In a spectacular example of off-topic commenting, Buf E. asked “about the EU’s General Data Protection Regulations. How would the GDPR have affected you as an entrepreneur starting a pioneering social network?” in response to “Captain Tammie is the anti-Sully”.
The GDPR (Wikipedia; 88-page PDF) certainly would seem to preclude the running of a site such as the original photo.net (described in Philip and Alex’s Guide to Web Publishing). It would have been too time-consuming to read all of the regulations and figure out how to comply. A “data protection officer” would be too expensive for a site that was started without the intention of collecting revenue. Being forced to delete stuff on user request would have been extremely burdensome for moderators and the site operator (we tried never to delete anything on photo.net if there were comments on it because then there would be cascading deletion of other users’ work).
On the other hand, the EU did not promulgate this regulation during the Great Age of Web and Internet Expansion. They promulgated it today when the trend is for 99 percent of page views to be Facebook and Google. Starting an online community in hopes of it catching on seems unrealistic when users are glued to Facebook (the way that slot machine gamblers are!).
I haven’t studied the GDPR in detail, but I don’t think it would be fair to blame the bureaucrats for making the Internet services market highly concentrated. Measured by revenue, the market was already highly concentrated as the GDPR went into effect.
Readers who are more informed: Does this make a practical difference?
If you weren’t making any money, then you would not be too scared about fines being a percentage of your global profits.
BigG was already pretty much mostly compliant due to the strong internal policies (which, with this number of employees, you have to have if you don’t want to have an embarrassing incident), few tweaks here and there. I can’t possibly see how small company or startup can develop and implement such policies in the allotted timeframe. So these regulations are the best thing that happened to the “big business” due to increased barrier to enter for the small businesses.
Similar effect as with the recent hard liquor privatization laws in WA when small stores were conveniently excluded because “think of the children”.
Roger
From Wikipedia:
“a fine up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater”
You’d need either pretty deep pockets or no assets at all, to be unconcerned about a potential €20 million fine!
Is it ok to ask here in this thread about your reaction to John Talley’s comment in the other thread?
I think it’s time to update the comment moderation policy!
Please delete all my previous comments
Does a web business need to operate in Europe to survive? I mean the rest of the world is a pretty good-sized market. I suspect it won’t be long until web publishing/application frameworks build in “delete all my s—” functions.
People are already crying “too hard” and simply blocking all European traffic!
https://apility.io/2018/05/25/gdpr-lazy-block-european-users-cloudflare-workers/
I haven’t looked deeply into GDPR, but regarding deleting user data, surely it can’t be that difficult. Replace data with anonymous tombstones if they are still needed for other purposes.
FB, Twitter, Reddit, YouTube and others already implement far more complex operations like banning, deletion(!), shadow banning, etc.
I suppose GDPR gets interesting when you are doing various shady stuff that you’re not telling the users, like secret tracking, selling the data to all and sundry, etc.
Second interesting point: You could also wonder how this interacts with the needs of lazy law enforcement and other snoopers. Can you rig a ‘social suicide button’ to get rid of all your embarrassing data should there be need?
If I have a company, the tax department often mandates that I keep certain records for a number of years. I assume this supercedes any ‘right to be forgotten’.
John Talley says the EU doesn’t exist so don’t worry about GDPR.
It’s not rocket science, and in fact very similar to the US COPPA child privacy law. Most of the whining is due to the sense of entitlement ad-tech companies have to their incredibly cavalier approach to privacy and data.
Fazal Majid: The difference is nobody in the US cares if a company follows laws like that until they are very large. By that time, they have the resources that can be dedicated to compliance. In Europe not only are there more regulations but you actually have to follow them.
No it does not make a practical difference since all of these companies are already started in the US. You can just block Europeans from visiting them until you have money.
Perhaps an opportunity for European e-commerce to get started properly?
This is great!
Here is a link with the key changes: https://www.eugdpr.org/key-changes.html