That is certainly a political decision that can be made, I agree and would actually be happy about that.
If that happens, I am sure Amazon will invest the time and money to comply with that. At the same time it will put many smaller business out of business though, as they do not have the resources to do that. Even the current state of having to fulfill data requests is quite a problem for mayn of them.
Those smaller businesses will just use a standard webshop package that will incorporate this feature because most of their customers will want it.. The same way these companies use stuff like Magento or PrestaShop instead of rolling their own.
Exactly. But that will something additional they will have to buy (and install, and maintain) if GDPR would include to "make it instant and pretty for you to look at all the data.". Because that is what the parent discussion was about.
Small business have fewer customers. I imagine their workload will scale down to manageable levels. If not there will be market demand to create automation for whatever out of the box system they're using to maintain data.
I am getting quite tired of the "small businesses" argument about the GDPR. It's starting to become the "think of the children" equivalent but for data protection.
Would you also be against food safety or physical product regulations (ban of leaded solder or other toxic chemicals)? After all, those can and do affect small restaurants and other businesses as well.
In general, no! But if someone proposed that all restaurants should perform chemical analyses on random samples of their food to check for spoilage and cross-contamination, I would have very similar questions about where the taco shack down the street is supposed to find an affordable chemical lab. Making it "instant and pretty for you to look at all the data" is a large, expensive endeavor and I don't see why it's necessary to achieve the regulatory goals here.
> But if someone proposed that all restaurants should perform chemical analyses on random samples of their food
To be fair, people propose things all the time. It only becomes law when enough people agree that it is needed. That process isn't always perfect but in general it works.
The reason we don't have a "General Food Safety Regulation" is that the current situation is good enough, either because the existing regulations are sufficient or that the industry can self-regulate (as it's usually bad for business to poison your customers). As a result, in most Western countries, you can be confident that any business that sells food will not poison you.
If we suddenly had a food poisoning epidemic because all vendors were unscrupulous and selling spoiled food, I would totally be in favour of stronger regulations even if it means small taco shacks can't compete. Having to go to a farther/more expensive place that can afford such checks is a price I (and I suspect most other people) am willing to pay if it means not getting food poisoning.
The GDPR came to be because it was determined that the existing data protection regulations were inadequate and the industry demonstrated that can't be trusted to self-regulate.
I don't think comparing food safetey or toxic chemicals that hurt your health to the design, usability and accessibility of a data export is very valid. The parent argument was not about not having to export data at all. It was about how well designed it was.
The "small businesses" argument is brought up in every discussion of the GDPR including much worse transgressions than merely bad UX in the data export process. I was not exclusively referring to this particular instance.
Good - the aim is for them to not store personal data in the first place, much less build business models that rely upon it. Rather than allowing the population to take on the negative externality of surveillance capitalism, it is absolutely right that the burden must fall on those creating the problem.
I don't see this as any different to the complain that small restaurants cannot afford to pay their workers - if they can't afford to comply, they can't afford to be in business at all. It's simply a margin problem.
You're giving the argument too much credit. It's more akin to a large restaurant arguing that small restaurants could be put out of business by health inspections, so maybe we should hold off on the idea. Rather, keeping a clean kitchen is something they all should be doing anyway from the get go.
Any pain for Amazon in Amazon's process is entirely Amazon's fault. If systems are built with the requirement of letting users export their data, then the additional effort to do so is trivial. This argument about the GDPR essentially boils down to technical debt from companies that played fast and loose with personal information, and we shouldn't entertain it.
> If systems are built with the requirement of letting users export their data, then the additional effort to do so is trivial.
It’s unreasonable, IMO, to think that companies should have had the foresight to see legislation that would happen two decades after the company had already existed and as a result build a system for retrieving user data that has no profit generating potential.
GDPR is good because prior to it there really wasn’t any economic incentive to provide this information.
You're implying that arbitrary "legislation" just arose out of the blue. Rather, it's based on a long held idea that companies are merely trustees for customers' data. So their position is more akin to having built a shed straddling a property line a decade ago, and now complaining that they couldn't have known that their neighbor might eventually want it moved.
I never said GDPR is arbitrary legislation. In fact, I called it a good thing in my initial post.
My point is that without legislation companies generally are not going to do things that don’t make them profit directly or indirectly. Aggregating user data for users to see is not something that really generates revenue and so companies prior to GDPR didn’t really do this en masse.
Your argument rests on the idea that the GDPR was an unforeseeable (arbitrary) requirement, rather than a straightforward implementation of a predictably-relevant Schelling point. While businesses won't go out of their way to do things that don't generate revenue, it's not unreasonable to think they will do some basic forward-looking due diligence. When storing personal information on a whole bunch of people is a core part of your business, it's reasonable to expect that eventually those people will want some control over the records kept on them.
Europeans have valued privacy and data protection for quite a while now culturally. The ePrivacy Directive is from 2002 (derisively referred to as the "cookie law"). And GDPR had a multi-year grace period. It's simply a result of companies ignoring building these kind of functionality for far too long.
The parent argument was about "to make it instant and pretty for you to look at all the data." - not GDPR in general, which I fully agree with and like very much. It is a very different thing if you give users the power to get their data, or want to force companies to present that data in a way laypersons can understand and "like".
If that happens, I am sure Amazon will invest the time and money to comply with that. At the same time it will put many smaller business out of business though, as they do not have the resources to do that. Even the current state of having to fulfill data requests is quite a problem for mayn of them.