
Google Emerges as Early Winner from Europe’s New Data Privacy Law - m_haggar
https://www.wsj.com/articles/eus-strict-new-privacy-law-is-sending-more-ad-money-to-google-1527759001
======
kossTKR
While GDPR in itself has accomplished the goal of raising awareness on data
security and transparency, probably only temporarily, the mind numbingly
idiotic push-button based consent model is an utter failure.

99% of people don't read anything before they push yes. Most people get
increasingly annoyed at the mountain of e-mails, and the hundreds of pages
they in principle have to read through.

It's an extension of the already existing kafkaesque "press yes to allow
cookies" that everyday has to be pressed multiple times with no real benefits
other than wasting peoples time (at least in the EU).

People are already completely over encumbered with information. The more
people have to do the same thing the less they give-a-f.

This carpet bombing of legal jargon makes people hate services, especially the
smaller ones i am sure. "oh i don't want to deal with lots of legal contracts
again".

I completely agree that something has to be done about the data-mining and
fingerprinting monster, but the way all of this is implemented only further
exacerbates the mega-corp gardens because they can afford to hire armies of
lawyers, and because people get tired of clicking "i consent" after the bare
minimum has been done - which off course means only saying yes to companies
highest on the Alexa ranking.

Ironically these global conglomorates are the worst offenders and the original
data-disaster culprit.

~~~
dbasedweeb
_99% of people don 't read anything before they push yes. Most people get
increasingly annoyed at the mountain of e-mails, and the hundreds of pages
they in principle has to read through._

No offense, but this feels like a “99%” and “most” that is something less than
rigorous. I don’t think sound arguments for or against GDPR can come from the
“Ah Reckon” space. Throwing out made-up numbers that just represent personal
assumptions and anecdote is an impediment to real discussion of these issues.

I’d add that GDPR explicitly forbids just the kind of “press yes to forfeit
all of your rights” crap we’ve seen before. I realize that some sites are
still trying to get away with it, it it’s non-compliant.

~~~
PurpleBoxDragon
>No offense, but this feels like a “99%” and “most” that is something less
than rigorous.

I've read the contracts I have to sign, and generally this throws people off
drastically. When I ask, they tell me I'm the first to read them. Things like
leases at a place that has been around decades and I'm the first to sit down
and read before signing. While it isn't rigorous, from my experience with wet
ink legal documents, saying 1% do read EULAs and privacy policies is a very
optimistic over estimation by magnitudes.

~~~
falcolas
I think that indicates that the legal documents weren't written to be read,
more than people are too lazy to read them. They were written for a lawyer and
for use in court, and it's not realistic to bring in a lawyer for every EULA
and contract we encounter.

And just as honestly, what are we going to do - say no? Saying no is more and
more simply not allowed if you want to use a service. I've had job offers who
would rather have me walk than change the terms of employment. There's not a
website out there which allows you to use it if you do not consent to their
EULA. Hell, I've encountered a EULA when starting my (purchased, not leased)
car.

You can't even post on Hacker News without consenting to 39 pages worth of
privacy policy and TOS.

~~~
PurpleBoxDragon
And that is why I think the core of the issue is consent. The power difference
between the lawyers who understand the legal system and write these documents
and the users who are forced to agree to use the service is so great that
consent cannot exist between the two parties. We legally allow it, much like
some countries will legally let a 9 year old sign some document and then hold
them to it, but that is a legal fiction that needs to be done away with. Of
course this would be a massive shock to how we do things (how would you sign
up for a loan), but that alone doesn't justify allowing such abuse of consent
to continue.

------
echelon
GDPR is yet another moat for established companies. It may take them some time
to adapt their data models and engineer systems for data deletion, but once
they have done so, it becomes something every startup will have to implement
in order to compete.

I'm not saying GDPR isn't good for privacy (we need it); it just makes
competition harder.

~~~
imustbeevil
I think of it like outlawing chemical pollution of rivers.

Yes, a Corporation that manages not to dump toxic waste in rivers is going to
have a moat against smaller companies that do dump toxic waste in rivers.

But I'd rather it be illegal than have companies competing for who can
externalize their costs more effectively by passing their problem of waste
management to the state / local area.

~~~
hshehehjdjdjd
The only difference is that dumping toxic waste in rivers does actual,
concrete harm. Targeted advertising? The worst I’ve heard about it is that it
makes some people feel a little icky. I suppose that’s a concrete harm in a
sense but it seems a much less serious one, at least to me.

~~~
Krasnol
> The worst I’ve heard about it is that it makes some people feel a little
> icky.

Yeah sure, all that privacy, who needs it anyway?

/s

~~~
conanbatt
Its interesting how one of the most frequent uses of the right to be forgotten
is used by politicians cleaning up their search history.

Who would have thought that legislators had something to gain from a proposal
they push?

~~~
Angostura
Who would have thought that legislators would be aware of legislation.

------
mtgx
Do you know that saying: "Don't ask me how I made my first million?"

Many of the wealthy people became rich at first through business practices
that either were in a grey area from the beginning, outright illegal, or they
were made illegal later on.

However, they got to _keep their money_ , either because laws tend not to be
retroactive, or because nobody caught them, etc.

I agree there is an element true in "regulations will have the monopolists
even more to entrench themselves in their markets," but mostly because they
got their wealth through practices that are now made illegal, and they get to
keep all of that wealth when nobody else can do the same anymore.

That's really the problem here.

~~~
adventured
There are 11 million millionaires in the US. You've got it exactly backwards:
few of them did something illegal to earn that first million. There are not
many grey areas in US law as it pertains to business, there are very few. Most
millionaires derive their wealth from ordinary small businesses.

The US isn't the wild west of Capitalism. It's a very regulated economic
system. It has been that way for a very long time now. At least 10m of those
11 million millionaires generated the bulk of their wealth in the last 30-40
years, a time in which the US economy was largely as regulated as it is today.
They didn't get that wealth by not having to deal with regulations or laws
that were imposed later - the US has more than doubled its millionaire count
just since 1996.

I grew up in a very poor area of the US. I knew at least two dozen self-made
millionaires. Every one of them did it via rather boring small businesses:
insurance agencies, convenience stores, shops, franchises, publishing, real
estate, car dealerships, etc. Not one of them operated in a legal grey area.
There was no magic to it either, it was grinding year after year for multiple
decades.

I've also spent my entire adult life researching business, business formation,
finance, economics, and reading every book I can get my hands on for those
areas. I've read dozens of books on the history of business in the US over the
last 25 years. I spend hours per day reading every consequential financial
figure and article that gets published about the US and global economies. The
notion that a meaningful share of rich people get started via doing something
illegal, is nothing more than propaganda, and entirely unsupported propaganda
at that. You will _never_ see such claims supported with evidence.

------
13years
So how are video games handling this in regards to banning cheaters using IP
bans or HW ID bans?

Can a cheater now ask to be forgotten and therefore the ban must be removed?

------
piyush_soni
On a side note, should we post a link on HN which most people cannot read
without paying?

~~~
mattmanser
[https://news.ycombinator.com/newsfaq.html](https://news.ycombinator.com/newsfaq.html)

------
cm2187
The perverse effect of these consent buttons is that people who configured
their browsers to flush all cookies and session data on closing the session
get harassed much more as websites do not remember their choice, even if they
are the ones actually least likely to be tracked (save for browser
fingerprinting).

~~~
kossTKR
Nail on head!

It's complete irony. I am seriously clicking through these ginormous modals
like there is no tomorrow when i have to do research on many websites.

"Free surfing" or should we say old school internet surfing has become a chore
now because of these idiotic modals.

I am sure people will flee to walled gardens pretty quickly if they have to
constantly make extra clicks to access stuff.

------
caffeine5150
Both in how companies are complying and in the public discourse, I’m seeing a
jumbling of ‘consent’ and ‘notice’ that doesn’t align with my understanding of
the intent and reading of the law. Under the transparency principle (Art. 5)
and disclosure obligations (Arts 13 and 14), there are a variety of things
that must be disclosed to a data subject at time of collection. See
[https://gdpr-info.eu/](https://gdpr-info.eu/) for easy access to the law’s
text. That’s what privacy polices (increasingly called privacy notices) are
generally used for. Many companies are trying to either make you click
something to prove they’ve notified you or add language to the notices saying
“by using this site, you consent to this privacy policy”, which is a form of
‘consent’ they are deciding to collect themselves. Separately, a controller is
supposed to have a legal basis for processing personal data (Art. 6). Consent
of the data subject is only one of six legal bases. Legitimate interests of
the controller is the other common basis for a business and is expected to be
relied up on increasingly since the GDPR makes collecting valid consent harder
and it has the downside that it must be tracked and can be withdrawn (which
also must be tracked). Consent as a basis is not allowed to be buried in a
privacy policy. It must be called out separately with a separate consent for
each purpose the data will be used for on an opt-in basis. The policies and
these consents all are supposed to be presented in as simple and plain English
as possible and it’s encouraged to use layered notices/policies to convey
quick summaries with an ability to drill down. To add to the complexity, email
marketing is governed by the ePrivacy Directive (responsible for the cookie
banners) and requires consent. Each country has its own enactment of ePrivacy
so compliance is very complex. Also, under the GDPR, a data subject has an
absolute right to object to direct marketing regardless of the basis being
relied upon. Much of this flurry of email privacy policy updates and/or
consents to marketing are conflating ePrivacy and the GDPR. What I see right
now is a bit of a mess as companies try to figure out what compliance looks
like and balance full disclosure (transparency) with simple, easy, plain
English disclosure.

------
neurotech1
Non-Paywall: [http://archive.is/qkRNS](http://archive.is/qkRNS)

archive.is were having issues

~~~
adjkant
Edit: link removed, does not work

~~~
zzzcpan
Mandates javascript though. Who knows what it's doing.

------
jacksmith21006
Not surprised. These type of regulations tend to help the big players a lot
and just cause further concentration.

