I always felt applying the same rules to everyone was a big problem with GDPR.

Not just small business, but even non-profits that just keep a list of people involved with them are subject to the same rules, even if they only use the information internally and do not buy or sell any personal information.

Its not just cookies and websites, its any personal information stored electronically.

▲

MangoToupe 5 hours ago | parent [-]

I just don't see the issue. The GDPR isn't exactly difficult to comply with, nor does it hamper any of the clear successes of the last 25 years outside of the ad industry. What's the benefit of backing out on it? Is this just an effort to make a homegrown surveillance network?

▲

graemep 5 hours ago | parent | next [-]

I am not saying privacy laws should be repealed (if you look at my other comments, quite the opposite).

I am saying that the same regulations are both too easy for big business to evade (or ignore and treat fines as a cost of doing business) AND too burdensome on small organisations that do not trade information. Something as simple as a membership list can draw you in.

▲

pembrook 4 hours ago | parent | prev [-]

Ughhh here we go again.

Every time GDPR is brought up on HN, the same "it's super simple to comply, just read it yourself!" religious incantation gets repeated ad-nauseam.

I think it's because people love the idea of what they think GDPR actually represents (the fuzzy abstract idea of "privacy"), without ever diving into any of the implementation details.

Almost nobody on this forum has ever talked to a lawyer about this, and even less people have followed the actual court rulings that have determined what GDPR actually means in practice.

My favorite example, under GDPR over the last 5 years, regardless of whether you follow the spirit of GDPR to the letter...due to the various schrems rulings, back-and-forth on SCCs, data-transfers, and EU-US political spats...there's been multi-year periods where if you're using any service touching data in any part of your business even remotely connected to the US or any non-EU country (so, almost everything), it's been a violation that exposed you to massive fines should any EU resident have filed a complaint against you. This was recently resolved again, but will continue to go back and forth if GDPR remains as-is.

And this is just one of many weird situations the law has created for anyone running a business more complex than "a personal blog."

▲

SiempreViernes 4 hours ago | parent | next [-]

I mean, if your domestic legislation makes it impossible for you to ensure the privacy of your customers, why do you insist could be responsible custodians?

▲

troupo 4 hours ago | parent | prev [-]

> but will continue to go back and forth if GDPR remains as-is.

Yes, it should remain as is and enforced. Yes, storing your users' data in the US is extremely problematic because the US really couldn't give two shits about privacy, or user data.

▲

tick_tock_tick 41 minutes ago | parent | next [-]

The EU nations can't even get their own government's running on non US software/clouds. If GDPR was actually enforced like that you might as well just dissolve the EU and let each nation apply to join the USA for all the relevancy the EU will have on the world afterwords.

▲

pembrook 2 hours ago | parent | prev [-]

I get it, it's fun to take wildly impractical ideological stances on things and ignore reality.

However, this generation is beginning to learn the lesson every generation learns: one has to deal with the world as it is, not as one wishes it were. Scarcity exists.

Unfortunately, in globalized economic reality, you will have to transfer data to other countries to conduct business.

Unfortunately, in fossil fuel driven reality, you can't just go off fossil fuels by switching to paper straws, you have to actually build viable alternatives first.

Unfortunately, in non-world-peace reality, you can't just stop having a military and become pacifist. Turns out you still need missiles and tanks.

Unfortunately, in low-birth and low-economic-growth reality, you cannot let people retire at 62 and draw inflation-pegged pensions until death.

Unfortunately, in non-0 interest rate reality, governments can't keep deficit spending to prop up a broken socialist economic model.

Etc. Etc.

▲

vladms 2 hours ago | parent [-]

You don't give any reference that we can look up regarding the problems you mention (ref: "if you're using any service touching data in any part of your business even remotely connected to the US or any non-EU country (so, almost everything"). They might be very reasonable, but seems we miss the point if we don't talk a bit more detailed.

What services are you talking about? AWS? Microsoft? Some small startup? Gmail? What data? etc.

	▲	pembrook an hour ago \| parent [-]
		Literally everything. The fundamental issue is the EU doesn't like that US intelligence agencies have the ability to subpoena any server associated with US firms or companies that use US firms. However, the vast majority of the entire tech industry touches the US in some way. Here's a good primer: https://trustarc.com/resource/schrems-ii-decision-changed-pr... Last year the EU and the Biden administration came to an agreement (the second of these after the last was shot down). The current one may not stand either. If it doesn't, and you're an EU company who has an employee using something as trivial as Notion, you're already in violation (even if Notion is otherwise GDPR compliant, the US gov can subpoena them and look at their data, meaning they can be declared defacto non-compliant). This is further complicated by the fact that, as it turns out, having access to US intelligence isn't so bad in the context of Russia-Ukraine.