"Insurance to defray the costs of potential litigation and fines, development time, ongoing compliance...GDPR is a startup killer"
That doesn't have to be the case. The law could easily carve-out a "safe harbor" of sorts for companies that commit to not gathering or storing any but the most basic information about their visitors.
"... there will be far fewer of them and they'll have more power..."
Or existing companies could loose a lot of power and leverage because their business-model doesn't makes sense. New ones could pop-up in their place.
I'm more than willing to give up tyrants like Facebook and Equifax for the right to control my own private data.
Privacy is good, long live disruption!
You’re missing the point. These “tyrants” can fully afford to comply (while paying scores of legal staff to scour the law to find and exploit every possible loophole), but startups can’t. That means no competitors will be able to emerge and challenge them. These companies will still be able to do much of whatever they want simply because consumers won’t have a choice. GDRP consolidates market power in the hands of entrenched competitors that can afford to comply.
Privacy is good. Killing the ability for startups to compete is bad.
I mean, it’s not like Facebook and Google aren’t already big enough to smother would-be competition in the cradle. In the other scenario competition may still be smothered, but I still get some regulatory privacy protections.
EDIT: Also, as a matter of principle, I’d gladly see dozens of startups burn if it meant broad privacy protection were enacted.
GDPR compliance and "trampling your privacy" are not remotely related. GDPR is massive overkill and unnecessarily burdensome.
I’d gladly see dozens of startups burn if it meant broad privacy protection were enacted.
EU startups will burn - not dozens though, hundreds or thousands of them - and even more will never get the funding to start because no one wants to invest in a business that can be killed instantly by massive fines at the whim of the government. US startups will thrive because they are not subject to GDPR if they don't target EU customers, even if there is some incidental EU traffic to their sites. I don't have to protect your information GDPR style on my US site, even if you are from Germany, as long as I'm not actively trying to get people from the EU to my site. But most sites outside the EU will just block EU traffic anyway (which is what we decided to do). So enjoy your new, smaller Internet with companies that will "trample your privacy" anyway because you have no competitors to go to for their services. Yes, you will be informed about what they're doing in vague terms, and yes you will have given them "informed consent"....but is it really consent if you have to give it because there are no alternatives?