zlacker

It's like if a new law were introduced requiring a license in order to ride a bike, to make sure people don't hit pedestrians or bike dangerously in the road. The license is free, it just takes a weekend to go take a written test and demonstrate that you can safely ride a bike. Some people who would pass but can't be bothered to give up a weekend would instead choose to just stop biking. It's an unavoidable consequence of introducing a friction where there wasn't one, and there's no way to carefully target or wordsmith the requirement so that this doesn't happen.

I think people miss that there is a very large qualitative difference between "no law" and "law". Even a very carefully targeted law will still have the effect, on the margin, of preventing or stopping compliant activities. But in the case of something like privacy, or control of data about you, maybe that's worth it in order to stop the noncompliant activities.

On a non-hypothetical topic: does anyone have a good resource on the requirements with regard to backups? That's one of the larger technical sticking points for me - do we have to delete from our backups as well on such a request?

>>losved+(OP)
That‘s all true, but quite boring, isn‘t it?

Because the reverse also hold: if we remove the need for driver‘s licenses for cars, more people will be able to drive.

The fallacy is IMO that many people always consider the status quo ante as the perfect balance. Because we have gotten used to driver‘s licenses.

So the argument that new regulation stifles some non-harmful behaviour is a truism, but doesn‘t really contribute anything, unless it comes with numbers.

>>losved+(OP)
It's not like that at all; some of us are small business owners who don't have to take any action, because we already were not mishandling PII and already had a PII-handling section in our data-handling policy.