I've held the same position since the CA scandal first broke and I still stand by it: that regulation is not that likely.
The reason I believe that is pretty simple- the government typically doesn't get things done and its been that way for a long time. That's due to a number of reasons. In Facebook and Google's cases its the powerful lobbying ability and best attorneys combined with elected officials' extreme risk-aversion to actually doing things combined with a pretty poor understanding of the situation by law makers. It's far safer to make grandiose statements and finger-wag than to gain support for, and ultimately pass legislation.
People hoping for regulation should be careful what they wish for, as I'd bet that if something does pass, it is precisely these companies that will help author it which likely won't be great for competition.
GDPR seemed like a pretty good law to me, and I am not exactly a huge fan of the EU.
Same deal for the California Consumer Privacy Act.
These are laws which people hoped for, and got done.
Ultimately, it increasingly seems like advertising-surveillance as a business model may not be one we want to live with. The costs are externalized very effectively, and it’s kind of hard to know what to do with them.
I'm also not a fan of the EU, and I'm very much not a fan of the GDPR. It's a poorly thought-out law, written along the lines of Continental civil law jurisprudence, which I personally believe is inherently inferior to common law lawmaking and is implicitly anti-innovation and anti-market.
The right not to be subject to automated decision-making is a typically short-sighted example.
IIRC GDPR is considered regressive, in the same sense that a flat corporate tax is regressive: it imposes a higher burden on small bootstrapped companies than it does on larger companies (in this case, because of the legal fees required to get audited for compliance, and the extra engineering work that's not going toward product.) Very small companies can get priced out of the market entirely, and so never live to become large companies. Insofar as those companies were potential innovators, GDPR can be said to be stifling that innovation.
> As long as the rules are the same for all competition in a market will still happen.
Sure, but in continental law the rules aren't the same for everyone. The laws are defined such that technical breaches are almost impossible to avoid. They empower a regulator with capricious and arbitrary power to sanction organisations - or not - with no requirement for consistency or recourse.
The answer to any technical question along the lines of "Is X illegal under the GDPR?" is "Nobody knows - we'll find out once the regulator fines someone."
The reason I believe that is pretty simple- the government typically doesn't get things done and its been that way for a long time. That's due to a number of reasons. In Facebook and Google's cases its the powerful lobbying ability and best attorneys combined with elected officials' extreme risk-aversion to actually doing things combined with a pretty poor understanding of the situation by law makers. It's far safer to make grandiose statements and finger-wag than to gain support for, and ultimately pass legislation.
People hoping for regulation should be careful what they wish for, as I'd bet that if something does pass, it is precisely these companies that will help author it which likely won't be great for competition.