If smaller players do not want to comply with EU regulations, it's fine with me (I hope I got your point, but I'm not sure). If you want to do business in a place, you have to follow the local regulations. I don't see the problem there.
I get that regulations make it more difficult for companies to enter a market, but if that means more protection for the user privacy (in this specific case), I cannot see how that could be a problem.
The fact that the EU might have more data protection than, say, the US, could also be an added value to a service. Case in point: protonmail. It's not EU-based, but they use Swiss privacy regulations as a selling point. Some people are willing to pay more for that.
I think the point that the GP post is making (which I agree with) is not to complain about the burden of complying with local regs, but to point out that consumers in the EU are going to miss out if small companies don't offer their services there due to regulatory concerns.
> I cannot see how that could be a problem.
This is a cost/benefit calculation, but not an easy one. In general a given set of regulations will have both costs to the consumer such as reduced choice and increased prices (due to regulatory costs being passed through), and benefits such as better protection of personal information in this case.
Now, the fact that users in the EU seem to currently be supportive of these regulations suggests that they are willing to pay that cost to get that benefit. And that's their decision!
But consider the scenario where this trend carries on, and startups are increasingly not able to get a toehold due to incredibly high compliance costs. That could stifle the economic development in the EU, and lead to further concentration of power as only large companies can afford to pay the lawyer bills to meet the regulations.
> I think the point that the GP post is making [...]
Yup, that was the point.
> And that's their decision
Some at least. It's modern European federalism. The same people that the lawmakers believe aren't able to make their own decisions about which services are good or bad for them are, yet, able to determine that these regulations will be beneficial.
> The same people that the lawmakers believe aren't able to make their own decisions about which services are good or bad for them are, yet, able to determine that these regulations will be beneficial.
That's a valid argument in a perfectly transparent world with even negotiating power. But companies are opaque or change their handling of data (that one is the basis of this story!) and there's a race to the bottom where most options are severely lacking in privacy.
And these regulations are a very minor impingement on free contract-making. You can still give up privacy, you just can't give it up irrevocably.
Even negotiating power would be a valid argument in a perfectly regulated world. But governments, often with good intentions, improperly or overly regulate many times only stifling us small guys and often not even knowing it (it's hard to quantify).
> And these regulations are a very minor impingement on free contract-making
Agreed, but it's a question of cost vs benefit. They may not be a minor impingement on smaller companies and consumer choice and may make minimal impact anyways. I think we can all see that, if the law is evenly applied, smaller companies stand to lose most. Granted, the EU tends to subjectively choose when to bring the hammer down and it's mostly on larger companies. But it's still not worth the risk.
Article 83, paragraph 5 says I can be fined 20 mil EUR (or 4% of revenue, whichever is greater...so 20 mil would be the number for me). You might say, "well don't break the law" (like that's an excuse for punishments some types of companies can afford and others can't) or "no, that's only for big companies" (like it's ok to rely on subjective enforcement). I'd rather just not risk going bankrupt or prevent myself from doing business in the EU until I'm big enough to handle that.
> All this data
What, from my two large customers? So EU says I violated article 5 and the personal data wasn't "processed lawfully, fairly and in a transparent manner in relation to the data subject". Ug, such subjectivity. It is so sad to see so many people want solutions to these problems that they assume the GPDR is it. I can't do business there just praying I don't misstep and go bankrupt or subjecting myself to the whims of these loaded terms like "transparency" until I am large enough to absorb the blow.
I get your point, but say you were selling food instead of services. It's on you to make sure that what you are importing doesn't break any rule (GMO, other stuff, etc...).
I think it's fair. You shouldn't break the law. That regulation may be overkill in terms of punishment, but that doesn't mean that the regulation itself is wrong. Laws are imperfect. Regulations exist in every industry and there's a reason for that. Over regulating is a burden for a business, but under regulating is bad for customers (or the environment, or whatever).
I get that regulations make it more difficult for companies to enter a market, but if that means more protection for the user privacy (in this specific case), I cannot see how that could be a problem.
The fact that the EU might have more data protection than, say, the US, could also be an added value to a service. Case in point: protonmail. It's not EU-based, but they use Swiss privacy regulations as a selling point. Some people are willing to pay more for that.