I just don't see the issue. The GDPR isn't exactly difficult to comply with, nor does it hamper any of the clear successes of the last 25 years outside of the ad industry. What's the benefit of backing out on it? Is this just an effort to make a homegrown surveillance network?

▲

graemep 4 hours ago | parent | next [-]

I am not saying privacy laws should be repealed (if you look at my other comments, quite the opposite).

I am saying that the same regulations are both too easy for big business to evade (or ignore and treat fines as a cost of doing business) AND too burdensome on small organisations that do not trade information. Something as simple as a membership list can draw you in.

▲

pembrook 3 hours ago | parent | prev [-]

Ughhh here we go again.

Every time GDPR is brought up on HN, the same "it's super simple to comply, just read it yourself!" religious incantation gets repeated ad-nauseam.

I think it's because people love the idea of what they think GDPR actually represents (the fuzzy abstract idea of "privacy"), without ever diving into any of the implementation details.

Almost nobody on this forum has ever talked to a lawyer about this, and even less people have followed the actual court rulings that have determined what GDPR actually means in practice.

My favorite example, under GDPR over the last 5 years, regardless of whether you follow the spirit of GDPR to the letter...due to the various schrems rulings, back-and-forth on SCCs, data-transfers, and EU-US political spats...there's been multi-year periods where if you're using any service touching data in any part of your business even remotely connected to the US or any non-EU country (so, almost everything), it's been a violation that exposed you to massive fines should any EU resident have filed a complaint against you. This was recently resolved again, but will continue to go back and forth if GDPR remains as-is.

And this is just one of many weird situations the law has created for anyone running a business more complex than "a personal blog."

▲

SiempreViernes 3 hours ago | parent | next [-]

I mean, if your domestic legislation makes it impossible for you to ensure the privacy of your customers, why do you insist could be responsible custodians?

▲

troupo 2 hours ago | parent | prev [-]

> but will continue to go back and forth if GDPR remains as-is.

Yes, it should remain as is and enforced. Yes, storing your users' data in the US is extremely problematic because the US really couldn't give two shits about privacy, or user data.

▲

pembrook an hour ago | parent [-]

I totally get it, it's fun to take wildly impractical ideological stances on things and ignore reality.

However, this generation is beginning to learn the lesson every generation learns: one has to deal with the world as it is, not as one wishes it were. Scarcity exists.

Unfortunately, in globalized economic reality, you will have to transfer data to other countries to conduct business.

Unfortunately, in fossil fuel driven reality, you can't just shut off the fossil fuels and switch to paper straws, you have to build actually viable alternatives first.

Unfortunately, in non-world-peace reality, you can't just stop having a military and become pacifist. Turns out you still need missiles and tanks.

Unfortunately, in low-birth and low-economic-growth reality, you cannot let people retire at 62 and draw inflation-pegged pensions until death.

Unfortunately, in non-0 interest rate reality, governments can't keep deficit spending to prop up a broken socialist economic model.

Etc. Etc.

	▲	vladms 24 minutes ago \| parent [-]
		You don't give any reference that we can look up regarding the problems you mention (ref: "if you're using any service touching data in any part of your business even remotely connected to the US or any non-EU country (so, almost everything"). They might be very reasonable, but seems we miss the point if we don't talk a bit more detailed. What services are you talking about? AWS? Microsoft? Some small startup? Gmail? What data? etc.