But this is even worse than that. It would allow for dubious security resellers to define adequate protections. That would basically be their own products.
Everyone in IT knows that there are borderline dubious products that heavily border scam. Not every security solution of course, but there is a lot of bad sheep that present as much a danger to security as direct attacks.
If you want to protect user data, don't collect it. Best security you can achieve.
Perhaps I am overanalyzing and this just tries to introduce formal processes to deal with security concerns. But it doesn't look like it. It seems you need a third party to certify your products for once and I believe this is lobbying for questionable security products and lawyers in one go.
This trope is getting tedious.
The EU tries to regulate the Wild West that the internet opened up. That's not at all the same as "killing innovation". It's reasonable and realistic to try to regulate. I'm fearful of attempts to regulate the internet, because there are strong forces that want to load the regulations with provisions that would be a dictator's wet dream. But to my mind, unregulated everything is a nightmare.
Unfortunately governments in general and the EU in particular have a poor track record of making helpful regulations for businesses operating in STEM fields. Not many politicians have a STEM background themselves and not many have much experience of smaller businesses or grass roots volunteer work beyond a quick photo op. A field like software where a single individual can make a disproportionate contribution and where a lot of the FOSS we depend on every day was written at least partially by volunteers is probably quite alien to them.
Until the politicians are better educated the overall state of regulation will continue to be poor. Unfortunately until the small businesses and the FOSS world can speak at the same volume as corporate lobbyists and PR firms with multimillion budgets the politicians will probably continue to be poorly informed. In most places we have nothing like that level of coordination among the smaller players yet.
Oh my! An awful lot of contributors to FOSS are europeans.
It could easily close most security issues by regulating data collection. That would seriously reduce the damage of possible data leaks. Any encrypted content is only safe for a limited amount of time. This hasn't changed for ages.
In the permission less school of thought, you don't need permission to use an existing API or data to do whatever you want as long as it isn't abusing the service or illegal.
In a permission full school of thought, you should always ask permission, from the authorities and whoever might have a vested interesting what you are doing.
It seems that in Europe it is far more common that many (most?) people expect you to get permission before you go off writing your random programs and putting them live on the Internet.
Where as in some other countries, people view pushing half baked ideas live as virtuous and artists manifest destiny and/or a existentially important economic function of startups.
When people from different cultures interact and they have completely different unspoken assumptions it can result in misunderstandings. In my case, the correct thing to do was apologize for the misunderstanding (definitely not arguing, you would never convince them to change their core cultural values!), and then not use the specific service or company involved (that had intractable permission issues due to any member being able to deny permission), and just work with other services that had no built in conflicts with the fundamental purpose of their service. (Organization names and the services involved redacted for courtesy.)
No. In Europe it literally is what you pretend to be permissionless: "you don't need permission to use an existing API or data to do whatever you want as long as it isn't abusing the service or illegal."
Whereas permissionless is really just doing whatever, consequences be damned
The results say otherwise. One way or another Europe killed off its tech companies and it's now entirely reliant on foreign companies for almost all IT services.
It's not a trope because they've already succeeded. You can't look at the EU where almost every IT service they use is made by a foreign company and say call it flourishing.
>But to my mind, unregulated everything is a nightmare.
Everything, like making food for your kids? Breathing air?
Absolutely.
Unregulated food means that corporations can sell toxic food that will make my kids ill, if it is profitable.
Unregulated air quality means that corporations can indiscriminately pollute air, externalizing costs and making air unbreathable.
I think what is true is that it is harder to get VC backed capital here, and hence a lot of “winner takes all” markets are won in the US. But that doesn’t mean that there is no striving startup scene in Europe, they just have different goals or measures of success than “grow a lot”.
Regulating that might even help European companies :-)
Some stuff the EU does is really good, like the GDPR, the right to be forgotten, the right to repair (smartphones with replaceable batteries and standard USB connectors). I don't even think it kills innovation. It just makes sure it is aligned with society.
But at the same time they do things like this....
Right to be forgotten: a blessing for corrupt EU politicians who can finally scrub their record clean after buying out newspapers. Since they couldn’t buy the tech gigants…
USB-C: the largest cable throwaway to avoid… throwing cables away.
Replaceable batteries: something I never needed or wanted but hey, the wise Brussels regulators must know better what is good for me.
