It will take forever to build up a similar ecosystem in Europe and I think most successful European entrepreneurs will just end up starting companies in the US instead.
There must be some reasonable middle ground before we fragment and destroy the entire Internet. Why not start by making a general exception for temporary storage of less sensitive data like IP-addresses for efficiently and cost effectively delivering a web service.
If there is one thing they could start looking in to it would be handling of personal information by governmental organisations. I work a little bit with a few municipalities, and the number of documents with deeply personal information that are just emailed around over unencrypted email is shocking.
We're not fragmenting the internet by looking after our own interests. This wouldn't be an issue if Americans viewed rights (and in this case privacy rights) as belonging to human being as opposed to Americans citizens. The US's policy is what led to this:
> Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information
Maybe an unpopular opinion, but imho AWS, GCP and Azure are popular with startups because of their generous free credits, not because they are good tools for startups. As a startup you are typically better served by a DigitalOcean-level of complexity, and there are plenty of such offers in the EU (Hetzner Cloud, Gridscale, OVH, etc)
For Mailchimp you have plenty of competition, some of it in the EU (SendInBlue and Mailjet come to mind).
For payment processing there are also plenty of offers, Adyen is probably the biggest European alternative but there are countless smaller ones.
Microsoft Office 365 can be replaced by (shocker) Microsoft Office (the offline version). But most of your documents probably don't even contain PII and would be fine in Office 365 or Google Workplace. The exception is obviously email, but the market is flooded with E-Mail services from any country you like (and your preferred Hoster probably offers an email package too).
So I'm not really sure what part of the ecosystem we are missing here? European companies often have the smaller advertising budget and mindshare, but it isn't like they don't exist.
I would call fragmenting these things rebuilding the internet. Not sure how consolidating everyone on a few Mailchimp type services is in anyone's interest.
Could this not also be said about US regulations such as CLOUD act, Section 702 of the Foreign Intelligence Surveillance Act and Executive Order 12333.
I don't think it's accurate to solely blame the EU when this is in response to legislation that gives/gave the US access to all types of personal data on European citizens.
I’m Danish and as we’re a notorious Microsoft country I have the most experience with everything Azure, but the fact that Amazon was so quick to ensure that 100% of the workers who ever come near the services they sell within the EU are EU citizens is something that we still looks somewhat envious toward. It’s actually an area where Microsoft might eventually run into some trouble if they don’t work on their compliance but I can certainly understand how it’s hard when one of their key selling points to Enterprise is that we can call Redmund.
I don’t think the EU will get into much trouble over this, however, and I don’t think it will have too much of an impact on our tech industry. I do agree that it’s not likely to help European alternatives to Microsoft or Amazon, but that’s not exactly the point or the legalisation is it? It’s there to prevent EU citizens and our personal information from becoming the primary commodity that is sold between giant companies.
Advertisement companies like Google will no doubt struggle with this going forward, but is that really a loss for anyone?
Building satisfactory alternatives to Office, Workspaces etc. isn't a monumental task by any stretch. With the sudden demand that you predict, they'll spring up like weeds.
This might be ham-fisted and crude, but in the end I see a lot of positives.
Elsewhere "fragmentation" is called diversity and competition. It's sad that it has to come about due to regulation, but it's a good outcome nonetheless.
The familiarity and precedence of current offerings becomes a kind of Stockholm syndrome for people. More options mean more chance of valuable improvements, and geographical diversity means different mentalities and points of view, instead of more "me too" options.
I'm so looking forward to that.
We can create a middle ground. When ever information about a EU citizen that get transferred to the US, a similar information about a US citizen get transferred to the EU as hostage in case there is a data violation. A list of IP-addresses accessing usa.gov in return for a list of IP-addresses that accessed europa.eu. Surely a deal can be made that give both sides equal power.
Privacy abuse on such a massive scale, never before seen in human history, requires action.
And it does not matter how normalised this has become for the people in the valley of the clueless.
Popular video conferencing solutions weren't allowed due to privacy issues. The official "Lernraum" platform that have been used for this did not work most of the time.
I understand where these laws come from, but it's sad that there often is no European alternative
The EU can build it itself when the US player are not able to not send data to their US data centres.
I think you are overestimating the problem. Before Facebook decided that it wanted the European market we had hundreds of similar services. We will have local replacements the moment these US companies with their near unlimited war chests finally fuck off and give European companies room to breathe again.
That's not exactly a great argument here, given that this French court has objectively made the right legal decision here in terms of EU privacy law, and the rights of their citizens.
Will this enable them to comply with the requirements?
For quite a lot of business data, the "do not export data out of region" thing is nothing new. Which is why it is not actually unusual to be able to select where the servers are located.
That being said, if this made Microsoft Teams impossible to use, it would made a lot of us happy. That thing is crap.
It is also silly to tolerate techs incessant fuckery.
If these companies end up banned in Europe, that's not really a problem from Europe's PoV. Europe may end up deciding that US companies not coming is a problem in itself, but that is already the case imo.
Honestly, if this policy is actually enforced, it's very hard to imagine how the landscape would shift. Maybe Europe would be brought to its heels, and be forced to remove the law. On the other hand, maybe the US would be forced to renounce their cloud act, which is a large part of Europe's privacy issues with US companies. A third path could be companies reverse-incorporating in some place that would let them keep in business.
It's a bit hard to predict honestly.
These regulations are the only way to dismantle US big tech monopolies. The US government won't do anything about it on its own accord because it's too profitable. Other countries need to neuter the influence of US big tech first. Then the US can police their own better to encourage intl competition if they want to.
The EU combined is the largest economic region in the world. With backdrop the other huge one China where doing business has become increasingly difficult and volatile.
Tech giants cannot afford to pull out of the EU. Call their bluff, they won't. They can't even if they wanted to, as shareholders will skin them alive.
[1] https://blogs.microsoft.com/eupolicy/2021/12/16/eu-data-boun...
It is crazy to me so few realize it is really not much, if at all, harder to run a business without involving US surveillance capitalism corporations.
Tools like Nextcloud, Matrix, Jitsi, have turn-key SaaS providers or you can self-host them easily as well. Same for many many analytics solutions.
I honestly think every company would be better off having more sovereignty in their tech stacks and data, and it is much better for consumers who may not realize they are -also- sharing their data with third parties like Google who use it sell targeted behavior changes to the highest bidder.
PaaS and IaaS providers all have a presence in the EU or is that still not good enough to pass the regulation that's in place?
SaaS I get it, they'd have to create a presence in the EU but I don't think that's a bad thing. They will, at least the big ones you mentioned. And if that's a problem for smaller SaaS providers then the market will have a solution for that emerge over time.
Wait until you see the result of the green revolution: you'll pay your energy 3 times more than now.
We'll need decades to recover (if we recover) from this ideological move from people that lives in la la land and have no idea of the consequences of their acts.
It already has started with natural gas prices skyrocketing. The Russians are holding us by the balls and our politicians are spitting at their faces...
I wish!
I still don't think laws against specific software is helpful though.
And then they will not be able to serve the european market, nor profit off the european economy. Good luck competing with each other for that US market.
And even then it seems risky the EU will deem the business model entirely in violation of privacy laws. It's very chilling
When the EU finally completes their utopian/dystopian ideas of privacy from foreign Internet services, the great firewall of Europe, perhaps then EU regulators will look inward and do the same things?
But for now it all has the appearance of disfavoring International Internet services, as if to encourage regional tech companies to advance.
Which seems reasonable, Europe seems to have lost most of it's Tech companies, and that's a problem that needs to be fixed. It's just weird to go about the problem by claiming International companies are in violation.
This is what you are wrong about. It would be true if you were from a small country like Sri Lanka or similar but for EU many European companies will smell an opportunity to fill the void.
I support their work to protect the privacy of EU citizens. But I'm also aware that their goal is to replace Microsoft, Google, Facebook etc. with state-owned European enterprises.
European state enterprises can be surprisingly efficient. However keep the Germans out of it. German government IT is still in the Middle Ages. Let countries like Denmark and Estonia build the future of European IT.
With these various data locality regulations, i wonder if a standard operating approach could be to split tech companies into 3 legal entities, a technology licensing company, a US registered operations company and a Europe registered operations company and hand the shares in all three companies to the current shareholders. This would insulate the Europe entity.
In fact this is how most of the companies operate already to cheat on taxes.
The way microsoft did it for a while here in Norway was to license azure cloud stuff to a sub operator (EVRY) that is completely insulated except for the licensing agreement.
Yes, this is what will happen with a setup of 3 entities, b/c FANG will not want to miss EU revenue.
If someone is running a global web site and wants analytics, which of the 2 entities, or both, would he reference in HTML? Even if we're going to region-lock Europe to the European Analytics servers, analytics today often involves some computation done over the entire data set, including both US and the EU, done on the backend. Which backend would that be?
The privacy aspect has become something of a "think of the children" reason for a sort of "Internet xenophobia", as well as creating huge barriers to entry for small companies which cannot comply.
They gain big benefits by having a single pool of datacenters able to serve users from anywhere in the world. If they needed to guarantee that an EU user would always be served with a machine in the EU, I can imagine it would add at least 20% to their operating costs.
They'd need more equipment both inside and outside the EU to handle failover, maintanance, etc. They'd also have more complexity slowing development down (they can no longer have small services 'mastered' in just one region). And there is substantial extra complexity in application design (what when a tweet from an EU user is retweeted by a US user, but then replied to by an EU user. Where will the text of the tweet be stored? How will deletion be handled?).
For example, will HN have to have seperate databases for "comments by EU users" and "comments by US users"? And will they need a process to migrate your account from one to the other?
This other post has more comments: https://news.ycombinator.com/item?id=30284820
I love that the plaintiff in this case is the "NOYB Association", as in None Of Your Fucking Business, Google.
The organisation has been involved in nearly all of the last privacy related rulings in the EU and is a real blessing for consumer rights.
0: https://meta.wikimedia.org/wiki/Data_retention_guidelines
The user's browser makes a request to a US server, including the user's IP address.
I legit do not understand how to make French people happy with these laws.
The regulations don't ban collecting IPs (nor any PII). They just regulate it to the point that it must be deemed necessary according to certain criteria. I would imagine linking an image may be fine in 95% of cases, but what it would mainly depend on is the logging practices of the image hosting company. Their business would be bound by EU regulation if they are choosing to sell service to an EU-based website, and it's likely that image host that would be liable for compliance.
It's worth adding quite a lot of the regulation here is tied to company size, revenue and scale of data sharing in general, so if you are for example a small business/non-profit you're very likely to be fine either way.
From the article: > "It's interesting to see that the different European Data Protection Authorities all come to the same conclusion: the use of Google Analytics is illegal. There is a European task force and we assume that this action is coordinated and other authorities will decide similarily."
I am really looking forward to seeing how this will play out in the rest of the EU, and which practical consequences it will have.
And, as usual, fellow EU citizens, support NOYB work, if you care about data protection: https://noyb.eu/en/support-us
I mean CNIL does not exactly have a reputation of helping/protecting users... they more have a reputation of being a watchdog who sees no problem with government surveillance programs and does not react when you send them reports of illegal activities surrounding personal data. For their defense, their budgets and prerogatives have been cut so many times they probably couldn't investigate/fine anyone if they wanted to.
We have a very different view of the CNIL.
Every time I hear about them, they're either giving GDPR fines or signalling illegal government activity, eg: https://www.vie-publique.fr/en-bref/278140-drones-de-surveil...
They don't have political power in itself, but they do use what power they have enthusiastically.
IIRC, They got massive funding with GDPR
Can we cut through the clickbait and see what's wrong here. If my website askes users for their permission to use GA and they click yes then is that still illegal here? I see this as yes it's still illegal.
Also is it illegal because there is an anonymised id number created when you send data. If that's the case then it's not just GA that's a problem but any tracking system i.e. Plausable.
Furthermore given that a randomised unique id is personal data then there would appear no way to use any websites analytics on any website as you have to store this in a DB which will require a unique id per row by design.
What about other data for example a webserver log will contain similar data is that not allowed? If it's not allowed how can I ensure my site is protected as I need those logs to identify and ban hackers.
Yes, because you're still passing personal data to the USA, which means US intelligence services can access it.
This is incompatible with your data being kept by a US business in the US, which is not subject to that law.
Server logs are allowed as "technically necessary" as long as you show "good will" (I'd call it that way) in keeping the saved data to a minimum. 14 days of log keeping? Fine, that's cool for technical reasons. 14 weeks of log keeping? That's excessive and could get you in trouble.
You can also collect that identifier if 1) you have a legitimate reasons to do so and 2) don't share it with third parties.
If you've sought the visitors consent then yes it's legal
From what I can tell: If you ask your users for permisssion ("informed consent"), then no, it is not illegal. The way I understood the court case in Austria, the disputed point was whether or not the use of GA falls under the GDPR. If it does fall under it, then you are obliged to ask your users for consent ("opt-in"). If it does not, you can use it freely without consent.
Because analytics data isn't worth that much if you collect only part of the data, most collectors of data do not want to ask users for their consent, because most users would reject this.
But IANAL. In any case, please stop using Google Analytics, and self-host your analytics using Matomo, Plausible, or something similar. Matomo can also be configured to use server-side analytics, in which case your analytics become both less invasive (no client-side JS needed) and more complete (can't be blocked by ad-blockers).
The basis of regulations is that citizens are too stupid to consent to things even if they are fully informed. Whether that is a good or bad approach is up for debate.
A French website can not use any American service, right?
Because any American services "are not sufficient to exclude the accessibility of this data for US intelligence services".
For instance, any service that handles health data absolutely cannot have the data be accessible in a way, shape or form by american-owned entities, for any reason.
It's not hard to imagine that, as time goes on, these same limitations will be expanded to other types of decreasingly sensitive data.
And honestly, that's perfectly reasonable. The US government gives itself the right to systematically spy on everything going through US cloud companies. Precedent has shown it can and will use that data against the interests of its supposed allies, even for industrial espionage.
If the US says "every US company must give over european data to the government", then at some point europeans have to say "US companies can't have european data".
That is irrespective of any legislation or court rulings, it's just common sense.
So unfortunately just moving hardware locations may be insufficient, even forming a new entity won't suffice.
In my humble opinion we are witnessing the nationalization of the Internet, in the name of good intent, but eventually the risk vs reward calculation of doing business across the Atlantic (for either side) will tilt in the direction of avoiding the risk.
Although it could be argued that "good, laws are made for people not for businesses" I'd counter that a great deal of the free information published by US companies and non-profits will become unavailable in the EEA.
I'm hopeful that the DPAs and courts in Europe will decide to balance these concerns.
FWIW: I run one of the more popular data privacy platforms, Osano, so this is an area we track very closely and which is near and dear to my heart. I built Osano as a Public Benefit (and certifeid B-Corp) to try and prevent the nationalization of the Internet by giving businesses an easy way to respect the rights of their customers & visitors.
We aren't in this mess because the EU somehow wants to nationalize the internet, we are because with current legislation, US companies can be forced to hand over whatever data they posess, no matter where it's stored.
Not a lawyer, but my current understanding of the current events is more or less the EU saying "if it's subject to the CLOUD act, it violates the GDPR". That's a pretty clear indication of what's wrong.
I've already offloaded Google Fonts due to the German ruling. I'm happy to self-host piwik if needed, but could that fall foul of regulators?
We even disabled the cookie based tracking inside Matomo at the cost of not linking different visit sessions. Same session visits are fully tracked though. Saves us a cookie warning.
They're a US company, so you can't use their cloud service, but it's designed to be self-hosted and they have a list of EU cloud providers so you can do 100% EU-based self-hosting if you want: https://posthog.com/docs/self-host/deploy/hosting-in-eu
1: https://matomo.org/faq/new-to-piwik/how-do-i-use-matomo-anal...
(I wonder why they need to collect analytics information for this page at all.)
People don't have to opt in for you to keep the data for technical reasons, for instance if you keep IP addresses for while to find and block abuse, but you can't keep data longer than strictly necessary and can't use the data for other purposes than you declared beforehand.
Write down your policies and put them in an (again, easy to read, understand and find) privacy statement and you should be pretty much GDPR-proof.
It doesn't have the goal conversion metrics and other advanced features of GA, so obviously not a drop-in replacement for all use cases.
No privacy issues to worry about using trackers.
It is not really a replacement for GA though, it collects much less data. We've decided it is enough for us.
[0] - https://umami.is/
Is the EU going to drag them all into court?
This is like saying you never jay walk because you want to avoid the legal hot water. The water isn’t even lukewarm!
Well... if you self-host Piwik or Matomo, you're relatively safe and you can avoid a lot of the bureaucracy bullshit that you'd have with external services.
However, check with a lawyer before setting it up, and definitely get user consent for detailed tracking. There are basically two camps of thought how much is allowed without explicit user consent: the more strict camp (which I belong to) believes that it is illegal to even use technically required data (like IP address, browser agent, date/time of visit, URL/query parameters) for analytics of any kind. The other camp is more relaxed and believes that it is OK to conduct basic analytics on that data (justified as "legitimate interest" of the site operator to provide a good experience to the user), but don't set anything like cookies or localStorage that could allow detailed tracking.
It is not yet clear by a supreme court decision which school of thought is going to win out - personally, I follow the requirement of data minimization per Art. 5 Nr. 1 lit c) EU-GDPR. Data that you do not have cannot be stolen, seized, abused or used as justification for fines, after all.
1. Since 2020, it's illegal to send personal data to the US because of the invalidation of the Privacy Shield [2]
2. Google said it was okay in the EU to use anonymized IP addresses
3. The Austrian Data Protection Authority (DSB) [3] ruled differently and waived most of the arguments raised by Google. The DSB ruled that even anonymized IP addresses are personal data.
4. The Data Protection Authority of The Netherlands followed by implying that the use of Google Analytics might be banned in the future [4]
5. Now, the Data Protection Authority of France (CNIL) followed
This is a sound decision, but not a new one. It's a confirmation of what has been ruled in July 2020, but now it seems to have more impact.
PS: I'm the founder of Simple Analytics [5] - the privacy-first analytics tool that, unlike other privacy tools, does not use any identifiers.
[1] https://blog.simpleanalytics.com/will-google-analytics-be-ba...
[2] https://iapp.org/news/a/the-schrems-ii-decision-eu-us-data-t...
[3] https://www.data-protection-authority.gv.at/
[4] https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/interne... (in Dutch)
[5] https://simpleanalytics.com/
EDIT: changed "PII (personally identifiable)" to "Personal Data"
Don't be coy. Call it what it is - an analytics service.
And as such it falls largerly in the same bucket as GA, because if someone's using Simple Analytics, my surfing data - against my wishes - is being shared with some random third party. Whether it's less, more or comparably evil as GA is secondary.
Google Analytics generates a visitor ID by rolling a random number and storing it in a first-party cookie. This is how GA tells that two visits a week apart came from the same user. This value has been ruled to constitute Personal Data. This is a very big deal, and only a little bit surprising.
This sounds like some great politicized naming. Removal of the "Privacy Shield" seems to be increasing privacy in this case.
Why are anonymised IP addresses still considered "Personal Data"? Is it because Google is doing the anonymisation?
Minor nit - "PII" really isn't the right term to use, because it suggests the info itself must be personally identifiable to an individual. The GDPR covers much more than this, and uses the term "Personal Data".
https://support.google.com/analytics/answer/2763052
I don't understand how this can be construed as tracking users.
I'm not exactly sure what the right way to go about it is (obviously we shouldn't and cannot force every company online to publish whatever anyone wants to say), but fact is that right now you are at the mercy of private companies if you want to communicate online, and restricting freedom of speech to the proverbial "free speech zone" where discussion isn't actually happening is not a healthy state of affairs.
I'd probably at least advocate for something like net neutrality.. ISPs and hosting providers should not work as censors and arbiters of good taste. They should be more like utilities; as long as you're not doing anything illegal, what you do or say is none of their business. Unfortunately this isn't a solution for the common person whose communications are limited to platforms like facebook and twitter.
My Fourth Amendment rights could absolutely be violated by a private website, as they could hand my potentially incriminating private data over to the US authorities, without a warrant and without my consent, and there's literally no opt-out or recourse for me if that data is then used against me by the government.
If you’re not a corporation or a professional who has an office address, you’ll have to supply your own personal data. Visible to anyone on the internet.
Huge opportunities for French tech entrepreneurs.
Huge opportunities for immigrant tech entrepreneurs to France.
Gets the ball rolling for other countries to implement this. And more advanced regulations.
Finally, once US big tech intl influence is on a steep decline, maybe, just maybe, Google will be policed by the US government.
Switching to another solution for analytics might be ok, but losing the ability to automatically optimize ads based on conversion data is a big pain.
It’s almost like a more subtle version of china or russia’s firewall
Within EU government and diplomatic circles, there's actually a term for this: the "Brussels Effect". People who use the term "Brussels Effect" believe that by imposing aggressive rules first, the EU software industry will have a first-mover advantage and a kind of partial "firewall" against some foreign competitors.
In my experience, the potential downsides of the "Brussels Effect" are rarely considered by these people (e.g., reduced competition within the EU, leading to increased costs for other businesses; overseas web service providers being forced to block EU customers, leading to reduced availability of services, etc.).
Another area where you see the same "Brussels Effect" in EU policy/legislative circles are recent moves towards rather aggressvie regulation of "artificial intelligence". Not just the recent proposal that was tabled, but also the CAHAI work towards a binding international instrument.
Users on the web love / demand free and aren't willing to pay for a lot of this stuff...
Also what are the implications of cross eu-us chat apps where a person’s name is visible? Doesnt it mean that when a recipient in the us sees the name, the eu person’s data has been transferred to the us?
Apologies if this comment is ignorant, i am not well versed in the topic, but to me it sounds like this is quite an issue for us-eu chat and email apps.
Consent is always a valid legal basis for the processing, or transfer, of data. But it has to be freely given, specific, informed and unambiguous.
Each jurisdiction is going to be slightly different, depending on what the law regarding data protection is like in each place.
Russia hasn't been deemed adequate by the Commission under the GDPR, but it is a member of the Council of Europe (and is thus bound by the ECHR) and it has ratified Convention 108 (and has signed, but not ratified, the modernised Convention 108).
Of course Russia is a deeply authoritarian regime which has no problem violating human rights and international treaties at will so...
If your needs exceed the data analyzed by it then you should consider rethinking your "analytics model".
I don't have analytics yet on my site (it's a very recent side project). I didn't want to go the Google route because ethics, now I don't even have the choice (I'm French).
I looked at the self-hosted options but it seems overly complicated (I'm afraid installing them on my VPS will kill perfs), so now I'm considering just writing a script to parse Apache's logs.
It takes a few minutes to complete and you can start tracking visits in a privacy friendly manner quickly.
https://developers.google.com/analytics/devguides/collection...
Big tech companies don't park servers in the EU. Is it THAT difficult? Of course it is not, and they just don't want to do it.
On the other hand, big tech companies are happy to park their IP in Ireland (a EU country) in a phony company, simply to avoid paying taxes.
What's the logic?
The issue isn't where the servers are. The issue is what parties can compell them to hand over information. As far as I've read on it at least. And if there is US ownership you have US courts that can demand information they aren't legally allowed to hand over according to EU law.
We entered the market recently with Wide Angle Analytics https://wideangle.co. But there is plenty alternatives. Depending on your needs.
Some focus on visuals, we focus on filters and soon attribution. There is more on the list: https://european-alternatives.eu/category/web-analytics-serv...
Competition is a healthy thing. You DON'T HAVE TO use Google Analytics :)
And if you wonder, yes, the fines are real. Enforcement of GDPR is picking up the pace: https://wideangle.co/blog/you-might-be-facing-gdpr-fine
You mention you store anonymised IP's "Unlike some other vendors, our anonymization process is not reversible.", what is the methodology here?
Now if they could only declare GMail to be another kind of a racket we would really get somewhere :-)
Send you ad traffic to a unique form per campaign so you know what campaign is generating leads.
This isn't rocket science.
[1] https://news.google.com/search?q=Cnil&hl=fr&gl=FR&ceid=FR%3A...
In one of my previous jobs the marketing department complained about Google Analytics not working on one of our pages. GA hadn't been working for about 10 months when they raised the incident. It was such a low priority that it took another 4 months for someone to fix it.
While I get that someone people are slightly foaming at the mouth because of GDPR (and this starts an entire debate about an aging political population that doesn't understand technology AT ALL) going overboard, my question is - do we actually use all the analytics that are provided by GA?
How many marketing teams/sales teams/etc actually use ALL the information provided by these tools. Aren't there other better ways to measure your campaign and product performance? Do you just want to see time on site/page? Abandon rate? I mean, most of these tools feel like they concentrate the Western mentality of "I need an SUV because I might have to put in more than 2 bags in my car".
/endRant
Who are these people foaming about GDPR?
I'll be the one: can you please expand on your statement?
As an EU citizen: Thank you Mr. Snowden, sir! <3
Anyone who's concerned about their data being collected can just block Google-or-like-related domains. Rest is just making life of web developers/admins/tech company owners harder.
Especially with these European intentions I frankly believe this is more of a political war against US and US-based companies. (No, I'm not from US as well)
Yes, that's happening, and it's a good one. Privacy Shield was cancelled because of Schrems II. The US simply don't care (intentionally?) to protected any data of people not living in the US. With FISA (Foreign Intelligence Surveillance Act) or "Executive Order 12333" they can get every data they want, even silently. Disclosing that a company had to handover any data will get them prison time.
This is against the intention and protection the EU set for european people. So if a company is violating these terms, it's good to take action.
If Google can't protect user's tracking data (and they can't - the US law won't let them) then they shouldn't be allowed to hold it.
No, Germany is a big leader in the EU. They are very sensitive to issues around privacy, from the DDR era.
They don't want private corporations having DDR-like folders of information on citizens.
Well, of course, tech companies, especially Google, Facebook, Amazon (and this one doesn't even respect basic work and union regulations and rights) are getting out of hand, making their life harder (if not dismantling them) is the legislator's job.
> Especially with these European intentions I frankly believe this is more of a political war against US and US-based companies.
Again, yes, of course, so what ? The US (tech and government) has been prying on the rest of the world with its tech advance and has been using it to spy and gather data it could not get otherwise. France, the EU, are just defending their citizens' rights and their interests, especially economical, against another threat to civil liberties.
Anyone who's concerned about salmonella, hormone levels or animal welfare, can just not buy any products that could potentially contain animal products from countries with weak animal welfare or sanitary laws. The rest is just making life of farmers/shops/wholesalers harder.
Especially with these European intentions, I frankly believe that one single country's laws should be universal and no other country may implement or enforce laws that protect their consumers. The onus to protect themselves from harm must lie with the individuals and governments should not dare inconvenience anyone just to protect their citizens' interests.
And what about Chrome?
[1]: If you clicked on "Password forgotten" on the log in page, they'd just send you your password unencrypted by email.
By getting their companies off GA, European governments are weakening their industry.
This probably holds true for many SAAS products. Many of the best are from the USA. Forbidding European companies to use them is a desaster for the European internet industry.
There is a load of hyperbole in the EU privacy business, and it s coming from the german side which is super sensitive to it. But germany is a worldwide exception, their laws for censorship and privacy exist for specific reasons, and they shouldn't be propagating them everywhere.
Specifically in the analytics space, i don't think a lot of people are going to pay for analytics. A free verson makes sense because a lot of websites dont make money. Google provides it for free because they have a monetary incentive to keep marketers in their ecosystem, other companies don't. (Unless the other companies choose to monetize them just as google did)
I think the biggest loser however is going to be the decentralized open web.
