I feel like we had this exact same argument over GDPR, but no horror stories have descended about Mom and Pop operations run out of business but the evil Brusselcrats.
> we had this exact same argument over GDPR, but no horror stories have descended
Romania has already deployed GDPR as a weapon against its press [1]. I also have a short list of anecdotes of economic activity (start-ups and other new market entrants) that would have happened in the EU but, in large part due to compliance costs–including GDPR–wound up happening outside the EU.
And the EU is trying to prevent Romania from doing it. I don't see your point. Romania could just have used another law or just made a new one to harass the press.
This is not related to business but there's a horror story with Romania (it's in the EU) asking a news organization to provide informants information related to some corruption leaks.
The information is requested by the national GDPR enforcer so it bypasses the prevention written in the GDPR about news leaks.
Now there's a trial going around with this which blocked any further spread of that information until it's solved. It can be easily seen how the GDPR can be weaponized.
Isn't that just straight abuse of the law? AFAIK GDPR only protects your personal information, it can't be used to request someone else's personal information (if anything, you could argue that GDPR prevents you from giving out another person's info).
GDPR has had a very detrimental effect on user experience, with never ending popups and warnings about crap nobody understands. And being in the EU there's several US publications we can no longer access.
I can buy arguments that extra compliance efforts make some businesses not cost-effective in Europe, but this particular argument is nonsense.
It's like a factory that dumped toxic waste into a river complaining that, because of a ban on dumping toxic waste into rivers, they now "have to" dump them to nearby meadows instead, and that makes local customers unhappy.
"Detrimental effect on user experience" is an intended effect that clearly signals the company doesn't want to stop abusing its users.
You can thank large media conglomerates for the latter, all it takes is one executive decision for dozens of networks and websites to start geo-blocking Euorpe.
GDPR is still fairly new, and it usually takes a while for the full consequences of complex new legislation to be felt.
As an American who spends a lot of time in Europe, what I have noticed is that a majority of local news sites in the US block me from accessing them using IP geolocation.
An old client of mine, an actual mom and pop operation in Germany was harassed and was almost ran out of business by a law-firm who went around, the moment GDPR dropped, trying to find targets to sue.
These are enforced on a national level though aren't they, in the UK ICO doesn't have the resources to hunt people down and are probably only going to enforce action against major players in the market as they are under the most scrutiny.
The problem comes when a nation decides to use those rules in a way that is detrimental to the populace or a service they see as troublesome.
GDPR has a very worthy purpose though: companies were taking far too many liberties with people's personal data. I don't see analogous problems with copyrighted material (there is some infringement, but it doesn't really seem problematic to society).
That's not what it's for. The GDPR legslates what events one can remember (using incrementalisim). It's ultimately an attack on general purpose computing.
It's not clear what's going on with GDPR, good test cases are only now starting to be tested. But the fact that many American newspapers, for example, are blocked in Europe is certainly something to worry about.
> But the fact that many American newspapers, for example, are blocked in Europe is certainly something to worry about.
They are not blocked. They have chosen to take their services offline because they don’t think changing their business model such that it no longer depends on aggressively tracking their users is worthwhile or cost-effective. Which is fine by me imho.
> But the fact that many American newspapers, for example, are blocked in Europe is certainly something to worry about.
There's just one large company that decided to block EU visitors: Tribune Publishing[0]. Yes, them blocking Europe is bad. Them owning so many local newspapers that this decision even makes an impact is a bigger problem.
I'm not saying that they're the only ones blocking Europe, but I am saying that we wouldn't think of it to be as wide spread if it weren't for Chicago Tribune, Baltimore Sun, and LA Times (among others).
The GDPR is very similar to the old Data Protection Directive, which came into force in 1995. Many member states had done a piss-poor job of implementing and enforcing the DPD, which was largely the motivation for passing the GDPR. Directives have to be transposed into national law by individual member states, while regulations are immediately applicable across the entire Union.
I'm not saying there won't be an effect, but having an effect it's why you pass a law. But 8 months in, and the landscape doesn't seem radically altered.
If anything, major players deciding not to compete in a market is good to my mind, as a means of increasing a diversity of business styles. Laws like this make businesses pay for the actual cost of thier hidden externalities.
[humor] Given the "quality" of reporting in most of the publications here, we should be thanked for that outcome [/humor]
More seriously, GDPR should not extend beyond its jurisdiction. It does though, and there are consequences. Blocking european IPs cost (loss of revenue) must be balanced against compliance costs.
Claims that "they've had N years to prepare" are specicious, if for no other reason than they aren't bound by the specific law. Meanwhile the law introduces a new, potentially large, liability. Which results in companies self censoring by geolocation.
This is what you call an unintended consequence. Remote access to quite a few resources outside of Europe is likely to be restricted should this pass into EU law. As we like to say here, elections have consequences.
FWIW, I support the aims of GDPR, and wish we would get a sane law on this here in the US as well. But I don't want our law extending to others. That would be unfair to them.
American newspapers don't need to care about GDPR. Most websites don't need to care about GDPR. Europe does not get to dictate how non European based websites operate. The GDPR can be outright ignored for a significant part of the internet. I have no idea why an American newspaper would give a shit about GDPR. They could literally put a huge banner up saying "fuck GDPR" and face zero legal consequences.
JumpCrisscross|7 years ago
Romania has already deployed GDPR as a weapon against its press [1]. I also have a short list of anecdotes of economic activity (start-ups and other new market entrants) that would have happened in the EU but, in large part due to compliance costs–including GDPR–wound up happening outside the EU.
[1] https://euobserver.com/justice/143356
foepys|7 years ago
fuscy|7 years ago
The information is requested by the national GDPR enforcer so it bypasses the prevention written in the GDPR about news leaks.
Now there's a trial going around with this which blocked any further spread of that information until it's solved. It can be easily seen how the GDPR can be weaponized.
tomp|7 years ago
toyg|7 years ago
stef25|7 years ago
TeMPOraL|7 years ago
It's like a factory that dumped toxic waste into a river complaining that, because of a ban on dumping toxic waste into rivers, they now "have to" dump them to nearby meadows instead, and that makes local customers unhappy.
"Detrimental effect on user experience" is an intended effect that clearly signals the company doesn't want to stop abusing its users.
Aengeuad|7 years ago
Zak|7 years ago
As an American who spends a lot of time in Europe, what I have noticed is that a majority of local news sites in the US block me from accessing them using IP geolocation.
beezischillin|7 years ago
hyperman1|7 years ago
AFAIK, no independent lawyer can sue you for violating the GDPR. Only the German regulatory body could sue them.
KevanM|7 years ago
The problem comes when a nation decides to use those rules in a way that is detrimental to the populace or a service they see as troublesome.
LoSboccacc|7 years ago
law need to be tested trough time, because it will be used by the next party in power for hundreds years, whether you like the party in power or not.
the only reasonable way to reason about law is full on pessimism.
it's like we already forgot the tyranny that was going on less than a century ago and was acquired through escalating legal abuse.
ric2b|7 years ago
nicoburns|7 years ago
jakeogh|7 years ago
yostrovs|7 years ago
andrewnicolalde|7 years ago
They are not blocked. They have chosen to take their services offline because they don’t think changing their business model such that it no longer depends on aggressively tracking their users is worthwhile or cost-effective. Which is fine by me imho.
r3bl|7 years ago
There's just one large company that decided to block EU visitors: Tribune Publishing[0]. Yes, them blocking Europe is bad. Them owning so many local newspapers that this decision even makes an impact is a bigger problem.
I'm not saying that they're the only ones blocking Europe, but I am saying that we wouldn't think of it to be as wide spread if it weren't for Chicago Tribune, Baltimore Sun, and LA Times (among others).
[0] https://en.wikipedia.org/wiki/Tribune_Publishing
jdietrich|7 years ago
https://en.wikipedia.org/wiki/Data_Protection_Directive
drewbuschhorn|7 years ago
If anything, major players deciding not to compete in a market is good to my mind, as a means of increasing a diversity of business styles. Laws like this make businesses pay for the actual cost of thier hidden externalities.
hpcjoe|7 years ago
More seriously, GDPR should not extend beyond its jurisdiction. It does though, and there are consequences. Blocking european IPs cost (loss of revenue) must be balanced against compliance costs.
Claims that "they've had N years to prepare" are specicious, if for no other reason than they aren't bound by the specific law. Meanwhile the law introduces a new, potentially large, liability. Which results in companies self censoring by geolocation.
This is what you call an unintended consequence. Remote access to quite a few resources outside of Europe is likely to be restricted should this pass into EU law. As we like to say here, elections have consequences.
FWIW, I support the aims of GDPR, and wish we would get a sane law on this here in the US as well. But I don't want our law extending to others. That would be unfair to them.
paulie_a|7 years ago