Hacker News new | past | comments | ask | show | jobs | submit login
The European Union versus the Internet (stratechery.com)
194 points by juokaz on Sept 18, 2018 | hide | past | favorite | 200 comments



In my network of friends, which is within the EU and comprised entirely of EU citizens and spans multiple EU tech companies from dinky startups to Giant Unicorn, GDPR has been almost universally approved. We had to implement it, and generally feel better for having done so. The Giant Unicorn employees were dismayed by how little time they were given for such a giant task, but were in support of the law.

Everybody is completely and 100% against the copyright law.

There is a huge difference between the two from my point of view:

GDPR is not a law about "The Internet", it is a law about company records. It applies to Google, but it also applies to the Pakistani food stand on the corner. It affects Google a lot more, sure. I support the concept that a company does not have some inherent right to be a steward of my personal data without my explicit consent. GDPR is also easy enough for even tiny startups to comply with, and is significantly easier for small companies than large ones. It does not create a large barrier to entry for new startups or a rift between the existing small and large companies.

The copyright law, however, is a law about The Internet. It controls how businesses interact with the internet. It sets _technical_ restrictions on how they can do so. It sets technical restrictions that are probably not even feasible, at that. It absolutely does create a huge barrier to entry for small companies, and could possibly enshrine the existing tech giants into de-facto monopolies (I mean, if they aren't already...)

The copyright directive is horrible enough on its own. I don't see why everyone is in a rush to pull in mentions of GDPR to make it seem "worse". For a lot of us, it weakens the argument instead of strengthening it. Not everyone likes GDPR, obviously, but we can _all_ agree that the copyright law is garbage.


I disagree with the GDPR "success story" part of your comment. So far it's backfired entirely. The goal was to provide users with more control, and (from the standpoint of such a user) to reduce relentless personal data harvesting.

That hasn't happened. What's happened is more annoying "we use cookies and track you"-banners all over the internet. As a user who doesn't use cookies, these damned things won't even go away and keep coming back. It hasn't given me more control. At all. If anything, it's made me more trackable on the internet (because now I'll have to use cookies to tell people I don't want their god damned cookies).

Online newspapers are the worst. "Here's a front page you can read, and maybe the start of an article, if you want more, you have to give us permission to track you -- or you can just fuck off". What exactly has GDPR solved here? Nothing. Before this nonsense, I could simply tell my browser not to accept cookies from these sites, and I could tell my plugins to ignore their tracking stuff. But at least I could read the newspaper without any hassle. Now all I get is more annoying popups and less contents. Thanks, GDPR.

Yes, I'm being snarky. Yes, I know the idea of the law is pretty solid. But no, I'm not at all happy with the outcome.


Yea, I agree.

AFAIK GDPR does explicitly legislate against all that - dialogues should be "opt-in" and should include a simple "no" option, and that sites shouldn't "ban" you for not clicking "yes".

But unless EU actually starts delivering some hefty fines, the law is just a dead tree.


But if the site relies on cookies and localStorage and cannot work without it, "no" option is equivalent of "ban".

And it's their computer that allows the usage of cookies and localstorage. All modern web browsers has an option to disable them. It's technically stupid.


Nah, the equivalent is "using the website with degraded experience", not "can't read the article, we'll redirect you to the home page instead".


> But if the site relies on cookies and localStorage and cannot work without it, "no" option is equivalent of "ban".

This - unless I misread it - is flat out wrong for most of the cookie warnings I see.

There's no valid reason for a news site to need cookies or similar except for logins.

It can be proved easily by wiping cookies and verifying the site still works.


I think they're saying that a lot of sites use cookies instead of the web storage api to store the option on the dialog, meaning that even if the dialogue are opt-in, they won't work unless the user enables cookies.

Basically a fundamental misunderstanding of the difference between cookies and local storage on the part of the web developers of many sites; i.e. cookies are sent with every request, whereas localstorage isn't and these sites should be storing the option to not use cookies in the localstorage instead of cookies, and I think I'm repeating myself because I haven't had my coffee after taking a nap, but that's neither here nor there or anywhere.


> GDPR does explicitly legislate against all that - dialogues should be "opt-in"

That's can't be a real part of GDPR, can it? I don't see how you can fine someone for shitty website design.


They should, in theory, fine websites that do install cookies before you give consent, or refuse to give sevice that doesn’t strictly require cookies (e.g. an article).


If the cookie only stores the preference to not show the dialog box. That should be GDPR compliant.


You should be using localstorage from the web storage API and not cookies. Cookies are sent to the server with every request. Local Storage is not.


How do you suppose the site make money off their visits? To me what you want sounds like freeloading.


You seem to have no problem 'freeloading' HN.


They don't run ads to generate revenue. Most content sites do.


You can definitely put ads without deep profiling. They can even be relevant. Just advertise for fishing accessories in fishing articles. Or hardware load balancers on Slashdot. Why not? Better than serving me whatever someone in my family has looked before (that is if I didn't have an adblocker for the past 10 tears)


Probably most content people read does not easily translate to a product as in your fishing example. Generally, ads with no targeting are not very profitable.


My point was there can be targeting on content. Magazines have ads. Are they as profitable as privacy invading content ? Maybe not but they're tolerable.


There are ads on the front page designed to look like content.


There are ads on HN (the "xyz is hiring", and I suspect a non-zero number of articles posted/promoted to the front page are paid ads made to look like content.


The hiring ads are not external ads. HN is 100% a marketing and PR tool to generate good will amongst developers, and startup founders.

If it ever starts to not benefit ycombinator, then the aite goes away.


Ok so how's that work for a news site? Don't they need some kind of tracking to get relevant info on what their users are interested in?


You can gauge user interest by, for example, counting page views. You don't need to fingerprint users, create a catalog of all articles they view, try to guess their interest in certain topics using "AI", and do all the other absurdity that they think they "need" to do now.


IMO you could just go to another site that doesn't. To each their own.


The law was not created to piss off the minority of users that do not use cookies or use plugins or extension to protect themselves, the law is intended for all users to be informed and to allow them to protect themselves.

There are many people, like my father that don't even realize that his data was collected and sold behind his back, hopefully we get some fines soon so the websites implement the law right.

What I do if I really want to read a news article I will open it in a private window, accept that crap and close the window when done, but most of the time I will not read that website and go to ones that respect the users like Europen new websites.


> Online newspapers are the worst

Oracle. Here's July's Critical Patch Update page:

http://www.oracle.com/technetwork/security-advisory/cpujul20...

On my my domestic ADSL line the cookie pop-up takes almost 10s to load. It presents 67 checkboxes to select from. There is no default selection, so this requires at least 3 more clicks (at least the non-obligatory cookies are grouped). Submitting the form takes another ~4s -- it even has a progress bar. (Thankfully they aren't using TLS so it's not quite as slow as it could be).

Earlier this summer this component was broken and I just couldn't use oracle.com.


Same for offline businesses. Go to a bank, they'll ask your consent for handling personal data ("It's a GDPR law"). If you don't want to sign, they won't do business with you. No bank will.

So, it's just one more paper to sign, and doesn't help the actual consumer. I would have expected more of "Don't send me any promotional/survey questions unless I opt in", or "Never share my data with 3rd parties, period".


> If you don't want to sign, they won't do business with you.

That's illegal. Consent to processing can not be a prerequisite for service. [0] (Otherwise GDPR would have no power, even in theory.)

If the processing is so important that service cannot be provided without it, or wouldn't be legal to offer, it's covered under Art. 6(1)(b), (c), or (f): performance of a contract, legal obligation, or legitimate interest of the business. Consent—Art. 6(1)(a)—is what you use when you just want the data but don't actually require it to offer the service.

Saying "Sign consent or go away" is saying "We could serve you without this, but we want it, so we're lying and saying we can't."

It seems like almost everyone has chosen this weird malicious non-compliance (maximum annoyance but without the compliance) as their GDPR strategy.

Maybe lawyers found a way to claim that left is right and up is down.

[0] Art. 7(4): https://gdpr-info.eu/art-7-gdpr/


Perhaps you should go read the thing, you might be positively surprised. The first thing you want is there, the second is a more complicated question. Sometimes some of your data is actually really needed, e.g. when required by the law. GDPR is a compromise: you have to state explicitly where the data is going and you better keep it safe, under the threat of a possibly hefty penalty.

This ^ is a shortened simplified statement. You can argue semantics or maybe that I'm just flat out wrong if you wish, but that'll mean you read the GDPR, a win in itself.


> What's happened is more annoying "we use cookies and track you"-banners all over the internet.

Not exactly. What happened on many sites is that along with that notification you are given an option to opt out of tracking and view crazy-long lists of partners with whom data is shared. So on those sites the user is given both choice and greater transparency. (Although I admit usually the choice is presented in such a way that it is easy to accept and difficult to reject - which is actually prohibited by GDPR.)

However on the other hand, as you say, there are sites which only give notification without giving any choice - which is also prohibited by GDPR. So I'd say the law is good, now we need to see it enforced and actually punish sites which do not follow it.


AIUI the "allow being tracked to gain access" is unlawful.


Apparently "allow being tracked to gain more access" somehow isn't. As far as I can tell that's what every major newspaper in Belgium is doing. I suspect they've got folks in their employ who speak legalese.

But then newspapers in Belgium are pretty horrible in general. They're exempt from paying VAT, even for content they sell online. Online-only news sites don't get this exemption and have to charge 21% VAT, so the entrenched newspapers have something of an unfair advantage there. But anyway, that's a different rant entirely. Just an illustration of their general scumminess.


Is it ok to say "you get a discount if you allow being tracked"? As a practical matter, these places need to earn money to exist, so either you get served ads or you pay directly. It's highly unreasonable to expect free service.


And the GDPR says "good riddance to you if you can only make money by tracking people without the tracking itself being part of your value to them".

Not all business models deserve to succeed.


IOW the EU is picking winners and losers in the market. If your business model is based on building models of user behavior and monetizing that, you will not be allowed to succeed. If your business model is based on holding a monopoly on the reproduction or display of entertainment, you will be allowed to succeed, at the expense of tech companies whose technologies might have otherwise made your business model obsolete.

The most likely outcome will be a distorted market in Europe and European tech companies becoming even less relevant and even less able to compete in other regions of the world.


Yes, it's codifying ethical standards into law. I take it you think the US banning slavery was overreach because it made certain business models illegal? You may disagree, but the basis of the GDPR is that privacy and control over your own personal data is a human right, so violating that right is no legitimate business model.


What? You can make money by charging people for it. Don't want to pay for newspapers for example? Without ads you can either pay up directly or not enjoy the publication.

I don't understand where this entitlement for free stuff comes from.


I don't know why you think I was advocating for free stuff. I was not. I'm happy to pay for content I want. It's what time companies should be doing instead of not charging, tracking invasively, and selling user data. If you can convince people to pay for your content then the market is telling you you don't have a viable business.


I think the issue with GDPR is that you can't deny service if they don't want to pay and don't want to be tracked. Iow, you can't ask them to pay if they don't want to be tracked. That's where the complaint about demanding a free service comes from.


I'm not sure I follow. How does the GDPR preclude paid access to content?


If you want to offer a free product to those who are willing to be tracked and don't care about ad personalization (such as myself) - you can't do so without also offering to free to everyone else. You aren't allowed to ask the second group to pay if they want to use your product - thereby forcing them to offer it for free in a way.


You can serve ads without unsolicited harvesting of PII.



You may be interested in http://prebake.eu/ to block them.


"By using these filters, you are allowing sites to set cookies by default, without you first being notified, and are agreeing to allow the sites you visit to set cookies."

Does lack of interaction with a (blocked) cookie banner give implicit consent to be tracked?


No, since implicit consent is disallowed by the GDPR.


I'm a bit confused why the filter list's page says that then. I'm not sure why they need such a disclaimer, even if what it said was true.


The page is about the pre-GDPR cookie law, not about GDPR. Under the pre-GDPR cookie law, requiring an opt-out rather than an opt-in was allowed. Under GDPR, it is not.


The user I replied to has cookies disabled anyway, so that should not be an issue in this case.



I 100% agree with this. GDPR is a shining beacon of success and it blows my mind that it came from the same clowns that made the cookie law. They covered my internet with cookie banner graffiti and now they want to mess with something as fundamental as a hyperlink.


GDPR is absolutely not the shining beacon of success. Let's review at some glaring, obvious and 100%-lets-make-this-law-shite points:

1. Application and enforcement: GDPR is 100% arbitrarily enforced, it is a "trust us, we could do no harm, trust us" law, that is extremely well suited to adding other such "trust us" laws.

2. Absolutely ridiculous overreach: on a technical level, GDPR is braindead. It applies ridiculous, stupid and unnecessary restrictions for no purpose.

3. You just added an obligatory "lol accept this or GTFO" thing to all sites.


1. OK, so all laws that aren't consistently enforced are useless. What about copyright?

2. "For no purpose" - you know the purpose, you just pretend it has none because you don't like it.

3. No, that's explicitly forbidden.


3. No, you cannot serve any EU customers if there is not option to "opt out" of any unnecessary processing


The reality however, after GDPR was implemented, is 95% of the time GTFO or click accept.


Wait till mid 2019 when EU countries will actually start enforcing it. Unofficially there is a change period so probably no one will really be touched by it in the first year.


...which means these sites are not GDPR compliant and might be fined heavily in future.


In theory, very true.

I've noticed quite a few US sites, particularly some large news orgs, have been going the "accept this or leave" route, and some are going the "accept this or click on the entrance to our insane maze of links that will confuse you until you give up"

They are non-compliant, guess we'll see what happens.


> No, you cannot serve any EU customers if there is not option to "opt out"

Josh buddy. By chance, have you spent any time at all on the internet using so-called "GDPR compliant" sites?


> and now they want to mess with something as fundamental as a hyperlink.

Unless I'm missing something, basic hyperlinking seems to be excluded from the scope of the new directive, and it is instead targeting services that reproduce the publication more substantially.

Recital 33:

> This protection [granted to press publications] does not extend to acts of hyperlinking.

Article 11, paragraph 2a:

> The rights referred to in paragraph 1 shall not extend to mere hyperlinks which are accompanied by individual words.

http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//...


And now it is covered also in GDPR banner graffiti…


Cookie law is still relevant. The only difference is that now companies can actually get penalties for not complying with those rules. Previously it wasn't really enforced. Without consent no 3rd party scripts and content that can track visitor should be loaded, and once the change period of 1 year passes, a lot of sites ignoring this will start receiving well deserved penalties.


I'm having trouble figuring out what world you live in. The GDPR has accomplished nearly nothing at huge cost. Maybe the upsides will look better a few years down the line with some enforcement history, but this GDPR Compliance Coordinator strongly doubts it.


> GDPR is a shining beacon of success

I can't browse the internet with cookies disabled anymore because of all these horrible banners taking up the screen to take my consent.

For people who care about privacy, it's made the experience worse, not better, I even send a DNT header and still get this.

I am blocked from accessing certain sites, so now I have to route my connections through countries outside of the US, this is not a success for people like me.

If they had involved technical people, we wouldn't see such horrible implementations.


>GDPR is not a law about "The Internet", it is a law about company records. It applies to Google, but it also applies to the Pakistani food stand on the corner. It affects Google a lot more, sure.

It's about full stack owners vs. people who depend on modules to operate, not size of the company. And controlling or maintaining consistentcy across all those modules might be difficult when it comes to GDPR. Just think about plugin pipelines that many small businesses build with Wordpress and similar, where every service that sits between your app and your database needs to be compliant if you want to comply with GDPR.

The pakistani foodstand might be a full stack owner like Google, but in small, he controls his stack and can manually delete all records if neccessary.

But if you use modules/services you can't really reach into the DB's of your module providers.


I am not a lawyer, but GDPR explicitly covers the plugin pipelines - they're "processors". The requirements for processors are basically that you can only use processors that are compliant with GDPR themselves. Any well designed regulation disallows skirting liability by subcontracting out functionality. Is that really unreasonable? It describes pretty clearly how to be a compliant processor, and it's basically saying that you have to have a contract with the "controller" that requires you to fulfill the same responsibilities that the controller would have under GDPR if they were doing the work in house.

https://gdpr-info.eu/art-28-gdpr/


> The requirements for processors are basically that you can only use processors that are compliant with GDPR themselves.

How can you be sure that the compliance isn't just marketing? There is no official cert body or institution for GDPR afaik. Isn't it all trust based at this point?

Actual certification would require a huge continous investment, where a outside body would constantly monitor and proof your code and its side effects.

>Any well designed regulation disallows skirting liability by subcontracting out functionality. Is that really unreasonable?

But what if this industry, especially the small business world is based on subcontracting out functionality? They're basically ignoring an existing ecosystem and methodologies that developed over a decade in that space.

>It describes pretty clearly how to be a compliant processor, and it's basically saying that you have to have a contract with the "controller" that requires you to fulfill the same responsibilities that the controller would have under GDPR if they were doing the work in house.

If its so clear, why isn't there an official cert body or institution? Afaik there is none. Compliance refers to the interpretations of the GDPR text, not real logical safety on an technology level, the laws aren't detailed enough for that. To cert or guarantee safety they'd have to monitor code repos and analyze side effects of the code on a constant basis.

I think the correct way to handle data privacy is on an individual level, within the operating system and browser, making sure that your privacy settings are respected. A page that doesn't conform to your settings just wouldn't load, you get the internet you deserve.

Everybody should also have the opportunity to learn the basics of using an internet connected device, similar to driver licenses. The individual level would be a much better fit, and potentially real solution and not just a castle in the sky.

GDPR relies on trust, one little bug that results in a privacy issue and you can close up shop as business. It's a setting where those that employ cyber warfare to hack competitors and have those resources win. Politicians who brought you GDPR are the same ones that wage wars on drugs. Total morons.


From the link:

makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.

Adherence of a processor to an approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42 may be used as an element by which to demonstrate sufficient guarantees as referred to in paragraphs 1 and 4 of this Article.

You can subcontract, in the same way that a any other business has to subcontract with businesses that obey relevant laws. They didn't ignore history or the present - they added new responsibilities to subcontractors, and described requirements for those contracts.

The subcontracting provisions I think are actually very reasonable and well defined. Things like the Right to be Forgotten have other issues around free speech, but the controller -> processor relationship seems pretty well specified.


If you're using that many modules that you don't understand what's happening with your customer's data and can't easily control where it goes or what it's used for, I'm sorry, but I don't want to do business with you.


Who do you do business with, then?


> I don't see why everyone is in a rush to pull in mentions of GDPR to make it seem "worse". For a lot of us, it weakens the argument instead of strengthening it.

I have the opposite feeling. A lot of us rejected to GDPR on the basis that it's not the government's domain (any government) to impose its will on the internet. Even if the content of GDPR is well meaning it opened the door to further laws, such as the new copyright law.

By saying "GDPR is a good idea, but the EU has no right to police the internet" it saves us from further legislative efforts.

By saying "GDPR is a good law but the copyright law is bad" it means we have to have this debate over and over and the message to law makers is a tacit green light to keep going down this path.


Can you elaborate on the specifics of the copyright law?


It's all still up in the air, and the wording is vague. GDPR's wording is also vague, as EU laws are. When we read between the lines, GDPR's vagueness sounds promising (hard to over-reach, easy to understand intentions), and the Copyright Directive's vagueness sounds terrifying (easy to over-reach, hard to understand intentions).

https://en.wikipedia.org/wiki/Directive_on_Copyright_in_the_...

A big difference is in the boundaries. GDPR is bounded by your customer records. One customer, one collection of personal data. There's a hard upper limit: about 7 billion. Companies tend to scale with customers, so generally bigger companies will have bigger customer bases and bigger employee bases to handle protecting the records.

The Copyright Directive's bounds is user content. One customer, any number of potential infringements. A single person can run a company with 100 customers who upload 10,000 images each per year. Managing the customer base is pretty easy, managing the data storage is pretty easy, GDPR-protecting 100 people's data is pretty easy. But 1 million potential copyright infringements per year, each one of which could even be claimed by multiple rights holders. Your risk exposure grows with data, not with people. That one-man show probably can't handle tens of thousands of take-down requests, nor build an AI Machine Learning Cloud Native Copyright ID Blockchain System to automate it.


It's even worse. Copyright Directive is technically bound by copyrighted content, which can grow indefinitely even without the company doing anything!

E.g. imagine a company like Snap, say that they have a constant number of users and users post a constant number of snaps per day.

Therefore the amount of content posted/stored on the site doesn't grow, but you still need to be able to keep scaling the system, as the amount of copyrighted content that you should be able to potentially recognize continues growing!


Thanks for the concise scope analysis. This should be a mandatory subsection on the first page of future Internet regulations.


It's super interesting to watch the reaction of the US blogosphere to EU laws. I feel like I'm learning a lot about US culture just by observing the general attitude that seems to be coalescing against things like GDPR. I used to think that I'd been pretty well indoctrinated into the US value system, despite being born in the EU, just by virtue of having most of my influences (movies, the internet) having come from there. But seeing how much different my attitude is towards all these laws, compared to articles like this one, totally gives me a whole new source of specific little value updates I aught to make if I want to escape from a mindset I suspect isn't optimal in the current economic climate (an EU-based one), to one that is (i.e. an american attitude to things).


My perception and view of the US and it's culture also slightly shifted after GDPR came into spotlight (same conclusions as yours).

Just the other day I ended up in a discussion with a US citizen (it started completely harmless and away from culture/politics) and ended up in the same corner: "EU is bad because it limits your freedom, US is great because it gives you freedom". The problem is - the argument (my understanding of the interlocutor) was about companies, and what they can do.

In my view, in Europe there is a bigger pressure to value people/individuals over company/corporate interest and that's seems like the crux of the difference.


In my view, in Europe there is a bigger pressure to value people/individuals over company/corporate interest and that's seems like the crux of the difference.

I think it’s more about two different definitions of freedom. The U.S. defines it as the freedom to choose, where harmful outcomes are an accident of letting people freely choose. The E.U. sees it more as the freedom to live, where choices that harm quality of life need to be restrained.


I'm going to guess you're not from Europe based on that definition?

The EU constrains companies to the benefit of individuals. It's not stopping people from hurting themselves, it's stopping them from being hurt by companies who have phenomenal power over us, more power in some ways than states themselves have.


There are over 30,000 [1] paid lobbyists in Brussels, and you think "the EU constrains companies to the benefit of individuals". And these latest outrageous copyright and link proposals are widely regarded to be for the benefit of certain German media magnates.

Whatever criticism the EU attracts for its spending, the PR budget looks to be pretty good value. I'm really baffled by some of these perspectives.

[1] https://www.theguardian.com/world/2014/may/08/lobbyists-euro...


The EU actually has extensive law about lobbying.[1] It actually tries to be transparant in regards to how lobbying happens and what kind of lobbying happens.

Also, your 30K figure also includes lobbyists from civil rights groups and other NGO's. Not just purely companies.

Lobbying happens, it is how people influence politics. Better to be transparant and open about it them to hide it.

[1] http://www.europarl.europa.eu/RegData/etudes/BRIE/2015/57280...


Well take the Working Time Directive as an example; relative to my own government in the UK, the EU certainly appear to do more for the demos (with the possible exception of the current copyright directive; which I've not read the draft legislation on yet).


Relative to the US, yes it does


The freedom to conduct business is one of the core freedoms that Americans value. When Americans talk about freedom, they are including the freedom to form a business and create whatever business arrangements you want.

To American values, restrictions on how you do business are as infringing as restrictions on individual rights.


This is an excellent point.

Along that same line of thinking, I think another historical American value/attitude is that a business is a person. More precisely, businesses only exist because individual people decide to take risks with their lives in the pursuit of whatever values they hold. Since they hold the risk privately, they get to hold the rewards privately.

That many people who take such risks value financial profit may be a concern to some, but is a non-concern to society as long as the marketplace is free of coercion.


Yep, one of our fundamental rights is the 'freedom of association', which the Supreme Court has ruled is protected by the first amendment. You are free to join together with others to pursue any lawful interest, and that includes commercial interests.

https://en.wikipedia.org/wiki/First_Amendment_to_the_United_...


This proposed copyright law is about as far from benefitting individuals instead of companies as you can get.


Idk how you can argue the EU values people over corporate interest while this copyright law is on it's way to being passed.

Here's one of the many articles about what's wrong with it.

https://www.eff.org/deeplinks/2018/06/eus-copyright-proposal...


It's one of thousands of laws, but sure, this one is the definitive indicator of the EU's values.

Maybe we could try to find a single US law that we don't like and dismiss America just as readily?


We all know you're going to pick the Patriot Act :)


Or maybe The Hague Invasion Act? ;-)


Never heard of this one, and didn't know anything about it. I tried reading the Wikipedia page. Now I've heard of it, but still don't know anything about it.


How about the Second Amendment ;)


I find that article uncompelling. Cory Doctorow makes some pretty bold statements that appear to be at odds with the directive as I read it. Some of it feels like wilful misinterpretation.


I agree with those points and I'd like to add that both approaches (US and EU) have their drawbacks (and advantages).

In limiting businesses more in the EU I found out that it generally means less competition and fewer companies (per capita) than the US, in my limited experience of having lived in the EU most of my life before moving to the US and still visiting Europe every year. One of the most common shocks of moving to the US from Europe is the sheer number of options/choices that you have/can make for every little thing. Back in Europe there was 1-2 supermarket chains, here there are much more. Same for food (fast or otherwise), insurance agencies, banks/credit unions, broker services, pension funds plus countless small stores (not national chains). In most interactions I have in the US I really do feel that "the customer is always right" (there are lots of exceptions to that rule but you will generally see those exceptions also happen because of lack of competition) while in Europe most of the interactions I had as a customer meant I would have to either beg for something or get angry about it/make a scene in order to make progress on an issue.

There are also deeper cultural differences in criteria customers use to pick one company or the other. In the US people seem more willing to vote with their wallets and do not look back while I feel much less of that happening in Europe.

It's hard of course to generalize across such large and varied populations and economies but this has been my experience and it does align with logical explanations of consequences of limiting businesses more or less in a free market environment.


> In my view, in Europe there is a bigger pressure to value people/individuals over company/corporate interest and that's seems like the crux of the difference.

The sentence reads funny as if people/individuals don't own companies. A better way to put it would be that they value some kinds of people over other kinds of people. Or users over entrepreneurs, or something besides just the ambiguous "people".


I also found the reaction interesting because even techies here were overwhelmingly in favour of GDPR. Mainly because it is so similar to data protection that's been in place for 20 years and they have been used to implementing without problem. That included founders and executives within companies. Thanks to the profile of people I know that's been mainly in smaller companies. Most of the negative opinion I heard was that the regulations wouldn't be enforced strongly enough to achieve enough change.

Yet a common US reaction was to view GDPR as something draconian and anti small business, and to deliberately misunderstand that a maximum penalty wasn't going to be the always penalty. Much like this blog post does.

On the copyright proposals those same people here in the EU are unanimously against.


>and to deliberately misunderstand that a maximum penalty wasn't going to be the always penalty.

This is the only way to view penalties like this that don't have clearly defined criteria. It's all up to a judge, and when so much is at risk, a company will assume the worse.


A very American view!

This just sort of proves the point the poster was making. People here don't assume that the worst case is going to happen. Most sorts of these laws so far result in initial action taken to help (or force) the company to comply. Fines are usually only considered for those who repeatedly refuse to come into line.

My view of the US is that there are many more aggressive public prosecutors who will swing for maximum penalties, in order to make a name for themselves.

But maybe I just watch too much tv.


I agree, a very American view.

Nobody but the national regulatory instance of each country can sue, and they are in general not very happy on legal procedures.

In practice, a common Euro-pattern is this: First, a sternly worded private letter is sent to the target company. If that doesn't help, a public statement is made. After that, basic legal procedures for a small amount. The amount gets larger when the abuse is more flagrant and previous messages did not help. When the target company seems to co-operate reasonably well, no legal procedures are even started.


It isn't about assuming that the worst will always happen, it is just NOT assuming that the worst WON'T happen.

How is that a bad thing to do? Pretending that the worst result couldn't happen is just delusional - it is like people who don't wear seat belts or helmets, or don't buy insurance. Just because something is unlikely doesn't mean you should ignore the risk, especially when the consequences of the unlikely even are so high.

Yes, the maximum penalty is probably pretty unlikely; on the other hand, if you GOT the maximum penalty, it might be a death sentence for your company. When the stakes are that high, you can't just ignore the risk.


If you are always going to assume that the worst case scenario might happen, you should probably worry about the things that will actually kill you, many of which are far more likely than getting the maximum fine as a small company that is not intentionally violating the law. Something like getting killed in a car crash is much more likely and much higher stakes.


> it is just NOT assuming that the worst WON'T happen.

But it won't. You attempt to comply with the rules, show good faith and you won't be in danger.

It's not a real risk.


You have no way of knowing if it is a real risk or not. The law is the law; all it takes is a shift in power, with a group coming into power that wants to make an example of your company, and suddenly the risk is very real.


Except we do. One of the EU's laws is that all EU penalties be proportionate [0]. All other laws are subject to that requirement.

So the moment some group "wants to make an example of your company", not that I have ever heard of anyone being made an example of that's remotely akin to US punitive damages awards or 999 year Texas jail sentences, you appeal to the national or EU court. The judge will be delighted to rule the regulator's (or government) actions illegal or disproportionate. It may well also trigger a judicial review.

For an alternative outcome you would require a change in representation at the EU from 27 nations, and repeal of one of the founding principles. Not as unthinkable as the US repealing the constitution, but not very far off.

[0] https://en.wikipedia.org/wiki/Proportionality_(law)#European...


For what it's worth, an early complaint about GDPR was that it benefited the large, incumbent companies like Google and Facebook at the expense of their smaller competitors.


I think the maximum penalty = always penalty sort of misunderstanding tends to appear when programmers look at the law. Technical people tend to look at the laws in a technical way. Does this equal a violation or does it not? If it does, what will it cost? Judicious opinion or "We'll know it when we see it" rarely sits well with those of us who are used to cementing behavior into lines of code.

Existing laws we already operate under have much more severe maximum penalties than people realize, and judges are (relatively) reasonable at applying them correctly. Right here in the US, nearly everyone is technically violating some law every day, the key is ensuring that our justice system has the mechanics in place to deal with clear violators, while having adequate redress for improper application of the law.

The copyright law is much the same. No, memes will not get banned by it. Yes, Google News will have to pay for the content they scrape. No, you will not get hunted down by the copyright gestapo for sending a link to a friend.


Existing laws we already operate under have much more severe maximum penalties than people realize, and judges are (relatively) reasonable at applying them correctly.

I don't think the system is working well at all. We have a situation where vague laws with severe penalties allow prosecutors to grossly overcharge. This is then used to coerce the accused into waiving their rights to a trial, in return for the certainty of a more limited punishment.


In America.

In Germany "deals" are very much not liked by the law profession, and only a very limited form of it has been put into law. And even that is very sharply debated in the profession.

Add to it that prosecutors actually do look for mitigating circumstances, and do not regularly appeal a verdict that they feel is a bit too low, thus preventing the appellate court from handing down a harsher sentence, making the appeal risk-free for the defendant.

It's not all roses here, but you also shouldn't assume that this "either plead guilty and accept five years or risk three hundred years" is a universal property of judicial systems.


To echo the other comment - this isn't familiar to me in the UK either.

Guilty pleas do usually result in lower tariffs, but AFAICT we have little to none of the horse-trading that's continually portrayed on US television.


Be careful about assuming too much consistency in the US populace. I'm born-and-raised US, and our attitudes can be very hard to describe. We'll hate "Obamacare" but actually support all the individual parts. We'll complain about govt spending then complain when the govt doesn't function. We'll complain that people don't trust science about global warming but avoid vaccines and expect GMOs to actually mutate us. We'll complain about "participation trophies" but want benefits for seniority without regard to performance. We'll celebrate a rancher facing off against the govt and then rail against someone else "taking the law into their own hands".

Then we'll reverse any of these positions at the drop of a hat. I'm not saying we're RANDOM, I'm saying it can look so. There might be dozens of upcoming responses to this comment, each suggesting a different "simple" solution ("It's about self-interest" "It's about freedom" "it's about personal responsibility") but they will all either fail to reconcile, or give you a simple explanation that is nonetheless hard to extrapolate how the public will respond to a given topic.

My personal opinion is that neither the EU nor the US has an optimal economic outlook, but it may not be possible to have one - it's hard to combine the benefits of rugged individualism with the benefits of communal cohesion. Hard to mix diversity with unity.


> Hard to mix diversity with unity.

It's actually not that hard. You can have a mexican restaurant, hibachi restaurant, cajun restaurant and winery all in the same city and patronize a different one each day. That's the benefit of diversity.

What doing it wrong looks like is accusing the mexican restaurant of a moral failing because their staff is mostly latino, or the winery because their staff is mostly English or French. You don't maintain diverse cultures by requiring every place to be formed of exact proportions of statistically precise homogenized diversity paste, you get them by having clumps of different cultures near each other that trade and learn with each other while continuing to possess their own discrete cultural identities.

All unity requires is coexisting without fighting each other.

The fact that some people do it wrong doesn't mean there isn't a way to do it right.

And that's also why you see people on both sides of any given issue. A diverse country does not have a homogeneous people.


Please don't think I'm dissing diversity - I'm all for it.

> And that's also why you see people on both sides of any given issue

Often that's a great thing. Sometimes it's not. That was the point I was making.


Your last sentence sounds like cargo culting at its best.

I won't claim to know what the "optimal mindset" is, but I think it's obvious that both the US and the EU have made many blunders in recent history, economically and otherwise. I'm sure if there is an optimal mindset, it is one that learns from those of the US, EU, Asia, etc. and takes the best of each (not necessarily in equal proportions, of course).

Knowing different cultures, contrasting them and making your own choices will always be superior to being "indoctrinated" (voluntarily or not) into one.


In my mind the difference is that:

* In the US: Don’t use social media if you don’t want to be tracked, it’s your choice.

* In the EU: We cannot compete against big US companies so we will pass laws that are popular with entitled people to weaken them in the name of social benefits. Win-win for politicians.


I mean, the former attitude is known to be totally ineffective. The latter is possibly effective, at the cost of being (possibly?) extremely damaging.


I don't use any social media, how is that ineffective?


You're still tracked, analyzed, and targeted both on and off the web by thousands of companies. Not to mention government snooping and surveillance. Even the social media giants which you deliberately never signed up for are still collecting and monetizing data on you.


Oh I see what you mean. Does this change if you don't use any of Google's products ie. web browser, youtube or search engines?


If you never run JavaScript, don't use an IP traceable to you, then you're probably safe from tracking. But GDPR applies offline too, so your insurance company can't increase your bill because you drink too much coffee and have a loyalty card, without you being able to trace that link.


I don't know how wide their web is. I know they have partnerships with some third parties, presumably some involves tracking that data.


Unless every single person you know also strictly avoids social media, you are still getting tracked by social media companies.


Facebook and Google are known to track non-users around the internet as well.


Your mind has a very skewed outlook then.

It's not about weakening companies, it's about keeping them in line, ethically.


One of the criticisms of this directive is that only YouTube et al can afford to comply. If that's true, surely the big US companies will be delighted?


I also find it interesting from the inverse perspective. I am of course naive, but I think most of the viewpoint differences boil down to how one views business owners and government. Not necessarily one versus the other, though that does come in to play, but more about whether the former deserves rights/consideration and whether the latter is equipped to reasonably restrict them. This is especially true for big business and big laws.


The "US blogosphere"'s perspective is heavily weighted by people who are employed by companies which lose money because of EU laws, people who have invested in companies which lose money because of EU laws, or people who are paid by companies which lose money because of EU laws.

Which is to say, I'm an American who's wildly in favor of the EU's regulatory changes to reign in big tech, but when you consider how many different individuals or organizations are by FAANG companies, the media perspective on these laws can be... tainted by self-interest.

Also note that movies and TV are often oddly at odds with even the industry that creates them. For instance, Hollywood is notoriously liberal (to the point that conservatives have to hide their political affiliation), and hence very pro gun control. Yet if you've seen many of our movies, you might have noticed that building props for Hollywood is a statistically significant portion of the gun manufacturing industry!


Yeah I always laugh when people talk about "the West". Globalization is far, so far away. Truth be told there was more unity in the world when dynastic royal families ruled the world- not democratic nation states.


They're just complaining because it's EU and not US. American DMCA law is much worse than GDPR, predates it by like 2 decades, and basically the whole world is subjected to some of it (because US companies are global monopolies).


The people complaining about the GDPR have been complaining about the DMCA since before it was passed.


The DMCA was and is terrible. The GDPR is a great step forwards.

The DMCA was an attack on consumer rights. The GDPR is their extension.


Exactly. It's when the complaining stops (and/or the complainers are demonized) that the mandate to move on to more invasive laws is given.


It's not just the EU that the Internet is in danger of.

A Labour MP in the UK announced a bill that wants to curtail "closed" forums on social media [0].

Analysis on the topic [1].

[0]: https://www.v3.co.uk/v3-uk/news/3062557/mp-plans-laws-to-ope...

[1]: https://www.youtube.com/watch?v=eobVBf5S8uM


That's absolutely ridiculous. Is she going to let us listen in on all her private phone calls? Read all her emails?

Please tell me this has no hope of passing...


It's a Ten-minute rule bill. Ten-minute rule bills have no hope of passing. You're welcome.


For the lazy folks who (initially) thought this was a 120x extension to the 5 second rule: https://en.wikipedia.org/wiki/Ten_Minute_Rule


Whoever purposes such an irresponsible and evil law should also have no hope of a future in politics.


That's a really nice thought.


> This brings me to a piece of legislation I have been very critical of for quite some time: GDPR. The intent of the legislation is certainly admirable — protect consumer privacy —although (and this may be the American in me speaking) I am perhaps a bit skeptical about just how much most consumers care relative to elites in the media.

Amen. The way Google and FB are using data just doesn't bother the masses the way it bothers the media and the narrative they've built (or the way it bothers us). There are many steps that can be taken, some incremental, towards the curbing of these practices. But we, as technologists, should always decry heavy-handed government regulation of the internet, especially as an early step. The intent does not matter.

If legislation doesn't work, don't make more or make it larger assuming it was the scope that was the problem. Take a step back and recognize alternatives including enforcing existing statues, promoting alternatives, educating citizenry, more targeted and narrowly scoped legislation, etc.


> But we, as technologists, should always decry heavy-handed government regulation of the internet, especially as an early step.

This is not an early step. The trend has been clear for the past decade, and it has been going in the wrong direction, at increasing speeds.

This is pretty much something the tech industry brought upon itself by trying to always trying to outdo itself in terms of how much tracking and privacy violations it could get away with.

IOW, from a techie to another: cry me a river.


>The trend has been clear for the past decade, and it has been going in the wrong direction, at increasing speeds.

Tools to block tracking have gotten better. Spyware is more difficult to spread, etc. I'm not convinced it's going the wrong direction "at increasing speeds". Do you have any empirical evidence of this or is it just based on perception?

>IOW, from a techie to another: cry me a river.

Don't do this.

" Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something. "

https://news.ycombinator.com/newsguidelines.html


>> The trend has been clear for the past decade, and it has been going in the wrong direction, at increasing speeds.

> Tools to block tracking have gotten better. Spyware is more difficult to spread, etc. I'm not convinced it's going the wrong direction "at increasing speeds". Do you have any empirical evidence of this or is it just based on perception?

To make an analogy, what you're saying is similar to saying "I'm not convinced violent crime is going in the wrong direction, because people many people are regularly wearing better bullet-proof vests."

Better tools to block tracking is part of a trend going in the wrong direction: an arms race between trackers and anti-tracking blockers. If things were going in the right direction, we wouldn't need better blockers, since the tracking companies would have taken the hint, and either become opt in or respect simple measures like DNT headers.


>To make an analogy, what you're saying is similar to saying "I'm not convinced violent crime is going in the wrong direction, because people many people are regularly wearing better bullet-proof vests."

That analogy only makes sense if the bullet-proof vest prevents violent crime entirely. Someone shooting you when you wear a bullet proof vest is still a violent crime so I'm not sure what point you are getting at.

>Better tools to block tracking is part of a trend going in the wrong direction: an arms race between trackers and anti-tracking blockers. If things were going in the right direction, we wouldn't need better blockers, since the tracking companies would have taken the hint, and either become opt in or respect simple measures like DNT headers.

Solutions that depend on the goodwill of participants don't work on the Internet. The only people they impact are the ones that want to play by the rules.

You know it's illegal to take people's money out of banks, yet for some reason banks still use encryption. Don't you wonder why?


> This is not an early step. The trend has been clear for the past decade, and it has been going in the wrong direction, at increasing speeds.

It's an early step if you count successes. You build on success, not failures, surely that's clear. I agree it has been a trend and has been going the wrong direction at increasing speed, assuming you mean the trend is large, general internet restrictions imposed by governments.

> This is pretty much something the tech industry brought upon itself by trying to always trying to outdo itself in terms of how much tracking and privacy violations it could get away with.

I agree we brought it on ourselves by giving an inch. If it's privacy violations that are the problem, what are they violations of, prosecute under that, move on. If the legislation is working and needs more teeth, add em. Otherwise, its politicians trying to outdo themselves over how much interference they can get away with. And we have said "get away with plenty".

> IOW, from a techie to another: cry me a river.

I say the same as one citizen to another wrt your data.


The problem they were trying to solve was a lack of transparency about what's happening with our data.

Now, I thought I was reasonably engaged on this topic and I thought GDPR was overreach. I also thought I was reasonably careful about giving out my data (sign up to very little, don't use FB etc).

That was until I started to get all the GDPR popups and read about all the places my data was being shipped to. Holy crap I was naive. I've done a 180 on this now and am a buyer. It would have been great in legislation wasn't required but I'm fully onboard with it being needed.


I think we have to separate the ability to control our own information, demand privacy if we want it, and things like the right to be forgotten, which I find far more objectionable than gdpr. I should be able to tell companies they can't use my info and activities any way they want. We have large companies that are effectively general utilities that a modern educated person almost needs to use (email, linked in, to a lesser degree facebook) to be successful, and I even pay google for my email and domain but they still have complex privacy tracking descriptions that always looks like they can basically do anything inside their system with my activities that they track. I don't care that it makes their life harder, they are making plenty of money. I'm actually paying them and I can't really compel them to change their behavior.


I think we all want that, or some form of it. But how do we get there?

> We have large companies that are effectively general utilities that a modern educated person almost needs to use (email, linked in, to a lesser degree facebook) to be successful

I personally don't feel like we're there yet.

> I can't really compel them to change their behavior.

You and I have reached the same epiphany. Let's work around them. Let's even fight it with legislation if we must, but let's make positive strides in that direction, not negative ones. We should foster an open environment for others to build these workarounds, not scare them inadvertently while trying to solve the original problem.


> although (and this may be the American in me speaking) I am perhaps a bit skeptical about just how much most consumers care relative to elites in the media.

The difference in general between EU and USA: in the EU it's seen as a good thing to protect people even when they don't understand why. In the USA, excluding weird outliers like "careful, fresh coffee is hot" it's not.


> in the EU it's seen as a good thing to protect people even when they don't understand why

Use of the word "elite" by the author encapsulates this mentality. What if they do understand why and still don't care? Or at least, to speak from my perspective, what if they do understand why but also understand that the approach used makes things worse? It is so disappointing watching so many praise the intent of the law instead of the practicalities that I wonder where real understanding is lost. Recognition of a problem, and even recognition of what might work in some idealistic situation, is not enough to be construed as understanding the situation.


The US assumes people are capable of understanding things for themselves- my grocery store tracks my purchases in exchange for coupons and discounts, I feel it's worth it. FB holds my family's pictures hostage to show me ads, not worth it. Simple.

The EU also seems to assume that if someone is making money, someone else is being damaged- that every economic exchange is unfair. I don't really think that's true- it's not that Google or FB is taking massive advantage of me, they are taking a teeny-tiny bit of advantage of a massive number of people.


> The EU also seems to assume that if someone is making money, someone else is being damaged

How did you reach that conclusion?


Maybe I should be more specific to making money online- but nobody collects data that I didn't give them. The tone of EU laws is that instead they 'took' that data from me.


This assumes that people understand what data is gathered. Which is the whole informed consent that is required by the GDPR.

You can still say "I want you to take my data and I'm fine with it" as long as the site made a good effort of explaining what and how they are using it.

Just an anecdote, but people always reacted with shock when I tell them what information is gathered.


This information was always public though, just no one cared. 'Information wants to be free' is a universal law, not just for governments, universities and corporations.


I believe it bothers most people once they become aware of what is stored, how it's used and can be used against them. They are not aware of that though and when you tell them about it they have a hard time believing. And I don't think media cares that much, I don't know why it seems to you that it does. Media is often complicit with all that spying too.


"The masses" also don't care about, say, safety precautions their taxi drivers have to take. Until they're in an accident.


> Amen. The way Google and FB are using data just doesn't bother the masses the way it bothers the media [...]

The way elected autocrats rule also doesn't bother the local masses, obviously. The masses are short-sighted, lack understanding of certain abstract or technical concepts, and are easily fooled and misled by strong feelings.


Lol you technologists are payed by advertising money. Inconvenient truth.


It seems there's a common warfront in general around what can or can't be said, and it has coalesced in the every-one tool, the Internet.

Greater ease to publish, greater impulse to control one another.

The test of our day seems to be around the right to speak freely, online.


I'm surprised Tor usage hasn't skyrocketed.


I'd say the lack of Tor-exclusive easy-to-use applications. That Tor underpins an application should be transparent. If the Tor browser is the same on the outside as a web browser but slower, the anonymity alone isn't a good enough reason for many to use it. Rather, a (non-browser?) communication platform needs to compete on features and just happen to use Tor.



Darknet markets had a huge boom around that time, too, which could also correlate. I think it's more likely the cause than Snowden, as I think more people care about drugs than privacy.

https://en.wikipedia.org/wiki/Darknet_market#Silk_Road_and_e...

https://trends.google.com/trends/explore?date=2013-01-01%202...


Many sites (including this one) shadowban accounts created via Tor. So basically, you can't use Tor for social media.


I will come out and say I don't agree with this portrayal of EU legislation being absurd. Time and again we're discussing what's wrong with the current web landscape: commoditization of content, leading into an attention economy with tracking and surveillance, and concentration of ad spend and most money to be made in the hands of very few players. If creators don't get their share of profits made using their works, this won't sustain further content creation. YouTube and file sharing sites can not shrug and say "we're just running the platform" when they disproportionally benefit and leave content creators with a pittance if anything.

Now that the EU actually wants to do something about it, the law is being denounced as lobbied by big media, but, to the contrary, the current status quo only serves Google et al. I have my reservations about the feasibility of content filtering, but "EU vs the Internet" is coming from an internet "mob" mindset having come to expect everything to be free (as in FREE of direct cost) immediately and without friction. "The Internet" is not consumers, but made by creators. In fact, I'm cautiously optimistic this (and the GDPR) legislation will benefit smaller publishers and diversity and bring back unproblematic syndication and end-user content aggregation via RSS or similar.

The EU is first and foremost a common market and concerned with creating fair economical conditions. Obviously, the web is stuck (economically) in a quasi-monopolistic situation. The EU Commission/Parliament is attempting to do exactly what is necessary to re-establish desirable market conditions. If they'd do nothing, this would question their very reason for existence; they're not in for establishing state- or other monopolies. Along these lines, what the EU should consider next is to establish workable e-payment standards and legislation.


So there's a lot of coverage about the EU parliament process, but where did the drive for this copyright directive come from? There seems to very little coverage on how this directive came about. Whose interests are being represented by these changes?


My understanding is the copyright proposals were at least partially thanks to incumbent big media in Germany, and their link tax reaction to Google news.


> but where did the drive for this copyright directive come from?

A similar yet more apt question might be, where did the idea that parliament can get away with such large internet regulations come from?


The fiction of every law making organisation is that they can get away with creating every law they want. If they did not believe this fiction, the whole idea of law as something that applies to everyone becomes meaningless. In practice, the power of a lawmaker is limited by if he can get the law applied.

For example, multiple muslim countries have laws banning women walking around without head scarf. Not only in their country, but everywhere in the universe. In practice, you see many women walking around without one, and the relevant lawmakers dont know or care. But suppose one of these women is in such a country, gets summoned in court for this, and proof is given she violated the law, even outside the country, then the judge has only one option: Guilty. Society runs on hoping this does not happen, i.e. selective enforcement.

For Europe, the situation is clear: They can get away with any law in Europe, as long as it doesnt cause them to be voted out. And it seems the general public is not going to vote them out, so they can easily get away with this.


Economic interests. EU governments are seeing the majority of digital revenues carted off to american coffers and want a bigger slice to remain in europe to bolster its lagging economy.


If this were the case, I think it's much more likely the EU would try and achieve this via changes to tax law for corporations operating within the EU than copyright directives.

There's been a lot of press about how little tax the Google's and Starbucks of the world pay in the places they derive the revenue, and some of the highly creative ways they avoid (not evade) taxation. That would seem to point at issues with international taxation agreements rather than copyright.


> it's much more likely the EU would try and achieve this via changes to tax law for corporations operating within the EU than copyright directives

Top income earning families in many EU states pay shockingly little in taxes. They're able to structure their gross income such that reportable income is virtually nothing. These families are rich and powerful, and go a long way towards explaining why the EU retains its complex tax code.


This directive has been simultaneously criticised for being both a) an outrageous cash grab from the EU, aimed at making money from Google et al and b) an incompetent "poorly drafted" piece of legislation that stops anyone competing with YouTube, hence ensuring their monopoly in the lucrative "boring videos" market.


Corruption: lobbying and corporate money.


Rest assured that there certainly wasn't any democratic majority pushing this. EU is exceptionally good in hiding the regulatory capture.


The author's strange interpretation of the motivations behind the GDPR makes me ask if he never spend any thought on the preceding data privacy directives and national privacy laws of EU members. It's a rather small update, not big paradigm change and the GDPR is rather in the same spirit like the privacy laws of the 90s and 80s.


"Internet tech giants including Google and Facebook could be made to monitor, filter and block internet uploads under amendments..."

Should read.

"Countless companies that do not have the resources of Google and Facebook could be made to monitor..."


I think it boils down to the following question: "Do you trust the government to make decisions that will benefit and protect you?" In the EU, it appears the answer is Yes. In the US, the answer is unequivocally No.


IMHO, It should be up to the respective authorities to decide if things are covered by copyright or not. Following this ridiculous proposal, THEY should be the ones to provide the relevant tools and services to service providers to enforce this ludicrous position.


I take it that every one is pro intellectual property when it comes YOUR data being handled by services through their support of GDPR. But also anti intellectual property when it comes to copyright data being handled by services through their opposition to copyright laws, because that would be overreach.

Just take your punishment.


The only part about these EU types of laws that kinda rubs me the wrong way is how they infect across business dealings. But overall I support their objectives, even if I think the true solution to some of the problems they're trying to solve is a technical change to how the web and internet work.


I disagree with the EU about their copyright legislation, but applaud their attempts at increasing privacy.

What I find odd about the conversation around EU internet legislation is the idea that "The Internet" is a single entity that has some kind of natural state, and further that natural state is for all information to be free and to be a place where anyone can say anything (or should be able to). I think this grows out of the American origins of the Internet, and the American concept of free speech.

But other countries have different views of how free speech should be. Should you be able to deny the holocaust? Should you be able to purchase unlimited political ads? Should you be able to spread misinformation? Americans tend to say yes, because the truth will sort itself out. I'm not going to make a judgement on whether that's true, but it is true that other societies make different judgements on where to draw the line on freedom of expression, and those countries have a right to implement those decisions for their people on the Internet just as much as Americans have a right to have wild-west style freedom of expression.

Oh, also, before someone straw-mans me, I'm not talking about repressive regimes. I'm talking about societies where the populace is making informed decisions about their leaders, and have collectively decided they draw the line on expression in a different place than Americans do.


> ... and those countries have a right to implement those decisions for their people on the Internet ...

No, they do not. One's natural rights do not disappear just because one happens to be living under a regime which fails to acknowledge them. When an American talks about the freedom of speech, they're talking about a right shared by every human being on this planet, not just the ones who happen to live in the USA. It is a matter of objective fact, not opinion or local preference, that the use of force, including fines, imprisonment, etc., is not a proportional response to mere speech, regardless of the content.


It's a matter of objective fact? Show me the experimental data that shows the American interpretation of freedom of speech is correct. Even Americans draw the line somewhere. For instance, the old "shouting fire in a theater." bit. Or, say, planning a murder.

Other people decide to draw the line different places. Sorry, but claiming the American legal interpretation is "objective fact" and, say, the German one is wrong is just crazy.


Personally I think the crazy notion is that governments have rights. They are an embodiment of power. They need and have limits not rights. If the people stop the government from having an army - circumstances of the practicality of doing so aside its rights haven't been violated. It doesn't have any and the notion they do is absurd.

Even the transience property of personhood for corporations (regardless of one's opinion on the matter) doesn't apply to them for several reasons. Anyone with sufficient actually trivial resources can form a corporation. Forming your own government (in a non-parliment sense) is generally known as treason.

The people may have a right to self determination but that is a very big distinction.


Assuming a well-functioning democracy, they have whatever rights The populace wants them to have, including deciding what types of speech are acceptable.


>Assuming a well-functioning democracy, they have whatever rights The populace wants them to have, including deciding what types of speech are acceptable.

So... mob rule. That seems like a very stable and restrained society. I can't think of any obvious problem with that, or any time in, say, German history (to name a particularly egregious example) where mob rule run amok destroyed most of the Continent. Or Russian history. Or Cambodian history. Or Chinese history. Or...

The only currently reliable way to defuse mob rule is to decentralize. This is done by passing laws that say that society can't stop its individual members from doing certain things. And while this does lead to a very polluted commons (and sometimes isn't sufficient on its own to prevent the mob from taking over), it also leads to an exceptionally stable society simply because the "we should gang up and hurt/ban the people we hate" reflex is impotent outside of one's chosen groups and the hands-off attitude becomes ingrained in the people after a while.

The right to be wrong is important, because once the mob decides that your life itself is wrong (or rather, the closer the local Overton Window is to that idea- the more entitled a society is to restrict its members, the closer it is to this by definition) you're in trouble as soon as the mob hits a rough spot. It might advance faster at times, but it's just too unstable.


While mob rule can be problem it has long been the 'democratic bogeyman' to justify why oligarchs and dictators must retain power even if what they want isn't remotely close to being unreasonable like not facing famine when it can be prevented. I'm not sure that decentralization works for stopping it - just limiting their demesne to one small town where you could be lynched instead of a whole country.

The system of constitutional rights of some sort has worked pretty well to excellent for limiting that purpose especially when combined with a judiciary willing to look ahead. The issue it helps prevent is the same as the mob rule example although it can also happen with more 'restrained mob rule' situations in a set up for a turnkey dictatorship that allows for absolute power in just a few steps.

The 'democratic institutions' and societal structure seems to be a factor of how resistant from degrading as well, how likely a transition to democracy is to stick and not have travesties in the attempt and how the aftermath of a dictatorship is handled. It would be interesting to see if there can be a good qualitative breakdown here as there are for signs of rising fascism and dictatorships.


> It's a matter of objective fact? Show me the experimental data...

You're looking in the wrong place. It is objective precisely because it comes from logic, not experiment. The question is not "which system better optimizes for a certain set of subjective preferences" but rather "does this act inherently justify this response". That is true only if the response is proportional—similar to the original act both qualitatively and quantitative—because the perpetrator of the original act cannot then argue that their action was right and proper while simultaneously claiming that the same action is wrong when someone else does it to them. Either they allow that the response is acceptable, or they admit that they were wrong to behave as they did. However, you cannot make that argument if the response is non-proportional, such as the case when responding to speech with force.

> Sorry, but claiming the American legal interpretation is "objective fact"...

I'm not making any claims about the American legal interpretation, but rather the principles of natural law which underpin the best parts of it. There is still a lot which the American legal system gets wrong on that score, including that travesty of a ruling made under duress to justify suppressing political protest against the draft (the infamous "shouting fire in a theater" case).

> Or, say, planning a murder.

The problem with that is not the planning, but rather the intent to actually murder someone, which is obviously not merely a matter of speech. There is nothing fundamentally wrong with planning a murder, per se; mystery-novel authors do it all the time. If you lead people to reasonably believe that you actually intend to commit the murder, however, then you shouldn't be surprised if they respond accordingly in self-defense against an imminent threat of irreversible harm.


in claiming that our rights are self evident, we are very much saying that everyone else is wrong.


Let's say I live in the EU but use a VPN in another country can I circumvent this copyright law?


To be hypocritical is to be human: if the EU can make life miserable for some American based businesses Trump style I won't lose sleep over it.


tldr; the author uses the copyright directive to go off tangent and cry about GDPR a bit more


The usage of natural language to write legislations about internet will always create ambiguities and loopholes. I think regulations should be writen in a mathematical language with proof of consistency and unambigous reference implementation of algorithms that are imposed to FAI.


I thought the whole point of legislation is that it should be left to reasonable interpretation. Trying to be exacting just leads to a race to how many loopholes we can find (and we will find them), and now you get a scenario where the law only applies to you if you cannot afford a sufficiently good lawyer.


I like this idea. In the internet "code is law" https://www.socialtext.net/codev2/Code%20Is%20Law - regulation happens essentially through the code of our publication platforms. Having formal specifications makes it clear wether a platform complies or not. I don't think law makers should write code thought. But laws of the form: Every website has to implement HTTPS. Or you have to accept this OAuth providers could be effective.


Lets pass a law that states all laws must be written in Haskell!

Best part about it is much fewer laws will be written since so few understand that language.


But the laws that were written would apply to all, even those who don't know Haskell. That's probably not a desirable outcome.


> Best part about it is much fewer laws will be written since so few understand that language.

Legalese didn't seem to have that effect.


Yea but you can throw legalese madlibs into a document and get it passed as law as long as you provide the legislators enough kickbacks.

Haskell has to compile at least, and be pure and stuff.

Who's up for a Pure Functional Programming government.


Sometimes I get the impression we get pure fictional programs before the elections ...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: