Comment by _fat_santa
7 months ago
It's insane that they never carved out any provisions for "non big-tech".
I feel like the whole time this was being argued and passed, everyone in power just considered the internet to be the major social media sites and never considered that a single person or smaller group will run a site.
IMO I think that you're going to get two groups of poeple emerge from this. One group will just shut down their sites to avoid running a fowl of the rules and the other group will go the "go fuck yourself" route and continue to host anonymously.
> I feel like the whole time this was being argued and passed, everyone in power just considered the internet to be the major social media sites and never considered that a single person or smaller group will run a site.
Does this shock you? I don't recall a time in memory where a politician discussing technology was at best, cringe and at worst, completely incompetent and factually wrong.
Off the top of my head Oregon Senator Ron Wyden. I’m sure there are others. Millennials are in office now.
> Off the top of my head Oregon Senator Ron Wyden. I’m sure there are others
If we exclude politicians whose tech awareness is curated by lobbyists, Ron Wyden may be the entire list.
2 replies →
> Millennials are in office now.
So? Tons of millennials barely understand technology too. I'd say a politician being one makes the odds they know tech marginally better, but I still interact with people of my generation that barely know what a filesystem is, let alone how to make one, or why it's important.
1 reply →
> Millennials are in office now.
The most stupid influencers, at least in my country.
1 reply →
> It's insane that they never carved out any provisions for "non big-tech".
That would be insane, and it's not true. You have to consider the risks and impacts of your service, and scale is a key part of that.
I think it's really important around this to actually talk about what's in the requirements, and if you think something that has gone through this much stuff is truly insane (rather than just a set of tradeoffs you're on the other side of) then it's worth asking if you have understood it. Maybe you have and lots of other people are extremely stupid, or maybe your understanding of it is off - if it's important to you in any way it probably makes sense to check right?
I'm sure Big Tech helped to write the bill.
> It's insane that they never carved out any provisions for "non big-tech".
There's only 13 provisions that apply to sites with less than 7 million users (10% of the UK population).
7 of those are basically having an inbox where people can make a complaint and there is a process to deal with complaints.
1 is having a 'report' button for users.
2 say you will provide a 'terms of service'
1 says you will remove accounts if you think they're run by terrorists.
The OP is blowing this out of proportion.
You are obviously rewriting a lot of the law, and ignoring that the penalty seems to still be "up to 18 million pounds". So no, there is a deliberate bias against smaller sites.
> You are obviously rewriting a lot of the law
Feel free to address any specific points. Have you looked at the Ofcom guidance?
> penalty seems to still be "up to 18 million pounds".
Fines "up to" a certain amount allow flexibility in punishment, enabling courts to consider the specific circumstances of each case, such as the severity of the offence and the offender's financial situation. This discretion ensures that penalties are proportional and fair, avoiding undue hardship while still serving as a deterrent.
You cannot write in to legislation specific fines for every possible scenario, this is how the UK legislation works. Suggesting you need to shutdown a cycling forums because you don't have 18 million in the bank is ludicrous.
Mishandling personal data has a maximum fine of £18 million too, yet small/medium/large businesses still exists...
> So no, there is a deliberate bias against smaller sites.
I'm saying there is deliberate bias against smaller sites, smaller sites only have 13 minor provisions whereas larger ones have 30+.
> It's insane that they never carved out any provisions for "non big-tech".
Very little legislation does.
Two things my clients have dealt with: VATMOSS and GDPR. The former was fixed with a much higher ceiling for compliance but not before causing a lot of costs and lost revenue to small businesses. GDPR treats a small businesses and non profits that just keep simple lists for people (customers, donors, members, parishioners, etc.) has to put effort into complying even thought they have a relatively small number of people's data and do not use it outside their organisation. The rules are the same as for a huge social network that buys and sells information about hundreds of millions of people.
Do you know a small business that has got into trouble with GDPR?
You can filter this list to see 200+ GDPR fines assigned to sole proprietors, the smallest of small businesses, individuals that haven't even registered a separate entity for their business:
https://www.enforcementtracker.com/
They're only cataloging the (2500+) publicly known ones, most of which have a link to a news article. As an example: some guy in Croatia emailed a couple websites he thought might be interested in his marketing services, and provided a working opt-out link in his cold emails. One of them reported the email to the Italian Data Protection Authority who then put him through an international investigation and fined him 5000 euro.
"Assuming here that the reasons expressed in the aforementioned document have been fully recalled, [individual] was charged with violating articles 5, par. 1, letter a), 6, par. 1, letter a) of the Regulation and art. 130 of the Code, since the sending of promotional communications via e-mail was found to have been carried out without the consent of the interested parties. Therefore, it is believed that - based on the set of elements indicated above - the administrative sanction of payment of a sum of €5,000.00 (five thousand) equal to 0.025% of the maximum statutory sanction of €20 million should be applied."
2 replies →
They do not get into trouble because have spent the money and the time on compliance, which is an unfair burden.
Also, is not just small businesses, it is not for profits too.
Yes. $30k in compliance costs from a pissed off ex-employee and malicious gdpr requests.
2 replies →
How is it insane? The target is non big-tech. Do you think Facebook cares they have to hire a couple of people to do compliance?