Comment by maccard
6 hours ago
It’s not over regulation, it’s bad regulation.
Not all regulation is bad, and some of it is wildly effective at not just achieving the letter of the law but actually solving the problem it was defined for. Good regulation IMO looks bad because you never hear of anyone being punished for breaking it because it is complied with.
The EU banned roaming charges in 2017. Most networks by then had already abolished them, but only because this change was coming. The UK then decided it was going to leave the EU, and pretty much overnight the major mobile providers reintroduced the roaming charges.
EU flight compensation rules are another great example - they don’t pay out often because what’s happened is the airlines don’t get delayed to that point as often as they used to.
Scotland has a “right to roam”, which can be summarised as “don’t be a dick and you can go anywhere you want outdoors”. So you can walk, camp etc pretty much anywhere (it’s a bit more complex). In theory this means I can just open a gate to a farm, and walk across their fields. In practice, this means that most popular walking paths have access routes maintained by landowners that people use.
On the flip side, the cookie banners are a perfect example of bad regulation. They’re super easy to (allegedly) comply with and the result is just an annoyance for some 300 million people and absolutely no change to company behaviour whatsoever.
!00% agree. 'we need less regulation' is never the right answer, 'we need the right regulations' is. The article points out areas that improvements to regulation, and process, would help and that second part 'and process' is often overlooked. A complex regulatory structure may be needed but that doesn't mean it has to be as hard as it is. Is it really the problem that the regulations were complex or was it a problem that navigating them was a challenge? I've had this discussion with local permitting where I live. Permits are needed, but that doesn't mean they should be hard or that the job of the city is to just tell you no. There is a world where the city is a partner trying to help you achieve something so when permitting comes up, and you pay your fees, the answer they give isn't just 'yes/no' but 'you may want to consider' and 'let's work together on a plan that...'. There isn't a regulation here, just a process improvement and the difference can be massive. A similar view of how to improve federal regulations, through simple process improvement and not just regulatory change, could really make a difference.
Sure, but sometimes a repealing a bad piece of regulation doesn’t necessitate a replacement.
Policy reform decisions need to be evidence based and sometimes evidence suggests ditching the law over updating. And sometimes it’ll say update it.
What makes Good regulation is path dependent (in respect to existing institutions) and context sensitive, it’s important to analysis the costs of enforcement, not just the administrative side but in terms of lost opportunities. Do they make a suite of desirable economic activity infeasible or unjustifiable more expensive (relative to the goal of the policy)
> There isn't a regulation here, just a process improvement and the difference can be massive
Are those binding constraints? If so it’s effectively regulation or part of the regulatory regime even if they aren’t the rules themselves
I was typing that in the shower, but a more complete version of "Do they make a suite of desirable economic activity infeasible or unjustifiable more expensive (relative to the goal of the policy)" is
Does the added benefit or reduced cost of the law outsize any cost or lost benefit from the introduction of the law? This question isn't always asked and in many cases it's only asked after someone picks up on a problem well after the fact.
Understandably you can't always wait for measurements to come in to evaluate a policy, it's also a political environment in which these decisions are made. That fact also leads to reactionary regulation as its the easiest way for leaders to show they're responding to a problem.
Having the ability to gather evidence to assess policy in a timely manner is actually pretty hard without some kind of history of research in the space, and you need to develop institutions that help answer these questions faster and with some level of independence from the government to demonstrate a level of legitimacy. Even in a scenario where evidence continues to come in, saying "the existing legislation is unideal", you'll have people with who have made a living out of the existing regime defend that status quo. And the longer that legislation is in place the harder it will be to challenge those people as they will only become more organised as time goes on, but in a democracy all you need is the people by and large on your side, but an organised beneficiary of the status quo will definitely not go down without a fight.
It's very difficult to generalise stuff like this.
> 'we need less regulation' is never the right answer
Sometimes it is. For example some countries had or have regulation that only nobles can work in specific professions or wear specific clothes or live in specific places. Some had the same but race-based.
This entire class of regulation deserved to be thrown out. And yes, at least partially there are claims how it was necessary for safety or whatever else.
There are are also some dumb taxes with bad side effects like tax on windows.
Some regulation is terrible and deserves to be removed rather than replaced or improved.
I think you may be misinterpreting the point. It's not that we never need less regulation, this may be the case. We should never make 'less regulation' the target. The right regulation may be less in some cases.
6 replies →
Based on your opinion of local permitting I have a strong suspicion you've never applied for any sort of local permit for something where issuance of the permit requires any real consideration.
Petty homeowner renovation stuff is basically a weird tax in disguise. They don't care, they were never gonna tell you no. They just want your money and want you to make work for whatever trade is being made work for in the process.
Go for a variance and then see how you feel about it. Better yet, go try and create any sort of occupied structure or commercial use where one doesn't already exist.
Local permitting is riddled with bike shedding, people trying to avoid responsibility, people trying to advance their pet interests at other people's cost and probably more stuff I'm forgetting. At least with state level stuff you can be all "I've paid my engineer big bucks, here's there work output, here's why it's GTG, and if it is in fact GTG they typically rubber stamp it. But little guys can't afford to play in that arena unfortunately.
The HN bias towards state regulation of, well, everything comes from the epistemic invincibility felt by people who have never seriously failed.
Understanding that we should let markets, prices, and individual choices guide policy comes out of personal experience of having been 100% certain of something and having been wrong. Once that happens to you a few dozen times, you start to appreciate that your feeling of being certain does not necessarily correspond to your having discovered a predictive theory of reality.
You must understand that much of HN is literally too young to have had a chance to interact in any way with building regulations. It's not literally every user of course, but it's obvious that HN is biased towards the brashness of youth.
2 replies →
> !00% agree. 'we need less regulation' is never the right answer, 'we need the right regulations' is.
Well, much of the time the right regulation is 'let existing general laws (eg around safety and fraud) and contract law and private agreements handle it'.
But it's pretty fair to sum that Right Regulation up as 'less regulation'.
To give a crazy example: the Right Regulation about the colour of your underwear is to just let you decide what you want to wear, also known as no regulation of the colour of your underwear.
See https://www.econlib.org/library/Enc/AirlineDeregulation.html for less silly example of airline regulation.
Good regulation is how air travel became the safest method of travel in the past few decades without impeding on innovation or affordability. Bad regulation is when that same regulatory body, the FAA, delegates most of the oversight to the very same companies they should be overseeing.
IMO, we're in an age where regulation is the only tool left for a civilized society to leash their multi-billion corporations to actually help benefit society and not only their shareholders. I've been beating around the bush, but Boeing has already rebounded (tremendously) after the tragic incidents in the past few years.
Businesses are great at optimizing in profit and left to their own accord, that’s ultimately what they’ll do. In many cases that means risking safety, externalizing costs to others, creating anticompetitive unions like cartels, and so on.
Regulation exists to guide that optimization process so it’s forced to factor in other things like safety, environment, competitiveness for consumers and so on. The point being that if you can optimize in a way for profit AND for society at large then we have a reasonable balance to justify your existence. If you can’t, well then we probably shouldn’t be doing what you’re tying to do because the costs you would otherwise opaquely externalize on society are too high for your profit motive.
That isn’t to say things can’t go awry. Over regulation can occur where constraints are added that become crippling and the constraints are too risk averse or just poorly constructed that they do more to break the process than actually protect society. But whenever someone cries at over regulation, they need to point out the specific regulation(s) and why they’re nonsensical.
I’ve worked in highly regulated environments and you’re often very aware of what regulations you need to conform to. Part of that process is often asking why it exists because it can be frustrating having a roadblock presented before you with no rationale. Most the time I can think of good reasons something exists and it’s easy to consider and honor that. Meanwhile there are some regulations I scratch my head and can’t find what they justify, so there should be a channel back to lawmakers or regulators where people can inquire and work can be done to see if those regulation are actually effective or not at achieving their goal, or if they’re just constraints that makes things more expensive.
It also allows corps to lock out competitors who cannot afford to wade through regulatory hell.
> On the flip side, the cookie banners are a perfect example of bad regulation. They’re super easy to (allegedly) comply with and the result is just an annoyance for some 300 million people and absolutely no change to company behaviour whatsoever.
Companies were at least forced to separate what were essential cookies from non-essential ones. While enforcement was not strong specially for small companies, basically any company could be sued for non compliance -- and many were. I guess this was bad regulation because it wasn't strict and clear enough. It should have been clear that cookie banners must had 2 buttons: agree and disagree. None of that bullshit of selecting partners. None of that "disagreeing takes longer to save your preferences" or refreshes the whole page, or sends you to the home page. And if you didn't want to comply, you're free to block European traffic.
Both can be true: over-regulation and bad regulation. And the West (especially the EU) is arguably suffering from both to various degrees.
At some point a regulation is no longer worth the weight in the overhead it imposes. Even if all regulation was effective, at some point the collective burden would be too high.
Sadly, this also means that some bad behaviour is inescapable at the margins. There are always a few people looking for an angle to make a quick buck in a certain way, yet not enough for a regulation to be supported.
It reminds of the "The optimal amount of Fraud is non-zero" that once ended up on HN frontpage : https://news.ycombinator.com/item?id=32701913
I wonder, is there a legal principle to call-out someone who is trying to exploit the word of the law against the spirit of the law ?
A great tragedy of the past 50 years is how successful the `regulation==bad` propaganda has been at convincing engineer-entrepreneurs to shut off their brains when it comes to the government.
So many of these SV entrepreneurs are great at designing systems and processes, and great at finding creative solutions to complex problems.
If we all thought of `designing great regulation` as something to aspire to, then we'd see a bunch of interesting HN discussions around the details of new policy, predictions around their effects, etc.
Instead you get these extremely shallow articles that read like a sullen teenager complaining about how they didn't get what they wanted and a comment section discussing whether or not `regulations==bad`.
> The UK then decided it was going to leave the EU, and pretty much overnight the major mobile providers reintroduced the roaming charges.
Even better, a lot of the MVNOs added nothing or far less in roaming charges. I think its purely because they have more price sensitive customers. In general people seem very reluctant to switch providers despite number portability, the right to unlock phones after a certain time, etc.
Roaming charges are far from the only example. The big operators are sometimes several times as expensive for the same package (the Vodafone equivalent to my 1p mobile packages is approx three times the price, even ignoring roaming costs) so clearly just do not need to compete on price.
One problem with getting good regulation is the influence of the currently dominant players. They are adept at lobbying to twist regulation to strengthen their position and maintain the status quo. We see a lot of this in IT, of course, but it happens elsewhere too.
The EU removing roaming is better than the situation in the UK. Although some operators (O2 I know of) give a fixed roaming allowance in the EU that is OK. Not as good as getting your full contract/PAYG allowance though.
eSIMs have made the virtual mobile operators attractive for short term data usage. Switzerland not being in the EU has very high roaming charges, but you can buy data on an eSIM for not terrible prices. Much better than standard network roaming data charges for sure.
eSIMs help with outgoing calls and data, but people need incoming calls and SMSs too so still get gouged on price.
EU roaming is only a partial solution, as your example of Switzerland. The moment you set foot outside the EU you get gouged.
Interestingly a number of British operators do provide cheap or free roaming to Switzerland. Vodafone has free roaming to a few European countries, mostly non-EU. So the situation in the UK might be better depending on where you are going, which operator you use, whether you are making phone calls or using data.....
This is interesting because I would have guessed that most people would have had broadly similar changes in price to the MVNO I use but just proportion to already higher prices. IN fact, the entire structure is different, and which countries are free/cheap/expensive is entirely different too.
The underlying problem is that these are heavily bundled goods with complex price structures so the operators always find a way to make an excessive profit - very likely an abnormal profit although I have not looked at the numbers I would need to confirm that.
If only they removed roaming. Roaming charges are an absurdity since the internet exists and that is how mobile operators run their backend. They should be outlawed fully.
1 reply →
The fixed allowance is the same within the EU. It's not "no roaming charges", but it is that you must not be charged for occasional fair-use roaming (which is quite a lot of roaming). They can still ban you from roaming if you are living in a different country from your contract provider - you're not allowed to buy a contract in Slovakia and then move to Denmark.
1 reply →
About the cookie banners, I'm honestly not sure it's a regulation issue. For >90% of the websites the "reject all" option have no impact on user experience, so either everybody is breaching or the banner is useless in the first place.
Do you get prompted for the choice the next time you visit the website? Are they websites you need to log in to? Those are really the only user experience things that would be obvious in most instances — everything else is just pure data mining for usage analytics (::knowing wink::) and overt tracking. Some sites absolutely do not respect any of the choices, but that’s not the normal behavior.
Cookie banners usually refer to pre GDPR, where there is no reject, just info that site uses cookies. Useless info.
I am sympathetic to your claim but after reading the article it does seem to be a case of overregulation, or lack of flexibility at least. Could you use the examples of the article in order to illustrate how this is bad regulatation rather than overregulation ?
To go in the direction of your claim, hasn't the FDA model often been criticized for how easy it is to comply with for medical devices/complements ?
> In theory this means I can just open a gate to a farm, and walk across their fields
You absolutely can, though, as long as you leave everything exactly the way you found it and don't actually walk right through my garden.
You can in fact actually walk right through my garden if you ask first and get permission, but that holds true anywhere.
I could have written 4x the amount on Right to Roam, but I didn't. My point is that it changes how landowners treat their land and access by default. They could provide gates and come after people for not respecting their land, but instead they (usually) provide alternative access which actually delivers the spirit of the law - a right to roam.
I'm Irish, living in Scotland, and it's just unbelieveable the difference it makes. Here [0] is a perfect example of a situation that this solves. Murder Hole beach (in the same ish area) has similar issues, the farmer who owned the field that you accessed it kept a bull in that field.
[0] https://www.donegaldaily.com/2017/06/22/fury-as-access-shut-...
> On the flip side, the cookie banners are a perfect example of bad regulation. They’re super easy to (allegedly) comply with and the result is just an annoyance for some 300 million people and absolutely no change to company behaviour whatsoever.
While I agree that cookie banners are bad, they are not the result of bad regulation. They work perfectly for what they are. They signal that the web page is tracking you and has tracking cookies. Essential cookies are allowed and do not trigger a cookie banner requirement.
On the other hand, my browser's GPC is enabled. It sends the new "do not track" signal. As a result, when I open "show preferences" on a cookie banner, all of them come disabled by default in most cases.
Even this is a win.
The problem with this is that DNT header is used by such a tiny minority of people that it’s basically a walking unique identifier for all of the side channels. Arguably it’s as identifying as the cookie you’re asking them not to store in the first place.
This is such a tired HN cliche response and it comes up as a negative whenever people mention things that actually improve users privacy, even ad blockers.
It honestly boils down to this:
If some website is breaking GDPR regulations, sure, you might get somehow fingerprinted. (EDIT: Because, surprise, fingerprinting also requires consent under GDPR!)
But for websites actually following the law, DNT is effective at best, ignored at worst. Because fingerprinting is also PII.
Sure: saying "people might fingerprint you" is technically correct. But virtually everything else in your browser, from the size in pixels of your browser tab to your IP address can be used for fingerprinting by malicious actors.
So yeah, if you have to use TOR (which actually has actual anti-fingerprinting measures), go ahead and remove the DNT bit. If you don't need TOR, get an ad-blocker ASAP so it at least protects you from AdWare and Tracking stuff that might fingerprint you.
2 replies →
I believe Firefox ships it enabled. So, it's already evident from my browser of choice.
Like security, it's a matter of tradeoff and reducing the surface area.
> On the other hand, my browser's GPC is enabled. It sends the new "do not track" signal. As a result, when I open "show preferences" on a cookie banner, all of them come disabled by default in most cases.
They come as disabled because that is required by GDPR. All settings that are not strictly necessary, consent must be opt-in. Not because you enabled DNT. That's just a flag companies don't care about because they are not legally required to care.
And thise settings originally were all toggled on because ads industry doesn't care
Nope. I don't live in a country covered by GDPR. They used to come enabled before. OneTrust's banners also show a little green text reading "Your signal to opt-out has been honored".
Frankly, the cookie banners are an example of bad enforcement. Most of the annoying ones are actually non-compliant with the regulation. I'd say that regulation is mostly fine as well.
I disagree - I think they’re a bad law. Ideally it wouldn’t need to be enforced at all, because companies would comply with it. The last website I worked on we had 0 telemetry in cookies but we used a cookie for non telemetry uses. When we were putting together a privacy policy, one of legal’s questions was “are there any cookies”, to which we said yes. We explained, but as far as they were concerned cookies means cookie bar.
> I'd say that regulation is mostly fine as well. Personally I’ve never looked at a cookie bar and said “wow I’m glad I now know how many people they’re selling my data too” and then changed my behaviour. And the companies have just slapped non compliant (and unenforced/able) banners to justify what they were already doing. That’s a bad regulation.
> Ideally it wouldn’t need to be enforced at all, because companies would comply with it
The non-compliance is a result of the lack of enforcement. If it went into effect and a few fines were handed down the next day for non-compliant consent flows, you can bet everyone else would quickly go into compliance.
But that effectively never happened, and the probability of getting fined for a non-compliant consent flow appears to be less than winning the lottery, so of course everyone just ignores the regulation.
1 reply →
Yep, bad law, I'd also say bad intent.
Apple is ahead of the curve[1]. You get a system-level popup asking you for consent to be tracked. Actual, not implied consent - only "yes" means "yes".
So you say "no" and it means "no". Apps are blocked from all basic forms of tracking (like device ID), and the App Store rules state that apps that try to circumvent that will be kicked out. Apple doesn't fuck around - they've kicked Meta and Epic without blinking an eye.
EU's response? Kick Apple, because EU companies can no longer do targeted advertising on Apple's platform. Our regulators are full of shit.
[1]: Well Apple still tracks you in their first-party apps, but that's a different story.
3 replies →
Isn't that bad lawyers rather than bad rules?
3 replies →
In your case you wouldn't have needed a popup/bar.
In all other cases, a "Decline All" option should be a the most prominent option (or defaulted to would be fine). The current implementations are either non-compliant (if hiding the decline option behind more clicks than the "Accept All" option), or malicious compliance in making their own products worse to shift blame to regulations, because the unregulated previous status quo was extremely user exploitative on tracking data. Of course (exploitative) companies would like to continue selling data on top of whatever their main business supposedly is.
No company needs a cookie bar, unless they have no other business than selling user data.
A good point. Regulation is worth nothing if not enforced. There are new right to repair laws but nothing has been enforced.
> It’s not over regulation, it’s bad regulation.
A distinction without almost any practical difference. If this isn’t overregulation, how would you define it? What law would you ever look at and say, “that’s overregulation”?
So what distinguishes the good regulation from the bad? Good regulations either
1) solve collective action problems (i.e. situations in which we're all better off if we all do X but it's in nobody's immediate personal interest to do X), or
2) short circuit short term corporate hill-climbing and let us "jump" from one local economic maximum to a higher one elsewhere in configuration space without having to traverse the valley between (which corporations won't do on their own).
I think even the most hardcore objectivist types would appreciate that these classes of problem exist. Even if you delegate their solutions to some ostensibly private actor (e.g. let insurance companies make the building codes) you end up with an inescapable system of rules that's de facto state control anyway. Doesn't help.
The problem with the cookie law is that it doesn't solve a real problem. Look, I'm probably going to get downvoted to hell for saying this, but the people who make "tracking" a cause celebre are a tiny, noisy minority and most real world people don't actually care. They're more annoyed by cookie dialogs than the cookies.
Policymakers overestimated the size of the privacy advocate constituency and so enacted regulations that solve a problem that exists only in the minds of diehard privacy advocates. Now, policymakers are reversing this policy. They're doing is slowly and tentatively (because they're still spooked by how loud the cookie banner people are), but they're doing it. Credit where it's due for finding their gonads.
The cookie affair isn't unique though. It's just one example of a regulation that went wrong because it came out of non-market decision making. Money is an honest, clean signal.
You know what a market is? It's a policy diffusion engine that uses profit as its loss signal. Works remarkably well almost all the time!
In those few situations in which we depart from the market as a decision making mechanism, we have to be careful not to allow ourselves to be corrupted by the usual suite of bugs in human reasoning: availability bias, recency bias, social desirability bias, and so on. The market, because money is an honest signal, resists these corruptions. Regulatory bodies? Much more vulnerable.
The cookie law is a central example of a time when a non-market regulatory apparatus was corrupted by a cognitive bias: social desirability bias in particular.
Of course we need some regulations. But when we make them, we need to be aware that we're likely getting them wrong in some way. All regulations should have
- automatic sunsets,
- public comment periods,
- judicial and legislative review mechanisms,
- variance and exception mechanisms, and
- the lightest possible touch.
Just as in software, each additional line of (legal) code is a liability, not a feature. Keep it simple.
[dead]
I think bad regulation and over-regulation are different words for the same thing, but calling it over-regulation pushes a certain agenda that all regulations are bad, which people who profit from deregulation would like you to think.
> but calling it over-regulation pushes a certain agenda that all regulations are bad
Over-regulation implies that there is an optimal level of regulation that is non-zero. It just happens in practice that people don't complain when the level is pretty good and it is unusual for something to be under-regulated because the regulators are eager beavers for regulating things. The default state when there is a regulatory problem is usually over-regulation.
Like when the thread ancestor tried to find an example of a situation moving to under-regulated the first thing that leapt to mind was roaming charges which it must be admitted is a pretty minor problem. But the first thing that leaps to mind for over-regulation is things like the article where the cost of something expensive doubled and a potentially good idea struggles to be born into the world.