Hacker News new | past | comments | ask | show | jobs | submit login

Same answer as GDPR: when the majority/all of the companies implement it in a way that hurts everyone (businesses and end users alike), then the problem is with the regulator, not the regulated.



Not exactly. First, a lot of bottles don't have that problem. Sure "most" bottles do but most is produced by few companies that made a bad design. So we only need few companies to fix design for the problem to go away.

Cookies stuff is indeed badly made and should be fixed. The should just mandate websites to accept a http header with relevant option (no-cookies, no-advertisment, no-tracking etc.).

Still, it's not the problem of regulator in itself. Rather, companies are taking advantage of the current version of the law because it's favorable to them - they know most people with quickly accept whatever to close the popup.


Yes, I 100% agree they should just mandate compliance with a specific HTTP header — and prohibit any popup or other smarmy trick or dark pattern of different behaviour if the header is present — but why haven't they?

I am honestly curious. If you are willing to go as far as they have, why not go that relatively tiny extra step?

I think it is a problem with the regulator. The cookie agreement mandate has legitimately fucked up the web for everybody. It's also done it in a way that mostly neutralizes the intended benefit of the law (because everybody just clicks the "fine! stuff your cookies up my arse or whatever, just get on with it!" button).

But a competent regulator must both measure the impacts of their regulations, and take action based on that data. It seems a weird place to stop.


The conclusion isn't deducible from the premise (I can just as well say the opposite). Can you elaborate with some example?


In other words, personal responsibility doesn't apply to business owners.


GDPR does not hurt me and majority of its implementations don't hurt me. That there is a ton of nonsensical propaganda against it from entrepreneurs can't just do what they want is another matter.


GDPR is really not that complex. It's as simple as "if you don't need the data, don't collect them".

The problem is that every other company thinks they are Google or Meta. So they start overcollecting user data, in hope that one day they will be able to generate revenue from them. So they end up with overcomplicated compliance solutions and GDPR consulting fees, but without any actual use for the data they collect.


So you think the GDPR isn't very complex. Let's put that to the test.

I need to record names and address across the European Union. What character encodings are illegal for such fields in a database?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: