> First of all, I wasn't attacking you, but your statement, that to me sounded like "who cares about the law, I am a programmer". If that wasn't what you meant, then I am sorry to have misunderstood you.
You did misunderstand me. I take partial responsibility but really, give us the programmers at large a bit credit. A good amount of us have a lot of culture in other areas and aren't that immature. (Sadly however, a lot are so I can understand your negative assumption.)
> Fact is, at we have a giant tragedy of the commons due to loose and fast play with peoples personal data. This is similar to what happens in third world countries where people play fast with working safety or environmental laws..
100% agreed with this and your next several paragraphs. I never thought that was okay. Never. But I had a rather cynical view on it: no laws about it? Sure, let's abuse as much as we can! That's how corporations are and that's how they will always be -- it takes a certain mindset to grow into a corporation and I am afraid that being rather scummy is practically a job description for the people who make the corporations come into being, and grow. I also always thought that when the inevitable regulation comes, that's NOT gonna change like anything.
Imagine if FB made you click "I Accept" on a dialog box that deliberately obscures the fact that they want to gather and use your data. What can you do? Report them? By the time a judge calls to them, they might have a switch to make the popup look 100% legit but who cares -- by that time FB or any other corp. might have the "informed constent" of millions of people, again.
It's a huge game of cat and mouse and IMO the regulation we see now is just the first step. I anticipate tens of other steps so things aren't gonna get better anytime soon.
So there you have it. An opinion from an Eastern European dev. ;)
> And the tone in this thread is hysterical from the "ooh the GDPR is devil incanated" group.
IMO only if you feel you are on a mission to calm down histerics. Our perceptions are warped by our preconceptions, we all know it. Example: in my eyes yes, there are alarmists, but much more people who are outraged by the inevitable fact that all of us have to become a little bit of lawyers in order to not get chased by the EU (and not only in terms of the GDPR, of course; there are many other venues through which we can be attacked). I understand the idea of GDPR and I support it fully but that doesn't stop me from disliking legalese.
I don't want to ever abuse people's privacy but I also like to remain a programmer, not become a half-hawyer. Okay? That was my message all along.
> I also acknowledge that the US have vastly different ethical standards and that everyone is free to be exploited as much as they want..
As an European, yes, that has been my observation for a LONG time. USA tech sector has a huge ethics problem and the VC-enabled tech bro culture in SV is only making things worse with time. Somebody should definitely do something because the world is taking notice. VCs operate on reputation as well and sooner or later more and more of them are gonna start refusing to fund startups.
> Do you really think that a thought about what data you really need (and why), the need to actively safeguard the data (especially the sensitive) and a need to formalize those thoughts on paper is a unbearable burden?
OF COURSE NOT. But again, that's my point. It's an expense you absolutely have to spend when you make profit. But I didn't; like the OP, I had hobby websites. It's a simple cost calculation. I don't want to become GDPR expert for things that don't make me money. Thus I shut down my personal projects. If and when I become a guy running a service for profit, I will go the extra mile and shoulder the burden of protecting personally identifiable information.
> All the american scare-mongering about the fines are people that don't understand European law practice.
Not sure it's only that. You can call me a scaremonger in this instance as well. It's just that I am no expert lawyer -- and for me this fact leads to the conclusion that I can be brought down if an expert lawyer wants to get their hands dirty with me. Nothing more, nothing less. Our so-called "justice system" favors the side with the better-paid / more-experienced lawyer and that's pretty much historically proven, especially in Eastern Europe. Maybe it's less visible in most of EU and USA but from what I've read through the years it seems to happen quite a bit there as well.
Maybe the people disagreeing with me believe in the system much more than I do. Perhaps my cynicism is seen as non-constructive. But it's well-founded in the reality I live in.
You did misunderstand me. I take partial responsibility but really, give us the programmers at large a bit credit. A good amount of us have a lot of culture in other areas and aren't that immature. (Sadly however, a lot are so I can understand your negative assumption.)
> Fact is, at we have a giant tragedy of the commons due to loose and fast play with peoples personal data. This is similar to what happens in third world countries where people play fast with working safety or environmental laws..
100% agreed with this and your next several paragraphs. I never thought that was okay. Never. But I had a rather cynical view on it: no laws about it? Sure, let's abuse as much as we can! That's how corporations are and that's how they will always be -- it takes a certain mindset to grow into a corporation and I am afraid that being rather scummy is practically a job description for the people who make the corporations come into being, and grow. I also always thought that when the inevitable regulation comes, that's NOT gonna change like anything.
Imagine if FB made you click "I Accept" on a dialog box that deliberately obscures the fact that they want to gather and use your data. What can you do? Report them? By the time a judge calls to them, they might have a switch to make the popup look 100% legit but who cares -- by that time FB or any other corp. might have the "informed constent" of millions of people, again.
It's a huge game of cat and mouse and IMO the regulation we see now is just the first step. I anticipate tens of other steps so things aren't gonna get better anytime soon.
So there you have it. An opinion from an Eastern European dev. ;)
> And the tone in this thread is hysterical from the "ooh the GDPR is devil incanated" group.
IMO only if you feel you are on a mission to calm down histerics. Our perceptions are warped by our preconceptions, we all know it. Example: in my eyes yes, there are alarmists, but much more people who are outraged by the inevitable fact that all of us have to become a little bit of lawyers in order to not get chased by the EU (and not only in terms of the GDPR, of course; there are many other venues through which we can be attacked). I understand the idea of GDPR and I support it fully but that doesn't stop me from disliking legalese.
I don't want to ever abuse people's privacy but I also like to remain a programmer, not become a half-hawyer. Okay? That was my message all along.
> I also acknowledge that the US have vastly different ethical standards and that everyone is free to be exploited as much as they want..
As an European, yes, that has been my observation for a LONG time. USA tech sector has a huge ethics problem and the VC-enabled tech bro culture in SV is only making things worse with time. Somebody should definitely do something because the world is taking notice. VCs operate on reputation as well and sooner or later more and more of them are gonna start refusing to fund startups.
> Do you really think that a thought about what data you really need (and why), the need to actively safeguard the data (especially the sensitive) and a need to formalize those thoughts on paper is a unbearable burden?
OF COURSE NOT. But again, that's my point. It's an expense you absolutely have to spend when you make profit. But I didn't; like the OP, I had hobby websites. It's a simple cost calculation. I don't want to become GDPR expert for things that don't make me money. Thus I shut down my personal projects. If and when I become a guy running a service for profit, I will go the extra mile and shoulder the burden of protecting personally identifiable information.
> All the american scare-mongering about the fines are people that don't understand European law practice.
Not sure it's only that. You can call me a scaremonger in this instance as well. It's just that I am no expert lawyer -- and for me this fact leads to the conclusion that I can be brought down if an expert lawyer wants to get their hands dirty with me. Nothing more, nothing less. Our so-called "justice system" favors the side with the better-paid / more-experienced lawyer and that's pretty much historically proven, especially in Eastern Europe. Maybe it's less visible in most of EU and USA but from what I've read through the years it seems to happen quite a bit there as well.
Maybe the people disagreeing with me believe in the system much more than I do. Perhaps my cynicism is seen as non-constructive. But it's well-founded in the reality I live in.