What if my startup does not require tricky or infelicitous shit with your personal data, but due to strict regulation I now require to hire a full time lawyer just to redact the company terms and keep up with regulations, and since my company does not yet make any revenue and I have no investors that means a lot more risk on my side, which in turns leads me to not start or not go on with that company at all? And what if this decrease in garage startups leads to less competition and more concentration of power for the big companies, which then can happily lobby and influence laws to their own interests with no one to contest them? Is that the deal that we want in exchange for mildly inconveniencing Facebook and Google?
Let's take your argument point-by-point. Let's take the US perspective to start.
a.) You start a business in California and plan to do business that involves EU customers. If you plan on making actaul money you'll hire a lawyer for a reasonably small number of hours to incorporate, ensure you have trademarks covered, get your EULA in order, vet your corporate structure, etc. GDPR is just another thing to add to the hopper--it probably adds an hour or two to the whole process since legal procedures are pretty template driven. Most of the cost will be the lawyer briefing you on what to look out for. (Based on my admittedly quick reading of GDPR summaries.)
b.) There's already a net decreasing trend in startups in the US, but it predates the GDPR by many years. [0] If you are looking for culprits in the legal system you are far more likely to find them in US laws (or lack of them) than anything from Europe.
Taking the EU perspective, well, I've run a small tech business in France and GDPR seems like noise level compared to the other regulations you need to deal with there. (Hiring and firing being the biggest but there are others.)
Is it really so hard to believe that people are all out of trust and goodwill at this point? It’s like having a classroom full of toddlers who all play with matches, and every few weeks they burn the whole school down. Finally the teachers makes rule: no one gets to play with matches. A couple of kids say they’re very responsible and never set fire to anything.
I could say the same thing in reverse about regulations. Every few weeks some regulation ruins the internet even more and finally people are sick of the regulations.
Name one way your life was ever negatively impacted, in a concrete way and not just in your head, by companies using your data to create value in the form of targeted ads and such to keep websites free. I'm waiting.
>Why do the rest of HN users have to educate you about the abuses perpetrated by various companies?
Burden of proof lies on the one making the claim.
>Facebook famously did an emotion manipulation experiment on 500k randomly selected users.
I don't really find that abusive or ethically troubling.
>There's a trial now alleging that Facebook used profile data to discriminate against older programmers in job postings:
Maybe this age discrimination, which was already illegal on its own, wouldn't have been possible to commit if the data didn't exist in the first place. That doesn't mean it's the tool's fault or that the tool should be illegal.
Equifax breach and stolen identities? Cambridge Analytica and the 2016 US Presidential election? Ashley Madison and affairs being revealed?
We can go back and forth about the best way to deal with this, but it's crazy to think that this systemic gobbling up of personal data doesn't have real consequences.
I don't see it as fair to say those are consequences of the companies being allowed to have the data in the first place. They're consequences of poor security. We don't blame spam on email or food poisoning on food, do we? A GDPR-like approach to solving spam would be outlawing all automated or business-related use of email.
I suppose you don't count strangers having my personal data as "concrete"?
But I can't think of any internet regulation that's ever harmed me. Which ones are you talking about?
Edit: I can think of a small number of regulations (much less than one per year) that cause problems, but they still don't meet the personal concrete harm threshold you've proposed.
