> Any cost that has a high fixed component and a lower variable component leads to increasing returns to scale for enterprises.
It's not just fixed costs. Any increase in overhead will have a higher impact on smaller businesses.
If a variable cost increase is passed onto customers it results in lower sales volume. If it isn't it results in lower margins per unit. In either case it can push a smaller business past the point that it can no longer cover its fixed costs, even if the fixed cost amount hasn't changed.
Most successful compliance regimes balance the need for regulation against incumbency bias by making the regulation more stringent for larger firms. Restaurants, for example. If GDPR had envisioned a €1 million global revenue floor for everything but the civil liability components, it would have been successful.
Smaller firms can add "compliance officer" or "privacy officer" to the list of job duties someone does. But yes bigger firms can more easily afford bigger compliance/legal/auditing/lobbying departments.
Even if I would bother enough to do this dance from my mobile device, which I don't, there is no way the article can convince me that it's unbiased journalism.
The article lays out its thesis pretty well. In the wild wild days of little regulation on personal data, everyone vacuumed up as much as they could, because it might be useful someday, and there were few laws with teeth to stop them. Usually, this was used for analytics and 'big data', but frequently, it cycled back into targeted ads. Entire conglomerates made most of their revenue this way: Google, Facebook, Verizon+AOL+Yahoo. I'm not sure Amazon really fits here, because they make most of their money by selling you actual things (compute, products) rather than your data to an outside party, but they do collect a fair bit of data about one's preferences, so let's keep them here.
Now, the door's been shut behind them. It's fair to assume that big companies are better equipped to hire experts to navigate the issue of compliance than a random 8-person startup fresh off the press; whereas 10, 20 years ago these exact sort of new ventures are what grew into data harvesting machines that were usually acquired by someone with bigger wallets. This is one of the mechanisms of regulatory capture: even if the law is good for the public, most of the companies that engaged in the now-illegal tactics can pivot to something else or figure out how to stay in compliance, while any new players hoping to use the same mechanism are forbidden from doing so. This is a fairly typical outcome when regulation is first applied in a space where it wasn't before.
The twist is that some of the same players that engaged in the harvesting and trafficking of personal data have also branched out into cloud computing and various value-add SaaS to sell B2B, and they can capture some revenue from other companies that are just going about their everyday business and are looking to stay compliant with the new regulation. This is a boon for the likes of Amazon, Google, Microsoft, who've engaged in both targeted ad tracking and cloud computing. Increased uptake in their cloud offerings will help insulate them from the tightening of the targeted ad space.
The substance of the article is solid. But for those alleging FUD, keep in mind that TechCrunch is owned by Oath, the content subsidiary of Verizon, a content and infrastructure company without a strong story in B2B cloud computing, and whose revenue is chiefly derived from (1) providing bulk telecom interconnect, (2) being an ISP, both wired and wireless, and (3) correlating user behavior across their portfolio of sites and using their network. One can easily make the case that these sorts of companies are among the most vulnerable to this sort of regulation.
It really depends on whether the regulation actually changes practices and cuts into their core business model. A big part of GDPR is simply making consumers aware of how their data is being used. As awareness and scrutiny increases, it's entirely possible that ad tech as a whole suffers, and that will hurt Facebook/Google disproportionately.
If the landscape changes significantly, that is advantageous to startups because they can choose to avoid quagmires entirely. It's really the middle-stage ad tech companies that don't have the cash to comply, but have too much momentum to change course that will really be fucked.
Of course it's true that you can't start another Google or Facebook today, but that is for many reasons among which privacy regulation is merely a footnote. I get that a lot of fortunes were made in ad tech, but innovation will not stop because practices need to change.
Don't look at GDPR and see it as some kind of slap in the face to Facebook or Google. The reality is that regulation like this invariably benefit the companies large enough to hire the lawyers to abide by the regulation. Similar story for tax-law complexity.
Large corporations thrive in highly regulated environments without fear of competition.
An EU company will have a harder time targeting EU residents under GDPR than a US company will have (for its own residents). Wasted money on non-personalized ads could be the difference between continuing to exist for some. So it could potentially hurt EU companies that want to advertise too - though I really don't know the extent of advertising there.
Depends what you do, I am building EU (UK) company right now. We started before GDPR but we had it in mind early on and I don't believe it made it any harder for us. Obviously our business model didn't assume selling our costumer data.
Being 'GDPR ready', 'privacy first' and putting our users in control of their data was a good selling point and important part of our story. It definitely made it easier for me as a tech guy in founding team to argue for reasonable privacy policy, avoiding data monetising revenue models and attention to security.
I can create a business model in the US market - in the vast majority of nations in fact - that can't exist in the EU, pay for it with targeted advertising in the US market and give the product away for 'free.' I can scale it with US ad practices, then move into the EU with full GDPR compliance and continue to fund that product with the vast, lucrative, targeted US ad market, doing things with customer data and generating margin that is impossible in the EU. The EU can't project its jurisdiction globally to prevent this approach.
GDPR is a massive win for US companies, it increases the already overwhelming US competitive advantage. The US tech giants can trivially comply with GDPR, and the EU ends up as more of a tech hermit kingdom with every restriction and compliance requirement they put into place.
Starting and building a company like Google or Twitter in the EU was very difficult before, now it's impossible. Every future Google in the West will be born in the US perpetually from here on out.
For all the criticism of Google, of which I have extensively done, very little negative is said about their security. The fact that you can have 99 character passwords in GMail speaks to this (Paypal and Bank of America’s limit is 20 for example).
Everyone today worships small business, but the 30 years of incredible economic growth was partly achieved by the partnership of Big Business with Big Labor and Big Government.
As Galbraith said at the time: “the entrepreneur, as many see him, is a selfish type motivated primarily by greed, and he is furthermore, unhappy.”
I think entrepreneurs have contributed a lot to society, but I also think new era’s come and go, and the worship today of “innovative startups” will not last forever.
I’m surprised that so many people are missing this. Google and Facebook may come off better than most tech companies, but surely the real winners must be whoever was not relying on your personal data to begin with? E.g. tv, radio, and print.
'Control of the information flow to your populace by censoring bad things and putting out misinformation, which then informs the thoughts of the populace'.
China , Russia have strategic interest to protect. The EU , i'm not so sure what it is protecting, and reading this law it's really hard to tell if we are supposed to have some kind of advantage now. It seems more like an extreme, wrist-slapping attempt of its leftist lawmakers.
Example: DuckDuckGo had no issues in ensuring people’s privacy for years and I’m fairly sure that they have zero problems with GDPR. And they are not and have never been at Google’s scale.
What happens actually is that privacy-violating companies are trying to keep doing whatever it was they were doing, but then discovering that no sane individual would opt-in to being tracked, without having access blocked of course, which then leads to lost revenue anyway.
So they are trying to game the system, which gets expensive of course. Now you need lawyers and experts in dark patterns. But when your entire business model depends on people's ignorance, you really can't claim the high moral ground.
> I’m fairly sure that they have zero problems with GDPR
My understanding, from a friend there, is GDPR imposes significant costs on their operations. The problem isn’t the intent of the law. It’s its implementation. The administrative burdens imposed by the mandated bureaucracy is massive.
I think of the GDPR as similar to clean operations with regards to environmental impacts.
If, right now, there was made a law that fairly charged for all externalities on environmental damage of their products, then the companies that do things "right" with regards to environmental practice would be some of the most profitable.
The GDPR is the similar type of law, but for data hoarding of PII. If you're doing privacy and handling user data that preserves users' rights, you likely wont have much anything to change. Sure, you'll have to put together 5 documents how you do use data... but everyone does in the EC.
If you're a hoarder, spread PII everywhere it shouldnt be, or otherwise do bad things your users would find unconscionable, it's going to be a very rough time.
As an American, I try to buy sustainable products.. But the GDPR makes it easy to see which tech maintains my privacy of my data.
Doesn’t DDG use Bing and Yahoo? I’m not sure how well would they work in a vacuum where they can’t take advantage the benefit of “tracking” through outsourcing.
DuckDuckGo is a search engine - meaning its possible to use their tool without the collection of any data, even creating a user account. Many other tools are doing nothing nefarious with data but its not possible to use their tool without collecting data.
It's neat that DuckDuckGo was able to find a business model through showing ads based on what you search into the search box. For me personally, I don't see much of a difference between being shown ads on what I searched at that moment and having a cookie stored in my browser and getting showed ads based on that later on.
None of this disproves what the article is saying anyway - Google & Amazon will be the best equipped to handle the nuances of any data laws and as bureaucracy increases, they will benefit the most, storing more data.
Did you ever noticed that when it comes to protect a public official, for example a cop killing someone, all the State pieces work in perfect synchrony? I mean, everyone, from lawmakers, judges and the lowest of clerks suddently learn how to make exceptions and interpret the laws in new ways.
Yet, I have to believe that lawmakers aren't able to stop billionaires from screwing up the small guy without making complex regulations that impede progress and innovation, regulations that in the end make the rich and the bureaucrats a lot of money and sink hopes for the honest entrepeneur.
I have to believe they're making the laws in good faith because they really have no alternative.
Of course. I totally believe it.
Regulations are written by very big companies in that space of the market. The EU isn't immune to this, and our government in the US definitely isn't. I know this seems counter intuitive to people not familiar with barriers to entry in industry, but big companies easily absorb costs in regulatory frameworks that are legally put into place. They normally lobby and ensure that whatever goes into effect is either something they are actively doing, or can do at minimal cost to them, while being a large cost to others.
A great example recently in the United States was in the Consumer Product Safety Improvement Act passed in 2008. It was in response to large toy makers using lead paint in their toys coming from China. It wasn't small toy makers doing this, it was the Mattels. As a result of what these large companies did with their disregard to product safety, a regulatory safety framework was put into place that Mattel could easily absorb into their operating costs, while small mom and pop makers suddenly had a very expensive process to go through, even if they were not the cause of how this law came into effect.
We can all agree on respecting privacy, toy safety, etc. It's a good thing. But just remember that usually these things are passed to protect large companies, not necessarily for the benefit of the consumer, and definitely not for young competitive companies trying to break into a market space that now has a huge initial cost that may be insurmountable. The result sold to the consumer is normally just a side effect used to promote it.
[+] [-] smallnamespace|7 years ago|reply
We see with regulation all the time, e.g. Dodd-Frank made it harder for small banks to raise capital.
[+] [-] AnthonyMouse|7 years ago|reply
It's not just fixed costs. Any increase in overhead will have a higher impact on smaller businesses.
If a variable cost increase is passed onto customers it results in lower sales volume. If it isn't it results in lower margins per unit. In either case it can push a smaller business past the point that it can no longer cover its fixed costs, even if the fixed cost amount hasn't changed.
[+] [-] JumpCrisscross|7 years ago|reply
[+] [-] supertrope|7 years ago|reply
[+] [-] ge0rg|7 years ago|reply
- violate my GDPR rights by requiring opt-out from their tracking, instead of opt-in
- are going to sell my data to hundreds of "partners"
https://gdprhallofshame.com/5-techcrunch-engadget-and-oath-c...
Even if I would bother enough to do this dance from my mobile device, which I don't, there is no way the article can convince me that it's unbiased journalism.
[+] [-] niftich|7 years ago|reply
Now, the door's been shut behind them. It's fair to assume that big companies are better equipped to hire experts to navigate the issue of compliance than a random 8-person startup fresh off the press; whereas 10, 20 years ago these exact sort of new ventures are what grew into data harvesting machines that were usually acquired by someone with bigger wallets. This is one of the mechanisms of regulatory capture: even if the law is good for the public, most of the companies that engaged in the now-illegal tactics can pivot to something else or figure out how to stay in compliance, while any new players hoping to use the same mechanism are forbidden from doing so. This is a fairly typical outcome when regulation is first applied in a space where it wasn't before.
The twist is that some of the same players that engaged in the harvesting and trafficking of personal data have also branched out into cloud computing and various value-add SaaS to sell B2B, and they can capture some revenue from other companies that are just going about their everyday business and are looking to stay compliant with the new regulation. This is a boon for the likes of Amazon, Google, Microsoft, who've engaged in both targeted ad tracking and cloud computing. Increased uptake in their cloud offerings will help insulate them from the tightening of the targeted ad space.
The substance of the article is solid. But for those alleging FUD, keep in mind that TechCrunch is owned by Oath, the content subsidiary of Verizon, a content and infrastructure company without a strong story in B2B cloud computing, and whose revenue is chiefly derived from (1) providing bulk telecom interconnect, (2) being an ISP, both wired and wireless, and (3) correlating user behavior across their portfolio of sites and using their network. One can easily make the case that these sorts of companies are among the most vulnerable to this sort of regulation.
[+] [-] dasil003|7 years ago|reply
If the landscape changes significantly, that is advantageous to startups because they can choose to avoid quagmires entirely. It's really the middle-stage ad tech companies that don't have the cash to comply, but have too much momentum to change course that will really be fucked.
Of course it's true that you can't start another Google or Facebook today, but that is for many reasons among which privacy regulation is merely a footnote. I get that a lot of fortunes were made in ad tech, but innovation will not stop because practices need to change.
[+] [-] yuhong|7 years ago|reply
[deleted]
[+] [-] 49bc|7 years ago|reply
Large corporations thrive in highly regulated environments without fear of competition.
[+] [-] oblio|7 years ago|reply
[+] [-] OldSchoolJohnny|7 years ago|reply
[+] [-] taysic|7 years ago|reply
[+] [-] zn44|7 years ago|reply
Being 'GDPR ready', 'privacy first' and putting our users in control of their data was a good selling point and important part of our story. It definitely made it easier for me as a tech guy in founding team to argue for reasonable privacy policy, avoiding data monetising revenue models and attention to security.
[+] [-] zerostar07|7 years ago|reply
[+] [-] krageon|7 years ago|reply
[+] [-] adventured|7 years ago|reply
I can create a business model in the US market - in the vast majority of nations in fact - that can't exist in the EU, pay for it with targeted advertising in the US market and give the product away for 'free.' I can scale it with US ad practices, then move into the EU with full GDPR compliance and continue to fund that product with the vast, lucrative, targeted US ad market, doing things with customer data and generating margin that is impossible in the EU. The EU can't project its jurisdiction globally to prevent this approach.
GDPR is a massive win for US companies, it increases the already overwhelming US competitive advantage. The US tech giants can trivially comply with GDPR, and the EU ends up as more of a tech hermit kingdom with every restriction and compliance requirement they put into place.
Starting and building a company like Google or Twitter in the EU was very difficult before, now it's impossible. Every future Google in the West will be born in the US perpetually from here on out.
[+] [-] Bucephalus355|7 years ago|reply
For all the criticism of Google, of which I have extensively done, very little negative is said about their security. The fact that you can have 99 character passwords in GMail speaks to this (Paypal and Bank of America’s limit is 20 for example).
Everyone today worships small business, but the 30 years of incredible economic growth was partly achieved by the partnership of Big Business with Big Labor and Big Government.
As Galbraith said at the time: “the entrepreneur, as many see him, is a selfish type motivated primarily by greed, and he is furthermore, unhappy.”
I think entrepreneurs have contributed a lot to society, but I also think new era’s come and go, and the worship today of “innovative startups” will not last forever.
[+] [-] hshehehjdjdjd|7 years ago|reply
[+] [-] graeme|7 years ago|reply
[+] [-] theyinwhy|7 years ago|reply
There is no thought control, only data (lots of ads of course) that you yourself receive, think about and shelve.
[+] [-] woolvalley|7 years ago|reply
[+] [-] zerostar07|7 years ago|reply
[+] [-] TheForumTroll|7 years ago|reply
[+] [-] somebadguy|7 years ago|reply
[deleted]
[+] [-] bencollier49|7 years ago|reply
[+] [-] jakeogh|7 years ago|reply
[+] [-] bad_user|7 years ago|reply
Example: DuckDuckGo had no issues in ensuring people’s privacy for years and I’m fairly sure that they have zero problems with GDPR. And they are not and have never been at Google’s scale.
What happens actually is that privacy-violating companies are trying to keep doing whatever it was they were doing, but then discovering that no sane individual would opt-in to being tracked, without having access blocked of course, which then leads to lost revenue anyway.
So they are trying to game the system, which gets expensive of course. Now you need lawyers and experts in dark patterns. But when your entire business model depends on people's ignorance, you really can't claim the high moral ground.
Such articles are engaging in sponsored FUD.
[+] [-] JumpCrisscross|7 years ago|reply
My understanding, from a friend there, is GDPR imposes significant costs on their operations. The problem isn’t the intent of the law. It’s its implementation. The administrative burdens imposed by the mandated bureaucracy is massive.
[+] [-] Matticus_Rex|7 years ago|reply
The vast majority of companies aren't violating privacy in any meaningful way, and the GDPR still imposes large costs on them.
[+] [-] crankylinuxuser|7 years ago|reply
If, right now, there was made a law that fairly charged for all externalities on environmental damage of their products, then the companies that do things "right" with regards to environmental practice would be some of the most profitable.
The GDPR is the similar type of law, but for data hoarding of PII. If you're doing privacy and handling user data that preserves users' rights, you likely wont have much anything to change. Sure, you'll have to put together 5 documents how you do use data... but everyone does in the EC.
If you're a hoarder, spread PII everywhere it shouldnt be, or otherwise do bad things your users would find unconscionable, it's going to be a very rough time.
As an American, I try to buy sustainable products.. But the GDPR makes it easy to see which tech maintains my privacy of my data.
[+] [-] dogma1138|7 years ago|reply
[+] [-] taysic|7 years ago|reply
It's neat that DuckDuckGo was able to find a business model through showing ads based on what you search into the search box. For me personally, I don't see much of a difference between being shown ads on what I searched at that moment and having a cookie stored in my browser and getting showed ads based on that later on.
None of this disproves what the article is saying anyway - Google & Amazon will be the best equipped to handle the nuances of any data laws and as bureaucracy increases, they will benefit the most, storing more data.
[+] [-] zerostar07|7 years ago|reply
Do they comply with right to be forgotten etc?
[+] [-] infinitismal8|7 years ago|reply
[+] [-] nannePOPI|7 years ago|reply
Yet, I have to believe that lawmakers aren't able to stop billionaires from screwing up the small guy without making complex regulations that impede progress and innovation, regulations that in the end make the rich and the bureaucrats a lot of money and sink hopes for the honest entrepeneur. I have to believe they're making the laws in good faith because they really have no alternative. Of course. I totally believe it.
[+] [-] spaginal|7 years ago|reply
A great example recently in the United States was in the Consumer Product Safety Improvement Act passed in 2008. It was in response to large toy makers using lead paint in their toys coming from China. It wasn't small toy makers doing this, it was the Mattels. As a result of what these large companies did with their disregard to product safety, a regulatory safety framework was put into place that Mattel could easily absorb into their operating costs, while small mom and pop makers suddenly had a very expensive process to go through, even if they were not the cause of how this law came into effect.
We can all agree on respecting privacy, toy safety, etc. It's a good thing. But just remember that usually these things are passed to protect large companies, not necessarily for the benefit of the consumer, and definitely not for young competitive companies trying to break into a market space that now has a huge initial cost that may be insurmountable. The result sold to the consumer is normally just a side effect used to promote it.