Comment by cm2012
3 years ago
Another decision in a long stream that will make it much harder for EU start-ups companies to catch up to American ones. With absolutely no improvements to actual EU citizen well being.
3 years ago
Another decision in a long stream that will make it much harder for EU start-ups companies to catch up to American ones. With absolutely no improvements to actual EU citizen well being.
Maybe a race where the finish line is maximum exploitation of the digital population isn't a race worth running.
Yes, let's all marvel at the accomplishment of making everything funded by exploitative and intrusive but largely useless advertisements.
All digital startups are literally doomed without the indiscriminate collection of personal tracking data.
Side note: thank you modern adtech for consistently recommending me products I already bought days and weeks before. Very effective. Gullible companies just keep paying cold hard cash for these garbage recommendation systems because some sales rep talks fluffy about AI and machine learning, it's so mindblowing....
here I thought maximum exploitation would be selling someones identity on the dark web but I come to find on HN that it's actually hashed analytics data D: !!!
I wish the internet was purely an informational no bullshit interface/store instead of all this crap. I welcome these changes. Convert it back into a piece of furniture. Oh no we can't make a billion dollars for no reason.
So lets legalise child labour? Get rid of OSHA?
Where you draw the line is cultural and personal, so don’t dismiss things like this so easily.
Isn't this an opportunity for EU startups? By choosing to enforce the law on US companies that EU companies are already generally very compliant with, surely the EU has levelled the playing field for EU companies?
It is. Most startups in the EU have to use more and more businesses in the EU. The selection is little, so way more changes to succeed if your EU based and serve both markets.
I run Simple Analytics [1], which is a privacy-first analytics business from the Netherlands. I see a lot of business from the EU just because we are from the EU as well.
[1] https://simpleanalytics.com/?ref=hn
Frankly, as a EU company (based in Germany no less) I'm steering clear of any US SaaS whenever possible. Even if they operate in the EU they're usually a legal headache because privacy compliance is added as an afterthought and they'll often carelessly transfer data to US servers based on assumptions that should have been abandoned when Privacy Shield was torn down in the courts.
Out of the big cloud providers only Azure feels even remotely safe to use (if only because of the privacy reputation of Google and Amazon).
4 replies →
I can already see the taglines: "ConsentCo, tracking that's legal in the EU, unlike Google Analytics"
A little advantage for EU analytics startups, disadvantage for all other EU startups and SMBs who have less options for figuring out what users like about their website and offerings.
Assuming any of that actually helps to grow revenue, or that it is the only way to find out what your users want. Plus, GDPR isn't making tracking illegal in general, it is just heavily regulating it. If it was just properly enforced, the internet would be a much nicer place...
Side note, I'm slowly getting tired of people ignoring regulations and compliance simply out of laziness.
So due to this legislations it is more costly/less profitable for a company to have a European customer compared to US customer. Things like GDPR/lawsuits/bad PR etc. doesn't come for free for companies. So if some startup has more ratio of European users it is at a disadvantage.
GDPR is rarely enforced, we are still In a transition phase and many who start out choose to just ignore it to a degree.
I don't see how it's more costly or less profitable. Judging by the amount of lawsuits per capita I think it's way more likely to get sued in the US than Europe. And guess what's more expensive or complicated for a European company?
Setting up something like Matomo instead of GA doesn't looks to me like a huge penalizing factor for a startup.
If anything, EU startups could benefit from better control over the tools they use. One interesting halo effect of Google seeing that much data is also that US startup from ex-googlers get a head start on many insights.
That decision is on the US, once the cloud act will be removed, those services will be legal again
Before the CLOUD Act there was the PATRIOT Act, which had effectively the same provisions.
These things have not been legal since the GDPR went into effect, and in some countries even before then.
Oh yeah sure, that also would not work with the patriot act.
To be compliant with the GDPR, the US needs data laws which only affects citizens on their own soil and not overreaching to EU citizens.
1 reply →
take data of your USA customers and sell it to the highest bidder without their consent or even knowledge as you please. don't complain that I have the right to know you do that and disagree to you doing that.
Google doesn't really sell user data.
No, it’s too valuable. They sell services using the data such as Google ads.
That seems to be a detail that a lot of people miss. Google, Facebook, etc. don't sell user data. What they do offer is services where they use that data to optimize ad delivery.
On my part, I'm not too concerned with that... they operate on a massive scale and no human is looking at my individual data. The result is me seeing fewer ads that are irrelevant, which is good for everyone (for example, no one benefits from showing me an ad for feminine hygiene products, and if Google and Facebook can make sure that doesn't happen, all the better).
or maybe EU is starring to rely on their own startups.
If I had to chose an analytics software for a customer's website, I'd chose someone in EU for the sole reason that it would be compliant in both EU and the rest of the World.
I am no EU citizen, however live in Europe and do tech startups. I welcome GDPR as well as this ruling.
It's unethical IMO to send personal data to countries that have weak privacy laws without making it absolutely clear to the user. Which is rarely the case with GA right now.
I switched most my projects to shynet, for me personally that's more than enough information and I have zero worries about tracking and know that some users appreciate my approach.
Edit:// even before GDPR became a thing I worked with several companies who had strict rules about hosting in Europe or even more explicit not hosting in the US.
Let me guess, you're from the US and user surveillance is beneficial to your business so naturally everyone with non-capitalist (read not $$$-centric) ideology is plain wrong. EU startups don't have to "catch up" or even compete with US start ups.
read this with a french accent for whatever reason >.<
Does this imply that the EU is "non-capitalist" or something?
"EU startups don't have to "catch up"..." then don't get surprised when EU talent is poached by US and Asian HRs for x2-x3 rates. And before you're gonna talk about all those "free" (taxpayer funded) services and how no European would ever move to Asia or NA, i'd like to remind you that we're in the remote work world now :)
Replying to a comment that states: "not everything revolves around money" with "but we make more money".
1 reply →
As an EU citizen, I find it to be a huge improvement to detangle my data from US-American entities. Especially with the election of Trump and January 6th. Maybe Americans haven't fully realized what that meant for US-EU relations for the next hundreds of years. The US is just not a politically stable country until further notice.
Eh? Jan 6 wasn't very noteable (a bunch of disorganized protestors are let into congress, but the state was not meaningfully threatened), the US has long had political instabilities, the business plot was way worse, but who has heard of it now...
since when EU became politically stable? Last time i checked you were at war with Russia.
> since when EU became politically stable? Last time i checked you were at war with Russia.
Russia's attack on Ukraine has no relevance at all to whether the EU is or isn't politically stable.
There may be other reasons you can cite, in which case fair enough, but that example is a non-EU third party attacking a non-EU third party. And the EU is not at war with Russia.
8 replies →
You are demonstrating the level of geographical and political knowledge that people expect from americans. I hope this is satire.
Ukraine is, not the EU. The US is at least as involved in the war as the EU is.
But I wouldn't call many EU countries very stable either. It can still be a win to not send private data to the US though, tracking has become far too precise and omnipresent.
Actually, the cookie layers of Google have become a lot better in recent months. I doubt that is was Googles initiative, so I think that all this legal stuff is making a difference. Yes, it is a very slow process, but what would be an alternative?
Yes it doesn't solve the startup problem, but honestly there also also a ton of other laws and regulations outside of data protection which make it hard for startups to prosper. Web Analytics seems a relatively minor problem.
Yikes... Have you ever heard of some of the alternatives?
I self-host Plausible which is GDPR compliant and gives me all of the features that Google Analytics is actually good for. There is so much bloat in GA that provides absolutely no extra value.
I'm skeptical that this is a bad deal for EU citizens.
[EDIT] missing and
Nah. The problem here is Google, not analytics in general. You can still use analytics as long as you do it in a privacy-first approach.
These laws also apply to US companies offering their services to in the EU. Frankly, it's about time American companies get reigned in on their privacy abuses. US startup culture has been playing fast and loose with people's data for far too long to disastrous effects.
Perhaps those are start-ups that we don't need in the EU.
That's assuming a European GDPR-compliant alternative to Google analytics wouldn't arise. But of course it will. It's not even a very difficult product to build. If anything this is both sticking it to Google and creating opportunities for European startups to fill the void.
That's ok, that's our decision.
The EU hasn’t shaken off their roots in monarchy. Using the power of the state to go after a single private entity since they have a blood feud with said entity and are now finding all sorts of excuses to hit them economically.
I’ve been following the cases with regard to privacy in the EU and it’s a complete joke. You have all these onerous rules against any web technology making it near impossible for startups to function without an army of lawyers. Think I’m exaggerating? Look up the provisions under GDPR for any business, big or small, to set up a website and then process a single user request for their data even without sign in.
The UK is sick and tired of this and has recently begun moving to ignore these onerous rules. All power to them.
You may be looking at this through a very narrow, heavily politicized lens.
First: GDPR is a compromise, so it's a bit uneven. That's partly due to lobbying by google and friends. Second, privacy very much needs protection. Even if you are perfectly fine giving up your privacy, other people aren't. Third: you can actually process user requests. Depending on how you do it, you don't even have to show a banner. Is that really too intrusive?
I mean, before accusing someone of looking at this politically, please read the comment fully.
You’re taking pains to explain why GDPR is a compromise? Why? If it’s bad law, it’s bad law.
Nothing you said invalidates the assertions I’ve made. Unless you’ve directly experienced the onerous system of regulations in places like Germany, I’d urge you to do more research before the armchair dismissal.
24 replies →
> The EU hasn’t shaken off their roots in monarchy.
I know, right. I mean obviously the world's most famous royal family (our British one) isn't really a monarchy so that doesn't count. And they certainly don't get previews and vetos on our laws, or given hundreds of millions from the licence fees for offshore wind farms, or own a notable percentage of the land.
As for GDPR, compliance is pretty straightforward provided you aren't being shady to begin with.
And the new UK proposals are much worse and if they go through as they stand will be a nightmare for anyone serving UK visitors.
Do you have a point, asshole? There's more in that comment above than the bait you took.
1 reply →
> The UK is sick and tired of this and has recently begun moving to ignore these onerous rules. All power to them.
I don't think so; the UK passed the Data Protection Act 2018 just 4 years ago, to bring GDPR into UK law. That is: the DPA is normal statute legislation, unlike the GDPR itself, which is a bureaucrat-made regulation. The DPA was passed by both houses of Parliament.
So what are these mysterious moves to ignore the law? The only such moves I'm aware of are some plans to remove the European Court of Human Rights from UK law (ain't gonna happen - the ECHR is written into the Good Friday Agreement), and the UK's decision to ignore the decision of the ICJ concerning the Chagos Islands.
>I don't think so; the UK passed the Data Protection Act 2018 just 4 years ago, to bring GDPR into UK law.
This is wrong.
The Data Protection Act did not bring the GDPR in to UK law, GDPR became part of UK law as soon as it was passed because it's an EU regulation, and regulations have direct effect in all member states (which at the time it was passed included the UK).
The GDPR then became "retained EU law" by virtue of Section 3 of the European Union (Withdrawal) Act 2018, and was then modified (turning it in to the UK GDPR) by the The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. These regulations also amended the Data Protection Act, fwiw.
Are you. . . For real in this thread? Can you please stop commenting about things you seem to have zero context in and zero interest in following even casually? https://www.itpro.co.uk/policy-legislation/data-protection/3...
1 reply →