> There is a cost to businesses in complying with and implementing regulations, regardless of the size of the business and how good or bad their behaviour has been with respect to the intention of those regulations. You can't deny over-regulation by assuming only the badly-behaving people are burdened by it.
Indeed - the lack of this cost of business was causing (1) reckless and (2) (deeply) unethical behaviour to become rampant [0]. I think it was fair to say it was not acceptable anymore, and I think the GDPR does a good job of formalizing rules of basic common sense about personal data protection. There's really nothing in the GDPR that I can point to that is overbearing, although of course many businesses do implement unnecessarily overbearing UX on top of it.
Processing personal data should be a risk to business, and I think some basic rule of law was warranted for this risk to be clear to business.
I'm not saying there is no cost to regulation. But the cost needs to be proportional to the good it achieves and I think the GDPR does that quite well. Article 13 - in my opinion - clearly will not.
> There is a cost to businesses in complying with and implementing regulations, regardless of the size of the business and how good or bad their behaviour has been with respect to the intention of those regulations. You can't deny over-regulation by assuming only the badly-behaving people are burdened by it.
Indeed - the lack of this cost of business was causing (1) reckless and (2) (deeply) unethical behaviour to become rampant [0]. I think it was fair to say it was not acceptable anymore, and I think the GDPR does a good job of formalizing rules of basic common sense about personal data protection. There's really nothing in the GDPR that I can point to that is overbearing, although of course many businesses do implement unnecessarily overbearing UX on top of it.
Processing personal data should be a risk to business, and I think some basic rule of law was warranted for this risk to be clear to business.
I'm not saying there is no cost to regulation. But the cost needs to be proportional to the good it achieves and I think the GDPR does that quite well. Article 13 - in my opinion - clearly will not.
[0]: E.g. in unregulated countries: https://news.ycombinator.com/item?id=17081684