GDPR

[Guest longinvestor]

Now what? Is this going to be material for FB or Google? What if anything is the US going to do?

 

 

[LC]

Depends on enforcement. FB and GOOG are not compliant. However I am not sure how much the EU can squeeze out of them.

[Spekulatius]

Depends on enforcement. FB and GOOG are not compliant. However I am not sure how much the EU can squeeze out of them.

 

The fine is up 4% of the global revenues. This law does have some teeth:

https://www.eugdpr.org/key-changes.html

[LC]

Depends on enforcement. FB and GOOG are not compliant. However I am not sure how much the EU can squeeze out of them.

 

The fine is up 4% of the global revenues. This law does have some teeth:

https://www.eugdpr.org/key-changes.html

 

Right and IIRC it accrues on a per-customer basis. My point was even if the EU fines Google $4 billion, how much will they really collect?  I don't think Google is going to take that laying down.

[John Hjorth]

WSJ [May 31^st 2018]: Google Emerges as Early Winner From Europe's New Data Privacy Law.

 

You can read the full article by accessing it via this tweet.

[NeverLoseMoney]

In my opinion GDPR is just a symptom of a disease that is more dangerous to Google and Facebook. The business of selling ads on the web has been getting worse and will continue to get worse. People are going to be less and less tolerant of ads on the web and of companies following them on the web. Google is already paying at least one producer of ad-blocker software to put Google on its whitelist to enable their ads to be shown.

 

The increasing use of mobile devices (less screen space) and publicly reported creepy behavior of bad actors (Facebook a recent example) will only accelerate the trend. Of course you can offset that by growing in other countries, but I think the intolerance for ads will continue to increase and will be universal. In response publishers are looking to charge for services and content more and more. Google can't do that as easily, because their search results can't push their own premium services too hard without risking huge fines. So I believe that side of their business will get worse over time.

[Guest longinvestor]

I believe that the worst part of this is the public discourse on this topic. The more the issue of privacy and Google and FB mentioned in the same breath for an extended time is not going to be good.

 

Also there are a number of well heeled enemies they have managed to acquire along the way. Murdoch, major telecom and cable. They would love to get a piece of the action. And of course we have a White House in the opposite corner on topics like immigration. Then you have lawyers looking for deep pockets.

 

I’m staying tuned

[Guest longinvestor]

California going the way of GDPR. As expected, Google and FB playing defense already. Warning of unintended consequences!

 

https://www.bankinfosecurity.com/californias-new-privacy-law-its-almost-gdpr-in-us-a-11149

[Guest longinvestor]

California going the way of GDPR. As expected, Google and FB playing defense already. Warning of unintended consequences!

 

https://www.bankinfosecurity.com/californias-new-privacy-law-its-almost-gdpr-in-us-a-11149

 

It appears that this “rushed “ legislation is a conscious choice made by the tech industry and the politicians to not let this measure go to the ballot box in November. Lesser of two evils. Vigorous debate in the public domain versus lobbying opportunity for 18 months to water it down.

 

At the end of the day, the net outcome is likely to be determined by Google and Faceboook’s competitors for ad revenues. Who knows, this could be the proverbial doors open for some of them. Media moguls like Murdoch, telecoms/ cable?

 

[Jurgis]

Does anyone know how GDPR affects EU startups? Are there any exceptions for very small cos? Extended implementation deadline? Anybody's knowledgeable on this on the board?

 

I guess similar question can be asked about US startups, since you mostly can't block EU users. But I guess the risk of adverse enforcement might be lower.

 

Edit: from short Bing/Google-fu, there are no exceptions and there is no extended timeline. If this was enforced on everything, it would be death to startups. Of course, it's likely not going to be enforced on tiny cos though it might depend on the aggressiveness of the member-country enforcement organizations. Let me know if you know this in more depth and disagree or have further thoughts.  8)

[Jurgis]

I'm in EU right now and it's rather funny how different websites try to be GDPR compliant. I am not a lawyer, but I'd guess more than 80% of ones who try are not really compliant (hint: AFAIK, having a banner "Accept our cookies or else" is not GDPR compliant...). OTOH, there are websites that are likely compliant. And you don't see the behavior they present to EU users when you access their sites in US.

 

And then there are sites that clearly don't give a *&%^ about anybody accessing them from EU. Likely no enforcement will be coming... unless the website is big and gets sued or whatever.

[Spekulatius]

I'm in EU right now and it's rather funny how different websites try to be GDPR compliant. I am not a lawyer, but I'd guess more than 80% of ones who try are not really compliant (hint: AFAIK, having a banner "Accept our cookies or else" is not GDPR compliant...). OTOH, there are websites that are likely compliant. And you don't see the behavior they present to EU users when you access their sites in US.

 

And then there are sites that clearly don't give a *&%^ about anybody accessing them from EU. Likely no enforcement will be coming... unless the website is big and gets sued or whatever.

 

I am guessing that software toolkit’s will be sold enabling to build a website that is compliant. could be a great business at least in the short run and probably sticky in the long run.

[watsa_is_a_randian_hero]

This is my perspective working for a midsize financial consulting firm with 70 offices globally, that takes in a lot of data from institutional investing clients, and sometimes takes in PII on engagements, and also has an investment banking arm:

 

The new rules are so burdensome, that most people either aren't savvy enough to comply without tripping up on some small aspect and/or view it as too costly to fully comply in every way, so firms turn a blind eye to some aspects of compliance. 

[oddballstocks]

I'm in EU right now and it's rather funny how different websites try to be GDPR compliant. I am not a lawyer, but I'd guess more than 80% of ones who try are not really compliant (hint: AFAIK, having a banner "Accept our cookies or else" is not GDPR compliant...). OTOH, there are websites that are likely compliant. And you don't see the behavior they present to EU users when you access their sites in US.

 

And then there are sites that clearly don't give a *&%^ about anybody accessing them from EU. Likely no enforcement will be coming... unless the website is big and gets sued or whatever.

 

I am guessing that software toolkit’s will be sold enabling to build a website that is compliant. could be a great business at least in the short run and probably sticky in the long run.

 

Or more likely..blocks to entire continent's IP ranges.  We have a company that manages our firewall, they wanted to block everyone but the US. I protested and they asked how many clients I have in Europe/China/Russia...none.  They said most attacks and issues are stopped if you limit the site to the US if you do business in the US.  In the end I blocked Russia and China...and amazingly, or not surprisingly garbage traffic dropped like a rock.

 

 

Unless you're a multi-national with a compliance department I think this is the route most US companies will take.  Just block off Europe and call it a day.

 

If someone from Europe wanted to be a client we'd probably refuse them.  The hassle isn't worth it. It stinks this is the way things are going, but it's too costly to comply if you aren't a large company.

[Jurgis]

Continued "screw you" to EU users from ... pretty much every single US based tech and media company:

 

By clicking continue below and using our sites or applications, you agree that we and our third party advertisers can:

•transfer your personal data to the United States or other countries, and

•process your personal data to serve you with personalized ads, subject to your choices as described above and in our privacy policy.

 

Or you can choose not to click continue and not get the content. F-ank you very much!

 

This particular one was from Fortune.com, but really variations of these are what you get on pretty much every single website when in EU. It's pretty much "no choice" choice. Either you waive your EU privacy rights, or you get no content. In some cases, there might be third choice to jump through 20 minute hoops that may eventually end up in some mix of who-knows-what. Still pretty much "screw you".