Most active commenters
  • diggan(5)
  • JumpCrisscross(4)
  • gjsman-1000(3)

←back to thread

332 points vegasbrianc | 14 comments | | HN request time: 0.219s | source | bottom
Show context
diggan ◴[] No.42141994[source]
Correct URL: https://legiscope.com/blog/hidden-productivity-drain-cookie-...

> This situation calls for an urgent revision of the ePrivacy Directive

Shame companies cannot live without tracking cookies, and shame that the blame somehow end up on the regulation, rather than the companies who are the ones who introduce this cookie banner and "massive productivity loss".

You know the best way of not having to put up cookie banners on your website? Don't store PII in cookies. You know the best way of not having to care about GDPR? Don't store PII.

replies(5): >>42142003 #>>42142011 #>>42142019 #>>42142081 #>>42142098 #
JumpCrisscross ◴[] No.42142011[source]
> shame that the blame somehow end up on the regulation, rather than the companies who are the ones who introduce this cookie banner and "massive productivity loss"

You can wish upon a star that humans weren’t the way we are. In the real world, this was a predictable response to a stupid rule. (And in some cases a necessary one. For example, for websites requiring a login or reliant on ads.)

> know the best way of not having to care about GDPR? Don't store PII

This is a nothing to hide argument [1]. Proving compliance with GDPR is tedious and expensive even if you’re fully compliant. (Proving no jurisdiction is easier.)

[1] https://en.m.wikipedia.org/wiki/Nothing_to_hide_argument

replies(2): >>42142036 #>>42142159 #
1. diggan ◴[] No.42142036[source]
> this was a predictable response to a stupid rule

It was predictable that ultimately people would blame the regulation instead of the companies? Not sure I understand what you mean, and even if you meant what I think you meant, not sure what the point is? People blame all sorts of things all the time...

Edit since you've added more to your comment

> Proving compliance with GDPR is tedious

That's my point. No need to prove compliance if GDPR doesn't apply.

replies(2): >>42142042 #>>42142054 #
2. JumpCrisscross ◴[] No.42142054[source]
> predictable that ultimately people would blame the regulation instead of the companies

It was predictable this would result in disclosure/consent spam.

> No need to prove compliance if GDPR doesn't apply

If you are in the EU, GDPR applies. It may not be relevant. But you’re subject to it and its regulatory arms. (And if you have a competitor in the EU, it’s known practice you can waste time and money with requests and complaints.)

Both laws’ aims are noble. But they require tweaks. Starting with the cookie banners would be smart.

replies(1): >>42142097 #
3. diggan ◴[] No.42142077[source]
Except it's not that black and white. If you follow the regulation too loosely, you get warnings. If you then ignore the problem, you'd get bigger problems. But no one is gonna put a "10% of global turnover" as a fine immediately.
replies(1): >>42142085 #
4. gjsman-1000 ◴[] No.42142085{3}[source]
> But no one is gonna put a "10% of global turnover" as a fine immediately.

You're dealing with the EU. Stupidly high fines happen weekly.

replies(2): >>42142103 #>>42142261 #
5. diggan ◴[] No.42142097[source]
> If you are in the EU, GDPR applies. It may not be relevant. But you’re subject to it and its regulatory arms.

I think you might be missing that I'm talking about this from the companies perspective, not from the perspective of a person inside EU.

If the company doesn't store any "personal data", GDPR has nothing to do with it. It's strictly about "personal data" as defined here: https://gdpr.eu/article-4-definitions/

> (And if you have a competitor in the EU, it’s known practice you can waste time and money with requests and complaints.)

Happen to have any quotes/sources for this? Would be the first time I've come across it myself. I'm genuinely interested in if it's being misused like that.

replies(2): >>42142298 #>>42143231 #
6. diggan ◴[] No.42142103{4}[source]
> You're dealing with the EU. Stupidly high fines happen weekly.

Thank you for making it clear you wasn't taking the conversation seriously, I almost thought someone could hold opinions like that in real life, but I'm happy it wasn't so.

replies(1): >>42142143 #
7. gjsman-1000 ◴[] No.42142143{5}[source]
Tell that to Emanuel Macron, who has openly said that the EU might literally die functionally, if not politically, in just 2-3 years due to sheer economic lack of competitiveness.

"Our former model is over. We are overregulating and underinvesting. In the two to three years to come, if we follow our classical agenda, we will be out of the market."

"If we want clearly to be more competitive and have our place in this multipolar order; first, we need a simplification shock."

"The EU could die, we are on a verge of a very important moment."

https://www.politico.eu/article/emmanuel-macron-france-europ...

replies(1): >>42142185 #
8. ben_w ◴[] No.42142185{6}[source]
Link does not support claim "Stupidly high fines happen weekly."

I've worked with two firms that have faced GDPR complaints. It's "up to", not "immediately on your first offence".

replies(2): >>42142191 #>>42142511 #
9. gjsman-1000 ◴[] No.42142191{7}[source]
> I've worked with two firms that have faced GDPR complaints. It's "up to", not "immediately on your first offence".

It's not specifically GDPR - it's the degree of overregulation in every sector, for almost every aspect of doing business. I was also speaking facetiously about large companies in particular - for example, just 12 hours ago, Facebook got hit with another $700 million fine. You don't have to be Facebook for the chilling effect. Or, the EU's stuff with Apple, the $12 billion fine against the will of Ireland, which has Apple assessing the profitability of even being in Europe.

replies(1): >>42142335 #
10. Cthulhu_ ◴[] No.42142261{4}[source]
After multiple warnings and lawsuits, sure. Conform to the rules if you don't want the fines. But these companies are so big and rich, they'd rather break the rules and risk a fine than give up on their sweet data. And even if they get sued, they have armies of lawyers - still cheaper to spend millions on lawyers than pay a hundreds of millions fine.
11. JumpCrisscross ◴[] No.42142298{3}[source]
> If the company doesn't store any "personal data", GDPR has nothing to do with it. It's strictly about "personal data"

You’re still obligated to respond to requests, even if it’s no response. And data regulators will still follow up on groundless complaints.

DMCA is strictly about copyright violation. If you’re not violating copyrights it should have nothing to do with you. But that isn’t how things play out in reality.

> have any quotes/sources for this?

No, just anecdotal. Every Magic Circle firm, however, will happily file complaints in multiple jurisdictions for you.

I’ll admit I’ve used GDPR a touch vindictively after a customer service interaction went poorly. Lots of requests, wait for a minor fuck-up, escalate to multiple data regulators because I technically have multiple nexuses. European equivalent of copying your state AG on a letter, except the burden to respond is on the company.

12. ben_w ◴[] No.42142335{8}[source]
> for example, just 12 hours ago, Facebook got hit with another $700 million fine. You don't have to be Facebook for the chilling effect

This one?

"The EU fined online giant Meta almost 800 million euros on Thursday for breaching antitrust rules by giving users of its Facebook social network automatic access to classified ads service Facebook Marketplace." - https://fortune.com/europe/2024/11/14/eu-fines-meta-840-mill...

Because if so, that's going to have the opposite of a chilling effect, as it is anti-trust.

Likewise, what Apple got with Ireland, while Apple has to pay, it's something Ireland did wrong by illegally giving Apple a tax dodge to encourage it to base itself in Ireland rather than anywhere else in Europe — if that's "chilling": good. We don't want tax-dodgers. If Apple can't be profitable in Europe without dodging taxes, something's gone very badly wrong for them.

Now, I'm not saying the EU doesn't over-regulate, as that kind of claim about any government is like saying that a software project contains zero functions that are never invoked by a user. But I am saying the scope of your rhetoric is not sufficiently supported by the evidence provided.

13. JumpCrisscross ◴[] No.42142511{7}[source]
Yeah, GDPR is tedious. Not expensive nor even onerous.
14. kasey_junk ◴[] No.42143231{3}[source]
I built a GDPR request deletion system for a company right as GDPR came into effect. In the first year the only requests that came in were from privacy advocates and competitors.

I don’t know if after that it saw more natural usage but I doubt it.