This company that sells clothing says it had to stop selling to EU because of GDPR. This image IS their site now, it says: "Blame your government (no, really)".
Really though? It's that hard to sell me clothes while respecting my privacy? You only have to blame yourself on this one 😂
@kingannoy "Blame your government not us. please. please don't blame us oh god please please please we just want to keep abusing your privacy it's how we make EVEN MORE money off you D: "
@kingannoy to my mind its such a childish thing for a company to do; its not like GDPR is that difficult to implement and even if they have some edge case that makes it complex, they had years to plan for this.
Just childish 🤨
@kingannoy Almost as bad as Tronc blocking EU visitors on every single one of their news sites. Like, FFS. Proxies are for torrents, not reading the LA Times!
@kingannoy If they don’t have any assets in the EU, why don’t they just get fined and then tell the EU to stuff it when it’s time to collect?
That's a straw man. I never said they should just sell to the EU. Or that it would make sense for them to expend any effort at all to become compliant.
Not being careful what data you keep on your customers, not complying with sensible regulations (#GDPR) about data retention. That is shoddy business practice. Because maybe someday you will be hacked and all that data will leak, but hey, don't worry, #yolo.
@kingannoy Yes that would be very bad but some companies are bound to take a chance, because they just suck and can't think of any other way. I guess many operate in the EU w/o any compliance whatsoever. At least #MooseJaw decided to abide to the law - although with a very radical solution that probably did not serve them.
I missed the thread leading up to your post. I thought it was a reply directly to me and my response was unnecessarily combative, sorry. 😑
@kingannoy I read "So sorry we are so slow. The last two year, the grace period, we did nothing. We just don't care about you."
@kingannoy it’s software, of course it’s hard to change it at every level from front end to payment gateway to fulfilment.
@kingannoy What horribly cynical copy writing. I will definitely never consider to give them any business. Thanks for the heads up.
@kingannoy Makes you wonder what kind of weird nonsense they're up to. Sewing GPS trackers into your yogapants? Bluetooth-enabled vests?
@kingannoy If only it were that simple...most of my clients chose to work toward compliance, but some took this tack. They weren't (and aren't) crazy, and there's nothing wrong with blaming the EU for making this choice. It has consequences - some they'll like (fewer cookies) and some they won't (further neutering the possibility of a European Silicon Valley). This one falls somewhere in between.
@kingannoy Also fair. Our side of the pond may well be too hands-off, and that produces some good and some bad consequences. On the whole, I'd take Silicon Valley over GDPR, but I fully admit my American bias in that judgment. It's totally reasonable to come down on your side. My point was that the heavy-handed EU approach *also* produces some good and some bad consequences., and I think it'd be disingenuous to pretend GDPR has no downside.
I could understand your argument if we were talking about a company has a reason for handling private data, like say, Fit Bit. And if they said something like: "We got caught with our pants down, we'll be back with you as soon as we figured it out".
Instead it's a company with no excuse for gathering anything but your address, low-key insulting our government. They aren't crazy, they are the target of this law and I love their precious little snowflake response.
@kingannoy I think that's a fair distinction, but I'm not sure it necessarily supports that side of the argument. There's something inherently fair about expecting fitbit or google or facebook to handle personal data in a sophisticated, accountable manner. Should we treat a clothing company the same way? That raises one of GDPR's other unintended consequences; the parties it benefits most are the ones it seeks to constrain (by disproportionately affecting less sophisticated competitors).
@kingannoy In actual dollars-and-cents terms, putting up a blocker like this is a net gain compared to spending the resources to achieve full GDPR compliance for many US companies. They just don't sell enough of their products/services in Europe to justify the transaction cost and additional risk.
That is because the negative externalities are never connected to the companies. If companies were held accountable for the damage all this stored data does when (not if) it leaks, they would think twice about hoarding it.
I really like @doctorow comparison to a oily rag business. It is inherently dangerous to hold on to all this data. These companies can only profit from it because those dangers will never hit them but only their customers.
So I understand that it's in this companies best interest to just not do business in the EU. In dollars-and-cents terms it's better for them if they can keep being as un-responsible with their customers' data as they want. They prefer it if those possible negative externalities don't get connected to them.
Totally reasonable free market response.
A clothing company shouldn't have any trouble adhering to the GDPR because they shouldn't be hoarding any data.
How hard can it be to make you database tables for customer addresses and for your mailing list compliant?
I don't think that is hard enough to warrant their response. That is why I conclude they must have been hoarding all data they could find on their customers, and made that such a ingrained part of their business that it's impossible to stop.
It's as if a physical store would say something like:
"We have to close our store. We can't comply with these health and safety standards and getting our building up to the fire code is just too much effort. So sorry... Blame your government (no really)"
@kingannoy Your basic argument is correct. There are a few wrinkles that you may not fully appreciate. First, it's important to separate liability and preemptive regulation as legal levers. You're absolutely right about the negative externalities that a lack of liability has created for companies in this space, but that doesn't mean you necessarily *also* need to tell the company how to store its data in the first place. This is how products liability works (when it works).
@kingannoy Second, GDPR requires dramatically more than complying with best practices, especially for foreign companies. It is not as simple as "privacy good, ergo GDPR good." It is *intentionally* vague, requires foreign entities to submit themselves to the personal jurisdiction of European countries (viz a viz the data transfer mechanisms), and in some cases prohibits what local state or federal laws over here require (and the exceptions for legal compliance only covers EU law).
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!