> Company says: “Due to the GDPR, we are no longer able to offer our service to customers in the European Union.”
> I hear: “You are not a customer. You never were. You are PRODUCT. Now that your privacy is protected by law, you are no longer worth anything to us. Go away.”
(src https://twitter.com/dylanbeattie/status/991593213981962241)
@fidesius I'm just quoting here
@Technowix to some extent true, but it does seem like the law requests the same protections and applies the same penalties to both gigantic corporations and small businesses.
and while the former can try and hire lawyers to figure out how to avoid violating the law, the latter can't.
@Technowix And what about small businesses of two or three people that collect nothing more than email addresses to notify people of updates? They're required to have all the same protections and procedures and staff in place as Facebook, which is frankly absurd, and it doesn't matter if their income is nonexistant, they're still subject to 20 MILLION euro fines.
@keiyakins It's like security, if you compromise user data EU can inflige you very big fine too, on the paper.
@Technowix So you think that it's fine to pose an existential threat to small businesses? Hiring a DPO could easily be enough to destroy them, and those fines could be enough to put the proprietors on the streets. But at least no one will get your email address, I guess, yay /s
@Technowix THAT is why just cutting off EU residents is a reasonable response.
@Technowix There's no sense of proportion. It's just regulatory capture. Facebook et al can afford it, the rest of us can't.
@Technowix @keiyakins Good luck collecting on that money if the company is not based in the EU
@Technowix this is a god damn quality post
@equal I'm only quoting
@Technowix yup, unroll.me told me that
@Technowix Hmmmmmmmmmm. This seems a bit oversimplified. :/
@z428 I'm only quoting.
But I do believe it might be simple as this for some companies...
@Technowix Just noticed, sorry. No offense. :) Well yes, I guess it definitely is, to some. But, having been down that route ourselves, getting GDPR compliant definitely ain't a no-brainer. It's quite an effort and even then there is a considerable legal risk left. In a small company not depending upon the European market, maybe I'd also go down that route for a few years waiting for more legal insights and best practises we will be about to see after May, 25.
@z428 well, I see it like online security.
It took quite a time to companies to comply to security regulations, and now it seem normal (even if a lot isn't really doing it seriously).
EU / most EU countries can fine you if you don't take security seriously afaik...
When people will get the habit to ba able to provide their "customers" with batch of the data about them, the ability of remove their stuff from their databases, etc... it will be "normal" and easier.
@Technowix Yes, this part is perfectly valid and totally makes sense. I mostly see difficulties when it comes to smaller entities (for-profit as well as noncommercial / personal weblogs in example). There seems to be a load of dispute even between lawyers on when and how you have to comply with GDPR - and how this will be enforced. I'm pretty sure a load things will become easier once people have a clearer idea how this will work and be handled.
@Technowix Take a look just at the fediverse, I mean: What does GDPR mean to you running a mastodon or gnusocial instance? They process user data so,according to some views, they seem fully bound to be GDPR compliant. True? What does it mean for actual instances and the fediverse as a whole (deleting user-related data across various instances)? We'll see.
@z428 Yeah, I see black spots about federating software.
After all, we are speaking of a law from EU, the 1st target isn't only citizens :3
@Technowix That is essentially it.
@sn0w @Technowix hopefully they'll all use this!
@Technowix You pretty much hit the nail right on the head there.