Exactly. There's a bit of "pulling up the ladder" here. The guys who got in when the Internet was still the wild west got established without all this overhead.
There will be an enormous burden on new businesses satisfying these laws - previously we've got away with privacy policies but could still code the same. If we need to maintain N servers for N countries customers could be from, that's a massive operational overhead that is bound to do nothing other than stifle innovation.
Now, I'm all for privacy, but if each country starts fragmenting the internet on country boundaries - to the level of physical servers and data storage locations, bringing a new idea to market is going to much much harder. This is different to, e.g. different tax regulations, etc, because you can still benefit from centralised computation while processing orders for different localities.
And while today this might be just about Europe, it sets a trend. Before it was just Russia and China. How long before all countries want to see the code a la the Chinese?
So the NSA has screwed things up for all of us now who are trying to start businesses.
If my costs go from: developer -> developer + global devops team + legal, etc., that's a massive burden that will affect the "bedroom/garage" startups.
From my experience, majority of "bedroom/garage" startups self-limit geographically - whether it's expecting a phone number or a bank account in a given country, or assuming everyone has a U.S. state and zipcode (90210). Data regulation is hardly the deal-breaker when their own dataschemes don't support internationalization.
I guess it all comes down to how you're meant to determine where someone's data should be stored. Is it by their nationality? What if your app gains popularity outside your launch country? Are you suddenly on the hook for not having sharded your data geographically?
Plenty of popular apps don't require anything like bank account/post code, etc. that could be assumed to prove which country someone is from.
If your app gains popularity in Italy, you have to care about Italy. That means supporting the Italian language always, it means supporting the odd Italian phone numbers if your app happens to deal with phone numbers, and it means complying with Italian law.
Now, if your app does not become popular in Italy, you just have five users there, do you still have to comply? No you don't, because de minimis non curat lex.
What kind of services or small businesses do you have in mind that a) have offices in different data jurisdictions and b) do not require any localization for these jurisdictions?
The fragmentation might be good when we talk about pricacy. It gives motivation to create more local services and not depend on foreign ones.
China is good example of how that works: they have their own search engine, blog platforms, website analytics software, video sharing sites, IM software. So Chinese users do not send their data (and money) to USA and goverment can protect personal data from NSA while EU cannot.
Of course I do not approve other things like censorship in China but having local services is a good thing both economy-wise and privacy-wise.
There will be an enormous burden on new businesses satisfying these laws - previously we've got away with privacy policies but could still code the same. If we need to maintain N servers for N countries customers could be from, that's a massive operational overhead that is bound to do nothing other than stifle innovation.
Now, I'm all for privacy, but if each country starts fragmenting the internet on country boundaries - to the level of physical servers and data storage locations, bringing a new idea to market is going to much much harder. This is different to, e.g. different tax regulations, etc, because you can still benefit from centralised computation while processing orders for different localities.
And while today this might be just about Europe, it sets a trend. Before it was just Russia and China. How long before all countries want to see the code a la the Chinese?
So the NSA has screwed things up for all of us now who are trying to start businesses.
If my costs go from: developer -> developer + global devops team + legal, etc., that's a massive burden that will affect the "bedroom/garage" startups.