Hacker News new | past | comments | ask | show | jobs | submit login

You're giving the argument too much credit. It's more akin to a large restaurant arguing that small restaurants could be put out of business by health inspections, so maybe we should hold off on the idea. Rather, keeping a clean kitchen is something they all should be doing anyway from the get go.

Any pain for Amazon in Amazon's process is entirely Amazon's fault. If systems are built with the requirement of letting users export their data, then the additional effort to do so is trivial. This argument about the GDPR essentially boils down to technical debt from companies that played fast and loose with personal information, and we shouldn't entertain it.




> If systems are built with the requirement of letting users export their data, then the additional effort to do so is trivial.

It’s unreasonable, IMO, to think that companies should have had the foresight to see legislation that would happen two decades after the company had already existed and as a result build a system for retrieving user data that has no profit generating potential.

GDPR is good because prior to it there really wasn’t any economic incentive to provide this information.


You're implying that arbitrary "legislation" just arose out of the blue. Rather, it's based on a long held idea that companies are merely trustees for customers' data. So their position is more akin to having built a shed straddling a property line a decade ago, and now complaining that they couldn't have known that their neighbor might eventually want it moved.


I never said GDPR is arbitrary legislation. In fact, I called it a good thing in my initial post.

My point is that without legislation companies generally are not going to do things that don’t make them profit directly or indirectly. Aggregating user data for users to see is not something that really generates revenue and so companies prior to GDPR didn’t really do this en masse.


Your argument rests on the idea that the GDPR was an unforeseeable (arbitrary) requirement, rather than a straightforward implementation of a predictably-relevant Schelling point. While businesses won't go out of their way to do things that don't generate revenue, it's not unreasonable to think they will do some basic forward-looking due diligence. When storing personal information on a whole bunch of people is a core part of your business, it's reasonable to expect that eventually those people will want some control over the records kept on them.


1. Privacy legislation existed in European countries for years (and often for decades)

2. GDPR was in the works for several years, and when it went in effect, companies were given 2 years to become compliant

3. GDPR went into effect 5 years ago, and has been enforced for 3 years

So please stop with the "poor companies could not foresee this, and didn't have the time to implement this"


Europeans have valued privacy and data protection for quite a while now culturally. The ePrivacy Directive is from 2002 (derisively referred to as the "cookie law"). And GDPR had a multi-year grace period. It's simply a result of companies ignoring building these kind of functionality for far too long.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: