> Tell me you didn't even read a line of GDPR in the past 9 years or know anything about European regulations
As a matter of fact, I am the founder&owner of a small ISV (nothing ad, privacy, crypto or AI-related) in the Eastern EU. Everything I am telling about European regulations comes from dozens of years of direct, painful, personal experience.
(long time no reply due to hitting HN's rate limit)
> Everything I am telling about European regulations comes from dozens of years of direct, painful, personal experience.
Strange that you then spew absolute bullshit about GDPR.
> How about you?
I've worked in large multinational corporations (banking, streaming) that were "hit" with GDPR and spent several years making sure they are compliant. Not because GDPR is bad, but because no one really cared about the data collected, and where it ended up. [1]
Startups had it and have it easy since they can just not siphon all the data. Especially now, when you have all the tools to handle data properly. Hell, a decade ago you couldn't even get privacy-preserving analytics. Now you're drowning in them.
We're also preparing to launch a few (admittedly small scale) projects with friends, and what do you know? GDPR is the absolute last thing that even bothers us. You know why? We know what data to collect and for how long to store it, and we're not sending that data to thousands of "privacy-preserving partners".
"Company-destroying fines" boogeyman or whatever other "chilling effect" bullshit belongs in the mind of children and morons. Hell, I've seen banking regulators come, list issues, and give a deadline to fix them. Much less GDPR.
[1] That's not entirely true. Payment and payment-adjacent regulations are significantly more stringent than GDPR, so everything related to that was and is extremely serious. As anything related to things like "data of persons under state protection". It's never black and white.
However, in big companies, especially at the time, you would eventually end up with a lot of data duplicated across many systems, often barely connected. 10 years ago cleaning up that mess required companies to reverse engineer and document 10-15 years of bad/hasty/adhoc decisions and assumptions. Surprisingly often that resulted in just retiring certain internal microservices wholesale (they just were no longer needed) and/or significantly reducing bandwidth and storage requirements in certain cases (because you no longer cary and store heavy duplicate objects around).
So the main opposition to GDPR came not from "poor chilled startups", but from companies like Facebook and Google who rely on 24/7 surveillance exclusively, ad industry, and large corporations who didn't want to deal with cleaning up internal messes.
As a matter of fact, I am the founder&owner of a small ISV (nothing ad, privacy, crypto or AI-related) in the Eastern EU. Everything I am telling about European regulations comes from dozens of years of direct, painful, personal experience.
How about you?