Hacker News new | past | comments | ask | show | jobs | submit login

The post explicitly mentions a clause that will make that distinction. The author argues it might be removed from the final text as part of the ongoing horse-trading, but at least it’s clear MEPs do understand the difference nowadays.

If they did they wouldn't have implemented GDRP as it was. The very fact that it might be removed in a horse-trade illustrates my point.

It would be insane to implement privacy and data regulations differently for smaller companies. You would end up with startups having free reign to abuse peoples privacy in order to gain market dominance against their larger competitors who don't have this advantage, and you'd have larger companies near the threshold arguing about and doing everything in their power to stay under their threshold so they can avoid doing things like allowing people to delete their profiles or downloading their data to transfer to a competitor. Smaller or less important leaks would be brushed up under the rug because 'Well, at least they're not BA', nothing good would come of it. If the law is unduly harsh on smaller companies that's due to the realities of dealing with people's personal information in a secure manner, not because the legislators decided to put people before corporations.

No it wouldn't. Large companies can pay for a lot of things that small companies can't.

What is insane is putting in regulation in areas like this instead of just punishing people for mis-conduct.

GDPR has extended what misconduct entails. If your company acts ethically regarding the privacy of your users you'll be fine.

You are assuming that there is no room to game that. There is and the problem is now you have given those who want to cheat the system a better base to do it on now that the customers have actually given their consent.

So in theory yes, in reality I am doubtful.

You can’t punish companies for misconduct if you don’t have laws against that misconduct.

But we do have laws and we can improve those laws without adding more bureaucracy to companies which is what GDRP do.

That's just politics. It would be exactly the same at the national level.

That doesn't make it better. As far as I am aware the US does have rules that distinguish like that.

Implementing regulations for every company as if they are the same is what is absurd here.

The US are many things, but certainly not a model on the subject of personal-data protection.

Again that's missing the point.

There is a difference between making a law that punishes wrongful use of information and then forcing companies to do things a certain way. That's the point here which seems to be missed on most.

I don't understand the difference and where one would draw the line between small and large businesses. What about medium businesses?

Medium is part of small (SMBs')

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact