Hacker News new | past | comments | ask | show | jobs | submit login

It would be insane to implement privacy and data regulations differently for smaller companies. You would end up with startups having free reign to abuse peoples privacy in order to gain market dominance against their larger competitors who don't have this advantage, and you'd have larger companies near the threshold arguing about and doing everything in their power to stay under their threshold so they can avoid doing things like allowing people to delete their profiles or downloading their data to transfer to a competitor. Smaller or less important leaks would be brushed up under the rug because 'Well, at least they're not BA', nothing good would come of it. If the law is unduly harsh on smaller companies that's due to the realities of dealing with people's personal information in a secure manner, not because the legislators decided to put people before corporations.

No it wouldn't. Large companies can pay for a lot of things that small companies can't.

What is insane is putting in regulation in areas like this instead of just punishing people for mis-conduct.

GDPR has extended what misconduct entails. If your company acts ethically regarding the privacy of your users you'll be fine.

You are assuming that there is no room to game that. There is and the problem is now you have given those who want to cheat the system a better base to do it on now that the customers have actually given their consent.

So in theory yes, in reality I am doubtful.

You can’t punish companies for misconduct if you don’t have laws against that misconduct.

But we do have laws and we can improve those laws without adding more bureaucracy to companies which is what GDRP do.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact