariffs. He has cited IMF
| estimates that show these internal barriers are
| equivalent to a \\(45\%\\) tariff on manufactured goods
| and a \\(110\%\\) tariff on services. These internal
| market restrictions, which include regulatory hurdles and
| bureaucracy, hinder cross-border competition and have a
| significant negative impact on the EU's economy.
|
| Source: https://iep.unibocconi.eu/europes-internal-
| tariffs-why-imfs-...
| palata wrote:
| Sure, someone argues something. Who knows if it's right
| or wrong? It's not a hard science.
|
| How do you estimate the cost of regulations on
| businesses? You ask businesses. Businesses have
| absolutely zero incentive to say that regulations are not
| bad. "Just in case", they will say it hurts them.
|
| That is, until there is a de facto monopoly and they
| can't compete anymore, and at that point they start
| lobbying like crazy for... more regulations. Look at the
| drone industry: a chinese company, DJI, is light-years
| ahead of everybody else. What have _US drone companies_
| been doing in the last 5+ years? _Begging_ for
| regulations.
|
| All that to say, it is pretty clear that no regulations
| is bad, and infinitely many regulations is bad. Now
| what's _extremely difficult_ is to know what amount of
| regulation is good. And even that is simplistic: it 's
| not about an amount of regulation, it depends on each
| one. The cookie hell is not a problem of regulations,
| it's a problem of businesses being arseholes. They know
| it sucks, they know they don't do anything with those
| cookies, but they still decide that their website will
| start with a goddamn cookie popup because... well because
| the sum of all those good humans working in those
| businesses results in businesses that are, themselves,
| big arseholes.
| wizzwizz4 wrote:
| That article _does_ contain the correct answer, so thank
| you very much for finding it, although the passage you
| 've quoted is ChatGPT gibberish not in the source given.
|
| Per https://iep.unibocconi.eu/europes-internal-tariffs-
| why-imfs-..., the model treats shopping local as evidence
| of the existence of a trade barrier, as opposed to a
| rational preference based on cultural and environmental
| considerations. This is why the numbers are ridiculously
| high. (Is there a 120% implicit tariff for textiles? Or
| do people just prefer warm clothes in the north and
| breezy clothes in the Mediterranean?)
| gessha wrote:
| I'm not saying the following regarding Draghi's report or
| particular regulation in mind:
|
| If an unethical business gets started due to
| underregulation and it generates revenue and contributes to
| GDP, is that a good thing?
| pa7ch wrote:
| The regulation good/bad dichotomy has been very effective
| reducing the thinking of the constituents of modern neolibs
| in the US.
|
| On one end we have regulations as part of regulatory capture.
| Opposite effect of regulations that would help say a small
| business compete fairly.
| pembrook wrote:
| Unfortunately politics has become the religion of modernity.
|
| Nuance and sober analysis like you've suggested do not mix
| well with religious dogma. It's much easier for people to
| react emotionally to symbols.
|
| For many here, 'GDPR' is a variable that equals 'privacy' in
| their brain computer. So any criticism of it or its
| implementation realities, no matter how well argued, will not
| be met with reasoned response, but instead religious zeal.
| wizzwizz4 wrote:
| Most criticism of GDPR on HN is a criticism of bad-faith
| attempts to pretend to comply, many of which are expressly
| forbidden by the GDPR. It's a well-written, plain English
| regulation, and I encourage everyone to read it before
| criticising it. (At the very least, point to the bits of
| the regulation you disagree with: it should only take
| around 5 minutes to look up.)
| idrios wrote:
| Regulations are like lines of code in a software project.
| They're good if well written, bad if not, and what matters
| more is how well they fit into the entire solution
| lucketone wrote:
| And lines of code is like the mass of an airplane.
| samdoesnothing wrote:
| In general you want as few as possible of both.
| econ wrote:
| You could also optimize everything for future updates
| that optimize things even further for even more
| updates...
|
| Humm.. that was supposed to be a joke but our law making
| dev team isn't all that productive to put it mildly.
| Perhaps some of that bloat would be a good thing until we
| are brave enough to do the full rewrite.
| AceJohnny2 wrote:
| that's right. This is the reason all my code looks like
| an entry to PerlGolf. /s
|
| The world's complicated. "Every complex problem has a
| solution which is simple, direct, and wrong"
|
| Simplicity is a laudable goal, but it's not always the
| one thing to optimize for.
| lo_zamoyski wrote:
| Ah, but "simplicity" is not necessarily "fewest lines of
| code".
|
| Code is first and foremost for human consumption. The
| compiler's job is to worry about appeasing the machine.
|
| (Of course, that's the normative ideal. In practice, the
| limits of compilers sometimes requires us to appease the
| architectural peculiarities of the machine, but this
| should be seen as an unfortunate deviation and should be
| documented for human readers when it occurs.)
| gessha wrote:
| A major difference with regulations is there's no
| guaranteed executor of those metaphorical lines of code. If
| the law gets enforced, then yes, but if nobody enforces it,
| it loses meaning.
| estimator7292 wrote:
| If the law is code, then law enforcement is a JITter
|
| (joke)
| kronicum2025 wrote:
| > But when we talk privacy and personal data there should be no
| gray zone. It has to be black and white.
|
| you are wrong. If one followed your ways, we would never do a
| lot of things. There are things called regulatory sandboxes for
| a reason. But those don't really work in fields where the
| "scale of the data" is the core reason of why things work.
|
| Chat control is stupid.
| shoddydoordesk wrote:
| Who is the audience your comment is trying to reach? Who are
| these mysterious "companies"?
|
| It's important to realize companies are made of people.
|
| Someone had to explicitly code the dark pattern in the GDPR
| cookie dialog. Ever notice the button for "Accept All" is big
| and shiny, while refusing all is more often than not a
| cumbersome, multi-click process?
|
| That's not an accident. That was coded by people. People around
| us, people who post here. I'm sure "made GDPR dialog
| deceptively confusing" went on someone's accomplishment report
| that they then used to justify a raise or promotion.
| palata wrote:
| My theory is that companies are not the sum of their
| employees. Employees are generally good; toxic humans are a
| small minority (unfortunately they tend to be over-
| represented at the head of companies).
|
| But put employees together into a profit-maximisation
| machine, and the machine will try to maximise profit, with
| dark patterns and downright evil things.
|
| Similar with our species as a whole: nobody is actively
| working to break the climate so much that their kids will die
| long before they reach the age of retirement. But that's what
| we as a species are doing _together, somehow_. Individually,
| we don 't want that, but that's not enough.
| s1mplicissimus wrote:
| Having coded multiple such buttons in the past, I'd like to
| ask to consider that the person doing the coding is barely
| the person making the decision. It's hard to reject such a
| request when your lifelihood depends on the job
| arccy wrote:
| someone coded it once, everyone else just adds another
| dependency that fulfills the spec, they don't even have to
| search for "dark patterns", just "most effective"
| eitau_1 wrote:
| Most baffling thing is that sometimes you can't opt-out from
| "always active" stuff that still involve hundreds of
| "partners"; see: https://news.ycombinator.com/item?id=45844691
| user34283 wrote:
| Users can opt-out by not using the service or buying an ad-
| free version if available.
|
| One would think that developers should not be forced to offer
| for free a version monetized with 60% less effective ads. And
| I understand currently this is indeed not the case for small
| developers, they can offer paid ad-free or free but with
| personalized ads. Large platforms apparently cannot.
| imiric wrote:
| Do you really think that clicking on any button on cookie
| consent popups actually does anything? It's just an illusion of
| choice. The reality is that these sites will still track you,
| whether that's via cookies or, more commonly today,
| fingerprinting. When they list thousands of "partners" with
| "legitimate interest", it's a hint that there's a multi-
| billion-dollar industry of companies operating behind the
| scenes that will do whatever it takes to profile and track you,
| regardless of what you click on a silly form. Regulations like
| the GDPR don't come close to curtailing this insanity.
| golol wrote:
| I think I should be able to collect whatever publicly available
| data I can find.
| rckt wrote:
| But we are not dealing here with the public data. Stalking
| people, recording their every step and action so then you can
| sell their behavioural habits is not collecting public data,
| it's stalking and invading people's private life.
| yapyap wrote:
| > I get that too many regulations is a bad thing
|
| Well yeah, cause your sentence relies on itself.
|
| _Too many_ regulations is a bad thing.
|
| But to have a lot of regulations, especially in fields where
| there is not much to be gained but oh so much being lost in the
| interest of capital gains like in generative AI, is a blessing
| rathr than a curse.
| renegade-otter wrote:
| Europe has much more fatal startup-killing regulation problems
| than cookies, however. Who cares about cookies? I am on your
| site, you are going to plant/collect cookies. These goddamned
| banners are a solution in search of a problem, and it's yet
| another hurdle a company of, say, 3 has to go through, for very
| little reason.
| thfuran wrote:
| The banner isn't required. They could just not do the things
| the banner would ask consent for.
| nine_k wrote:
| _More regulation_ , or stronger regulation, as in less wiggle
| room for businesses, may be a good thing. Case in point: a
| regulation requiring to disclose the ingredients of food.
|
| _Too many regulations_ is almost always a bad thing: numerous
| pieces of regulation rarely fit together seamlessly. It becomes
| easier to miss some obscure piece, or to encounter a
| contradiction, or to find a loophole. The cost of compliance
| also grows, and that disproportionately favors big established
| players.
| samdoesnothing wrote:
| I think this is an excellent point. _More_ is almost always
| worse, but if there is a genuine need for regulation it
| should be absolute.
| lo_zamoyski wrote:
| The trouble is that everyone else is pursuing tech unhindered
| by such regulations at breakneck speed, and Europeans realize
| that Europe - once the center of science and technology - is
| increasingly sliding into a backwater in this space and an open
| air museum.
|
| Now, some will agree with you and say that privacy should never
| be violated, but nonetheless accept a certain measure of
| tolerance toward that kind of violation, because they see rigid
| intolerance as causing more harm than the violation of privacy
| itself is causing [0]. This harm is chiefly the economic harm
| caused by the burden of regulation and the roadblocks it
| introduces.
|
| Perhaps this isn't true, but if it is, then moral offense is
| likely to have little effect. A more effective means might be
| the make following regulations cheaper. Of course, as we know,
| when you make something cheaper, you increase demand. This
| means that EU institutions would likely see this as an
| opportunity to increase regulation, nullifying the gains of
| introducing less costly ways to adhere to regulation.
|
| [0] This reminds me of Aquinas's view of prostitution.
| Naturally, Aquinas saw prostitution as a grave, intrinsic evil.
| No one is ever justified in soliciting the services of a
| prostitute, much less of being a prostitute. That's the moral
| stance; it concerns our personal moral obligations. However,
| from the position of the _state_ and how the state should
| police such activity through law, Aquinas saw the
| criminalization of prostitution, however good in principle it
| might be, as a policy that would be practically worse - even
| disastrously so - than law and policy that is permissive toward
| prostitution. Whether you agree or disagree with him, the
| principle holds, namely, that the state not only does not need
| to police every bit of immorality, but by doing so, may
| actually contribute to the destabilization of society and to an
| even worse condition than the one it is saddled with.
| wat10000 wrote:
| They should have gone farther. Don't require the user's
| permission for non-essential tracking cookies. Just ban them
| outright. No opt in, no opt out, it's just straight-up illegal
| to track people unless they're actively using a signed in
| account.
| asdfwaafsfw wrote:
| But that extra click to read any webpage was keeping me safe
| johndhi wrote:
| Protecting users in the bargains we strike with big tech is a
| worthwhile and noble effort, but privacy law has generally
| woefully failed to do this.
|
| Millions upon millions have been spent on cookie banners --
| people are still arguing about them in this thread -- but there
| is almost zero benefit to this expense.
|
| The main thing that's good about this, IMO, is that fundamentally
| training a large language model and privacy law as it's written
| today cannot coexist. They are incompatible. And allowing someone
| to break the law forever (as is happening today) is not a good
| long-term solution.
| impossiblefork wrote:
| I don't see how training an LLM has anything to do with privacy
| laws.
|
| It is perfectly possible to not train them on personal
| information, to remove or rewrite names, to remove IP
| addresses, etc.
| aDyslecticCrow wrote:
| > Training a large language model and privacy law as it's
| written today cannot coexist
|
| If they aren't compatible, then the conclusion is abundantly
| obvious; the LLM has to go, not privacy. Small and questionable
| economic utility in exchange for a pillar of stable democratic
| society are NOT negotiable tradeoff.
|
| There is enough data on the internet to train LLMs without
| breaking a single privacy law. If the economic value of LLMs
| are as real as the companies like to claim, there is enough
| data on the internet to train LLMs while paying for proper
| royalty for every single word.
|
| I don't argue that privacy laws have been perfect. Only a
| fraction of GDPR seems to actually do much. But bending over
| backwards because big tech slips a few dollars in the pocket of
| Brussels is NOT the reason we should revise those laws.
| lenerdenator wrote:
| I'm sure capitulation will teach the surveillance racket a strong
| lesson.
|
| Hold the line. Don't make the same mistake we did in the US. Your
| data is _your_ data.
| oezi wrote:
| Anonymization unfortunately is completely broken under GDPR. In
| principle it providesa clean path for personal data to become
| usable outside of the restrictions of GDPR, but in practice it
| turns out to be impossible based on current definitions.
|
| The key issue is that anonymization under GDPR requires that a
| link to a real person can never be re-established even
| considering the person doing the anonymization. Consider a
| clincial study on 100 patients and their some diagnostic
| parameter such as creatinine or H1bc which was legally collected
| using consent and everything. Lets assume we would like to share
| only the 100 values of the diagnostic without any personal data.
| It would seem quite anonymous, but GDPR would put a simple test
| if anybody using reasonable efforts could re-establish an
| identity. And sure the original researcher can because s/he has a
| master file containing the mapping. So the data isn't anonymous
| and actually can never be anonymous.
| MiddleEndian wrote:
| The GDPR somehow had the power to make (almost) everyone comply
| with it, even outside of the EU. If only they had specified that
| instead of banners, companies had to actually respect the Do Not
| Track header, even if set by default on a browser, and everything
| that could be rejected would be rejected if that were sent.
| egorfine wrote:
| It's gonna take a decade to roll down all those cookie banners.
| l5870uoo9y wrote:
| The fundamental problem in Europe is the perception that
| companies are inherently ill-intentioned, requiring micro-
| management through massive bureaucracy. It is a moralising and
| irresponsible attitude that older people can afford to adopt, but
| like so many other things, it hits younger generations
| mercilessly hard.
| varispeed wrote:
| GDPR was never about privacy, but to legitimise data trade. It
| was two step process - first train people to Agree to anything by
| introducing "harmless" Cookie Law, then once people just click
| Agree to anything, create legal basis for data trade, where it is
| no longer a grey area as most users give consent. With Chat
| Controls coming back, never assume EU is doing anything for the
| benefit of general public. What is particularly bad, is that they
| are not honest about it, just keep gaslighting.
| Telaneo wrote:
| Of all the things to yield on, the GDPR really isn't it. The
| cookie banner problem is one caused by site owners consistently
| preferring using dark patterns over just not doing the stuff that
| makes you need a banner. If anything, the EU should have put the
| hammer down and enforced its regulations on those cookie banners
| consistently having 'accept all' being the default option and the
| alternative be more difficult to access.
|
| The central browser controls they mention will hopefully be a
| more sucessful version of the 'do-not-track' header. An
| equivalent of that will be fine (although an opt-in version would
| be better), but it still needs to have legal enforcement behind
| it to work, which the old one didn't, and the cookie banners
| aren't feeling.
| peterspath wrote:
| They should do it on OS level instead of browser level, apps
| also do tracking, and collecting data. One question when you
| first boot up your device. One switch in settings.
| ngruhn wrote:
| What's the point of the choice in the first place. People
| either don't want cookies or they don't care. Nobody wants
| them. If both options are accessible enough, people always
| press decline. The EU should just make non essential use
| illegale.
| Telaneo wrote:
| I'd love for them to be made illegal, but I imagine certain
| groups of people wouldn't take kindly to that, so we need to
| do the dance and have people be tracked under nominal
| consent.
| moss_dog wrote:
| I wish there was a link to the source of this information in the
| article! I'd like to read the updated version of these laws (if
| they're public).
| imiric wrote:
| Well, that's a bummer.
|
| Despite the sentiment on this forum that EU regulations are
| hindering tech progress, Europe is one of the few places in the
| world that actually tries to keep tech companies on a leash. We
| need much more of that, not less. The GDPR and the AI Act are far
| too weak, IMO. We've seen that fines when companies step out of
| line are simply the cost of doing business for them. Tech
| oligarchs should be getting jail time for every infraction
| instead.
|
| I'm not too concerned for myself, since I don't trust any of
| these companies with my data anyway. But this is bad news for the
| majority of people who aren't tech savvy, or simply have "nothing
| to hide".
|
| We know what happens when we let CEOs run a country. The last
| thing Europe needs is to follow USA's lead.
| constantcrying wrote:
| The changes to the GDPR are completely irrelevant compared to
| what the EU is planning with chat control.
|
| The Commission is completely out of control, pushing through (or
| at least trying to) vast amounts of awful legislation, while the
| democratic processes are totally failing.
|
| What this bloc desperately needs is leadership, which represents
| collective economic interests on a global stage, not some more
| pieces of legislation trying to control the Internet or putting
| the entirety of EU citizens under suspicion of raping children.
| palata wrote:
| I don't get why people conclude from the cookie hell that
| "regulations are bad". If those goddamn websites got actual fines
| for those dark patterns, they wouldn't do it. The EU should just
| be stricter with the regulations.
| IMTDb wrote:
| I m not sure I follow your logic; are you saying that the
| regulation is not that bad because you are not fined enough if
| you don't follow it ? Some of us just follow regulations
| because it's the law - regardless of the fine. I feel like we
| should be allowed to express our opinion about their merits or
| shortcomings without considering the penalty aspect which is an
| entirely separate conversation.
| strken wrote:
| I believe the point was the exact opposite: the regulation
| isn't enforced, which creates these absurd opt-out dialogue
| trees. If it were to be enforced fully, then anyone without a
| "reject all" button would be slapped with fines. Maybe even
| anyone who doesn't abide by the do not track/global privacy
| control headers.
| prolly97 wrote:
| I don't want an internet designed by lawyers and politicians.
| And I'm afraid that's what this level of regulation and
| enforcement would create.
| pnt12 wrote:
| Any website can have a button to reject all cookies. Or if
| you use only functional cookies, you don't even need it!
| Websites could come together to make it a standard and enable
| a browser option to avoid bugging you.
|
| Guess what: they didn't want that, and some prefer to make
| cookie banners which are really obnoxious.
|
| I'm all up for incentives for better websites, and penalties
| for shit ones.
| omnimus wrote:
| People here act as if GDPR was some kind of big reason why all
| the digital tech is from US. But come on it's not like the game
| hasn't been rigged forever. To be more specific it's been part of
| the deal with europe being close US ally. None of the european
| digital tech is ever supposed to be relevant. And in case some
| european digital tech is relevant it has to be absorbed by US or
| at least made to look irrelevant so nobody sees or cares about
| it.
|
| If anything this recent lobby and political pressure to remove
| GDPR/AI laws is there to help US in time when it needs it. To
| allow some US big tech software to sweep in exploit what they can
| and help to keep the line up as much as possible.
|
| But if you really look at digital tech in europe... it's doing
| fine. Why? Because making software and compute is cheaper every
| year to a point of nothing. It's hard keep insane growth in that
| environment. Sure if you make some unique breakthrough (like AGI)
| then tech keep going again. But what if not? Then you just have
| to squeeze everyone more including your allies, especially your
| allies.
| azalemeth wrote:
| It's perhaps worth linking to the official EC page on this
| proposal: https://digital-strategy.ec.europa.eu/en/faqs/digital-
| packag...
___________________________________________________________________
(page generated 2025-11-19 23:00 UTC)