I feel like the whole time this was being argued and passed, everyone in power just considered the internet to be the major social media sites and never considered that a single person or smaller group will run a site.
IMO I think that you're going to get two groups of poeple emerge from this. One group will just shut down their sites to avoid running a fowl of the rules and the other group will go the "go fuck yourself" route and continue to host anonymously.
Does this shock you? I don't recall a time in memory where a politician discussing technology was at best, cringe and at worst, completely incompetent and factually wrong.
If we exclude politicians whose tech awareness is curated by lobbyists, Ron Wyden may be the entire list.
Very little legislation does.
Two things my clients have dealt with: VATMOSS and GDPR. The former was fixed with a much higher ceiling for compliance but not before causing a lot of costs and lost revenue to small businesses. GDPR treats a small businesses and non profits that just keep simple lists for people (customers, donors, members, parishioners, etc.) has to put effort into complying even thought they have a relatively small number of people's data and do not use it outside their organisation. The rules are the same as for a huge social network that buys and sells information about hundreds of millions of people.
But for an answer, I've done what folks do - spent decades carefully listening to legislators (and judges!) reveal their expertise in the fields I work and interact with.
Ron Wyden aside, authentic technical competency from legislators is so uncommon it stand out. Glaringly. What technical acumen we do get pretty much always rhymes with lobbyists talking points.
I expect my perspective to be boringly familiar here.
And AFAIK, we don't have any other Ron Wydens serving in Congress or coming onboard.
That is, someone with the basic technical understanding to foresee reasonable downstream consequences of the laws they vote on. Not someone with a minimal technical awareness that was crafted to be a lobbyists tool.
I will be genuinely grateful if someone would correct me here.
https://www.enforcementtracker.com/
They're only cataloging the (2500+) publicly known ones, most of which have a link to a news article. As an example: some guy in Croatia emailed a couple websites he thought might be interested in his marketing services, and provided a working opt-out link in his cold emails. One of them reported the email to the Italian Data Protection Authority who then put him through an international investigation and fined him 5000 euro.
"Assuming here that the reasons expressed in the aforementioned document have been fully recalled, [individual] was charged with violating articles 5, par. 1, letter a), 6, par. 1, letter a) of the Regulation and art. 130 of the Code, since the sending of promotional communications via e-mail was found to have been carried out without the consent of the interested parties. Therefore, it is believed that - based on the set of elements indicated above - the administrative sanction of payment of a sum of €5,000.00 (five thousand) equal to 0.025% of the maximum statutory sanction of €20 million should be applied."
For instance, I know of a company that flouted GDPR and got multiple letters off the ICO trying to help them with compliance before finally, months later, they ended up in court and got a very small fine.
Edit: it is not cool to edit your post after I replied to make it look more reasonable
So? Tons of millennials barely understand technology too. I'd say a politician being one makes the odds they know tech marginally better, but I still interact with people of my generation that barely know what a filesystem is, let alone how to make one, or why it's important.
The UK tends to be a lot more (IMO) reasonable in its approach than some other European countries. Italy tends to be one of the strictest, and likes to hand out fines, even to private individuals for things like having a doorbell camera. The UK has only fined one person on that basis, and it was more of a harassment case rather than just simply that they had a camera.
ICO and Ofcom aren't generally in the business of dishing out fines unless it's quite obviously warranted.
The joke used to be that Boomers don't understand the internet, even though they invented it.
Based on that experience I guess it should be no surprise that now Millennials don't understand the web even though we were born on web 1.0, grew up on web 2.0, and created web 3.0.
That would be insane, and it's not true. You have to consider the risks and impacts of your service, and scale is a key part of that.
I think it's really important around this to actually talk about what's in the requirements, and if you think something that has gone through this much stuff is truly insane (rather than just a set of tradeoffs you're on the other side of) then it's worth asking if you have understood it. Maybe you have and lots of other people are extremely stupid, or maybe your understanding of it is off - if it's important to you in any way it probably makes sense to check right?
Also, is not just small businesses, it is not for profits too.
There's only 13 provisions that apply to sites with less than 7 million users (10% of the UK population).
7 of those are basically having an inbox where people can make a complaint and there is a process to deal with complaints.
1 is having a 'report' button for users.
2 say you will provide a 'terms of service'
1 says you will remove accounts if you think they're run by terrorists.
The OP is blowing this out of proportion.
Employees costs money, and so do attorneys. When people won't limit scope, that can require extensive manual review.
You've spent 20+ posts misinforming about compliance costs in this thread alone so forgive me if I don't believe this is anything like a good faith query. If you know people who operate companies, it's easy to find cases.
$ because I'm American.
Feel free to address any specific points. Have you looked at the Ofcom guidance?
> penalty seems to still be "up to 18 million pounds".
Fines "up to" a certain amount allow flexibility in punishment, enabling courts to consider the specific circumstances of each case, such as the severity of the offence and the offender's financial situation. This discretion ensures that penalties are proportional and fair, avoiding undue hardship while still serving as a deterrent.
You cannot write in to legislation specific fines for every possible scenario, this is how the UK legislation works. Suggesting you need to shutdown a cycling forums because you don't have 18 million in the bank is ludicrous.
Mishandling personal data has a maximum fine of £18 million too, yet small/medium/large businesses still exists...
> So no, there is a deliberate bias against smaller sites.
I'm saying there is deliberate bias against smaller sites, smaller sites only have 13 minor provisions whereas larger ones have 30+.