(no title)
eclipsetheworld | 1 month ago
While the goals are usually noble, I’m increasingly convinced we’re regulating ourselves into irrelevance. I’m not a Big Tech company yet my interests align with theirs. We desperately need an EU that prioritizes actual growth over well-intentioned paperwork. To me, the AI Act and the GDPR are the worst offenders here, representing the largest possible gap between "good intentions" and the actual effect they have on the ground.
Consider frontier LLM labs. We have the talent, the Nordic data centers, and access to the GPUs. But why would any investor drop $100B on a frontier LLM lab here when the legislative environment is fundamentally more hostile than the US? It feels like we’ve already watched Mistral and Aleph Alpha get left in the dust.
To give you an idea of the "compliance vs. reality" GDPR gap: I worked on a project processing healthcare data for millions of people. We had a clear, easy-to-find privacy policy and a responsive DPO. Total GDPR requests for info or deletion? Exactly 53. Out of millions. We spent thousands of hours building systems for rights that only 0.001% of our users cared to use.
If you look at the courts, the "damage" being prevented is equally vague. Since EU courts don't really do punitive damages, most awards are tiny unless there’s actual identity theft. Most of what GDPR protects is "mental distress" or "loss of control"-concepts so ambiguous that courts rarely award anything for them unless something else went wrong.
The result of all this "protection"? No FAANG-equivalent, no frontier AI leader, and no homegrown ad-tech. It turns out the most perfectly regulated company is the one that never exists in the first place.
loorke|1 month ago
I cannot stand reading these comments left by people clearly detached from reality.
I used to work in a medical AI company myself, over the years we had a few requests for deletion, all from some crazy old German people. Moreover, we couldn't train our models on European data, which is absurd.
array_key_first|1 month ago
If you can't handle the heat, get out of the kitchen. The big picture is that medical AI is scary stuff that can ruin countless lives if done even slightly wrong.
soco|1 month ago
eclipsetheworld|1 month ago
We didn't spend thousands of hours on a deletion feature (or just development time). We spent them in total to be compliant in a healthcare environment. That time goes into:
Documenting the entire lifecycle (how, why, and where) of every single data point we process. Conducting and documenting formal risk assessments for every major processing activity (Privacy Impact Assessments (DPIA)). Drafting and negotiating data processing agreements (DPAs) with every single partner and vendor we use. Building strict role-based access and logging systems to track exactly who views and edits data and why. Implementing pseudonymization and logical data separation to ensure we meet "privacy by design" standards. Constantly coordinating between the product and dev team and the DPO to update policies and communicate changes to users.
The point I’m making is that the EU has built an incredibly expensive regulatory environment to support rights that, in practice, the vast majority of users don't seem to care about. We’re over-engineering for a "loss of control" that the average user hasn't shown much interest in reclaiming.
hodgesrm|1 month ago
It's the same dynamic that has warped the California housing market by adding a forest of regulations that make it almost impossible to build new housing. Those regulations for the most part add nothing but cost and time to projects. Meanwhile housing prices go through the roof.
amarcheschi|1 month ago