>I'm not sure you know what enslave means. People wouldn't be allowed to leave.
Ok, apologies for thinking we were discussing a more mundane/realistic scenario then. However that kind of slavery that you're talking about is very niche and not something that could be universally applied by any entrepreneur like you seemed to be suggesting. Furthermore, it'd be illegal pretty much everywhere, and you'd end up in the same sort of scenario of tax avoidance where it's still in your best selfish interest to comply with the law anyway.
>"the market will respond to people's preferences" doesn't work with such one sided information. Sure people are leaving Facebook, but to go where?
Going nowhere is also a feasible option by the way. People lived just fine without having any kind of facebook/snapchat/instagram/etc not that long ago, so there's no reason why they couldn't just go back to that if the alternatives are distasteful enough. I know that's certainly the path I've taken. It may be a minority stance still, but give it time, the markets don't just respond to abstract things like this over night. I'd wager that we won't be able to adequately gauge the real effects of these sorts of privacy breaches until at least a couple decades from now, because the whole questionable online advertising industry isn't just going to run out of money and disappear that quickly.
>And now not following the GPDR will get you serious fines followed by jail time if you continually flaunt the regulators.
Did you skip over the example in my comment of that not being the case? If you don't do business in the EU (e.g. by range-banning them), and aren't holding on to EU user data, then you're not facing any consequences, plain and simple. Doing that doesn't mean you're complying with all that the GDPR is requesting either, so you can't just hand-wave it away as if that were the case.
>Even if you don't sell the data, you are creating a pool of user data that is valuable to steal
Once again, not following all the little rules that the GDPR entails, and/or not doing business in the EU, does not logically imply that a company is even collecting sensitive data in the first place. A small static site could potentially still be non-compliant if all it does is collect ip addresses in its server logs, or uses a 3rd party analytics service of any kind (without keeping any of the actual data itself).
I'm not arguing that amassing pools of personal data are in any way a good idea for anybody, but that's a separate issue than the one of "is it worth it to comply with the GDPR?", which is how most entrepreneurs outside the EU will inevitably approach the problem, even if they weren't planning to collect data. For example, startups will now have to consider if they'll ever collect any kind of data at all, at any point in the future, before they even decide to start, just so that they know whether or not it's in their interest to try serving the EU market at all, even if they have no plans to collect data yet. You could argue that the GDPR will disincentivize such activity and make entrepreneurs think twice about it, but most likely, the path of least resistance for them will just be to range-ban the EU.
>but using that as an argument for not trying something like the GPDR is disenguous.
No one is saying the EU shouldn't have tried passing the GDPR. What's actually happening, is a discussion between businesses/entrepreneurs outside the EU about whether it's worth it to comply with the GDPR or not. I have yet to see anyone legitimately advocate for it to get repealed or anything like that. We're all just looking out for what the best strategy to take is now that it's in place, and it seems like people in the EU are getting upset that not serving EU users is even being taken into consideration as a serious option, when it's a perfectly rational course of action for any outside business to consider.
>Everyomes entitled to their opinion, but I am firmly in the camp of actually forcing companies into stopping this practice
Right, and I'm in the camp that it's your right to try and do so, but also I'm pessimistic about using force to achieve this as opposed to starving the market via ubiquitous ad blockers and things like ad-nauseum. Only time will tell if the approach was successful or not.
Ok, apologies for thinking we were discussing a more mundane/realistic scenario then. However that kind of slavery that you're talking about is very niche and not something that could be universally applied by any entrepreneur like you seemed to be suggesting. Furthermore, it'd be illegal pretty much everywhere, and you'd end up in the same sort of scenario of tax avoidance where it's still in your best selfish interest to comply with the law anyway.
>"the market will respond to people's preferences" doesn't work with such one sided information. Sure people are leaving Facebook, but to go where?
Going nowhere is also a feasible option by the way. People lived just fine without having any kind of facebook/snapchat/instagram/etc not that long ago, so there's no reason why they couldn't just go back to that if the alternatives are distasteful enough. I know that's certainly the path I've taken. It may be a minority stance still, but give it time, the markets don't just respond to abstract things like this over night. I'd wager that we won't be able to adequately gauge the real effects of these sorts of privacy breaches until at least a couple decades from now, because the whole questionable online advertising industry isn't just going to run out of money and disappear that quickly.
>And now not following the GPDR will get you serious fines followed by jail time if you continually flaunt the regulators.
Did you skip over the example in my comment of that not being the case? If you don't do business in the EU (e.g. by range-banning them), and aren't holding on to EU user data, then you're not facing any consequences, plain and simple. Doing that doesn't mean you're complying with all that the GDPR is requesting either, so you can't just hand-wave it away as if that were the case.
>Even if you don't sell the data, you are creating a pool of user data that is valuable to steal
Once again, not following all the little rules that the GDPR entails, and/or not doing business in the EU, does not logically imply that a company is even collecting sensitive data in the first place. A small static site could potentially still be non-compliant if all it does is collect ip addresses in its server logs, or uses a 3rd party analytics service of any kind (without keeping any of the actual data itself).
I'm not arguing that amassing pools of personal data are in any way a good idea for anybody, but that's a separate issue than the one of "is it worth it to comply with the GDPR?", which is how most entrepreneurs outside the EU will inevitably approach the problem, even if they weren't planning to collect data. For example, startups will now have to consider if they'll ever collect any kind of data at all, at any point in the future, before they even decide to start, just so that they know whether or not it's in their interest to try serving the EU market at all, even if they have no plans to collect data yet. You could argue that the GDPR will disincentivize such activity and make entrepreneurs think twice about it, but most likely, the path of least resistance for them will just be to range-ban the EU.
>but using that as an argument for not trying something like the GPDR is disenguous.
No one is saying the EU shouldn't have tried passing the GDPR. What's actually happening, is a discussion between businesses/entrepreneurs outside the EU about whether it's worth it to comply with the GDPR or not. I have yet to see anyone legitimately advocate for it to get repealed or anything like that. We're all just looking out for what the best strategy to take is now that it's in place, and it seems like people in the EU are getting upset that not serving EU users is even being taken into consideration as a serious option, when it's a perfectly rational course of action for any outside business to consider.
>Everyomes entitled to their opinion, but I am firmly in the camp of actually forcing companies into stopping this practice
Right, and I'm in the camp that it's your right to try and do so, but also I'm pessimistic about using force to achieve this as opposed to starving the market via ubiquitous ad blockers and things like ad-nauseum. Only time will tell if the approach was successful or not.