Hacker News new | comments | show | ask | jobs | submit login

Reading the law, I only see a single exception for small companies: Article 30.1 and 30.2 doesn't apply for companies less than 250 employees.

Out of an 88 page law, 1% of an auxiliary middle of the law is carved out for small companies.

I'm not sure that counts as differential application for small companies. In the US at least, large portions of entire key burdensome laws don't apply for employers below size 50, 10, 5, etc. This does not seem to be the case here.

Does anyone know whether an official impact study on innovation was even done before its passage?




You can be a company of ten people and still turn over millions by selling your users’ data in shadowy ways. Why shouldn’t you be stopped just because you’re small. How can the size a company be used as a rational differentiator in a law like this?


Because the vast, vast, vast majority of small companies aren't turning over millions of dollars. That's the same logic as, "some people cheat on welfare, so lets defund it." This logic gets pushed around a lot by GOP pundits.

The law may be good as a whole but be overly burdensome for small companies. You should at least acknowledge that instead of just dismissing that outright.


Similar laws have existed for many decades. In The Netherlands, privacy laws date back to the 1970s.

At least my reading of the GDRP is that it tries very hard not be a big burden. If you are a small company or organisation and you collect a minimal amount of information (for example to contact them) there is not a lot you have to do.

The main thing is, you are not allowed to be sloppy. If you collect personal data, you have to think about whether you should collect it at all, where to store it, process it, and when to delete it. And you have to tell people that before you ask them for personal data.

Nothing like, we just collect a bunch of data, give copies to everybody, and have no idea what we collected. That attitude no longer works.

If you set up food regulations, are you going to exempt restaurants with only one cook? Or have aviation regulations that do not apply to airlines with only one pilot?

Given that the entire GDRP is less then a hundred pages, you can easily read it in one evening and get an idea of what you can do, have to do, and what the corner cases are that you may need to discuss with a lawyer.


> If you set up food regulations, are you going to exempt restaurants with only one cook?

But restaurants with only one cook can't afford a $300/h lawyer to tell them how to keep their shit hygienic!


And in the EU we have a different way of working. In the UK you can literally phone up the ICO and get free advice, specific advice on how to stay compliant.

If it turns out that you are in breach, they will write to you with information about what you're doign wrong and how to fix it.

In the EU we don't rely on lawyers for a fraction of the stuff you do in the US.


> Does anyone know whether an official impact study on innovation was even done before its passage?

So if it's "innovative" a small 5-person startup should be able to wreak havoc to my personal data in whatever way they see fit? What is that nonsense. Are you seriously suggesting that "innovation" in startups should be more important than my privacy?


Are you seriously proposing that regulations move forward without an understanding of their impacts?

No matter what the ultimate decision is, no matter how sensitive the subject matter, impact studies are critical to making smart decisions.


If a regulation is going to impact "innovative" startups that sell my data, I am totally for it. I don't want more innovative ways to sell my personal information.


> sell my data

I think you're justifying a really extreme reaction based on the worst behavior of a few companies. GDPR doesn't just go after data-resellers. It targets how a well-intended company can use and keep your data even with no third party involved.

Laws that mess up the good-guys lives are bad laws. GDPR is from the same folks who thought a law that lead to pestering users about cookies was a good idea.


It's not stopping any well intended company from fairly using data. A law making it harder for well intentioned gun enthusiasts from getting guns is a good law according to me. All well intentioned gun enthusiasts should support it. Otherwise there'd be a day people would get tired of the bad intentioned gun owners and legislate a complete ban on guns.

Also I like the cookie idea. If only people really cared about misuse of their data they'd like it too. We've seen how good 3rd party cookies have been for some democracies.


Maybe it's just me, but the 2nd Amendment talk in this case really seems like a hamfisted way to spout political opinion that's in no way relevant.

>All well intentioned gun enthusiasts should support it.

Really black/white argument there which the issue is not. And nor is this topic. There should be more nuance in GDPR, but there isn't which creates a lot of discomfort.

>It's not stopping any well intended company from fairly using data.

It actually is, but whether or not that is an overall good thing is yet to be seen. Certainly, they did some level of testing before proceeding.


So without curiosity or concern for any other impact you say yes...

I might say yes but I still want an impact study.

I prefer governing bodies operate with an awareness of how their actions affect society.


I don't think we're going to lose as many "well intentioned" websites as much as we'll get rid of bad intentioned businesses.


You’re missing the point. One last time: it is ideal to operate with an awareness of consequences.


> Are you seriously proposing that regulations move forward without an understanding of their impacts?

No, and it is dishonest of you to suggest that was claimed.

> impact studies are critical to making smart decisions.

Which were done as was consulting with industry etc. well before the law was passed two years ago.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: