undefined | Better HN

0 pointskodablah7y ago0 comments

> I think calling GDPR over-regulation is extremely suspect.

I don't. I find it an egregious example of over-regulation. I think not recognizing the obviously large scope of such regulation is extremely suspect.

> The GDPR does a good job in codifying basic privacy principles of what you can do with personal data

By what measure do you define "good job"?

> The only reason to call it over regulation is if you're spoiled about not being regulated beforehand

I admit being this kind of spoiled. But it's ridiculous to say that's the only reason. There are measured ways to go about things and to so blatantly say that this is the only reason one might view it as over-regulation (despite real reasons such as size and scope and ineffectiveness of predecessors/enforcement) destroys our ability to have real conversations about the many alternative ways to solve some of the problems we have. Such a black-and-white absolutist view is harmful.

> I don't understand why I hear so few Americans about wanting this in their own country.

Can't speak for all, but for many, it's because they recognize the difference between what would be ideal and what would actually happen. Large anti-company (especially against companies that users prefer to use) laws have a chance to be frowned upon, despite ridiculous promises/optimism/naivete by the hopeful.

> Websites that don't want to comply with GDPR, I say good riddance. If you really feel you cannot uphold the basic privacy principles posited, then screw you too.

These are not how chilling effects work. You don't get to say "well, if they choose not to do business where a law is, they must not be able to uphold that law". There are compliance costs/risks. The amount of assumptions concerning this topic, whether assumptions that the law is good or assumptions that those disagreeing with it are of a certain ilk, need to stop. You only hurt your cause discussing things in this manner.

0 comments

1 comments · 1 top-level

DCKing7y ago

I'd like to point out that you're responding to me as if you assume I have no to little experience with this law and its consequences for organizations. That's not a reasonable assumption - my post is speaking from organizational experience. You're not talking to some outsider of all of this.

If you have specific problems with GDPR or that it goes too far, I'd like to know what those specific aspects are. In my view, there's some basic rules on how to deal with personal data that the GDPR codifies, and it does that surprisingly (for the EU) reasonably. It starts from simple principles of citizen rights and ethical behaviour and writes a complete rulebook on how to apply them - that's my definition of a good job.

It might be difficult for business to adapt to actually now considering processing personal data a risk. But that by itself does not make GDPR "overregulation" - that just makes it a difficult regulation change to process. I won't shed a tear about business having a difficult time going through that process - I'm incredibly happy that they are forced to consider processing personal data a risk, because it is.

Also note I specifically said "Websites that don't want to comply with GDPR" - not "Companies that are not sure they can comply with GDPR yet". There's a reasonable difference, I agree. But, yes, if you find that your business intrinsically cannot comply with GDPR or you don't want to - it's time to take a good hard look in the mirror.

j / k navigate · click thread line to collapse

0 comments

1 comments · 1 top-level

DCKing7y ago

j / k navigate · click thread line to collapse