GDPR benefited citizens and hurt big companies, article 13 benefits big companies and hurts everyone else

GDPR is helping US internet giants and squelching smaller players. I work in the media space and can see where advertiser money is flowing. Advertisers who had previously spread their money supporting smaller publishers including European publishers are now concentrating it in walled gardens to limit any potential liability reasoning that the walled gardens will better be able to handle any arising litigation through their bottomless cash reserves :-)

I think the fine structure of GDPR means that what might otherwise appear to be bottomless cash reserves are in fact only significant cash reserves, furthermore not only the advertisers have made this mistake but also the big players who seem to be operating at least on a quasi-antagonistic mode.

So what I think is - when the antagonism ends up taking big chunks of money everyone will suddenly realize "oh shit, it's not bottomless" at which point there will opportunities to take advantage of.

But maybe my take is too reasonable and instead the advertisers will think oh damn, stuff is really messed up better stay the course with these big guys to get us through these troubled times!

If the “smaller players” aren’t willing to the take the reasonable steps to protect user data that would cause them to not be sued, then I’m fine with that.

I believe you are missing the point of the comment.

Even if smaller players take all super duper steps to protect user data, advertisers have no real way of knowing if they are in fact compliant whereas they have a simple way of looking at the published balance sheets of the big players and seeing the huge cash pile and armies of lawyers. The scare caused by activists weilding "nightmare letters" doesn't help. Also there's a body of thought in legal circles that even vendor chains needs to be evaluated which is causing advertisers to be wary. Far simpler to just throw money at the biggies who will deal with this.

As usual, the smart money will be in the certification industry that will inevitably come up to tax the mid sized players while the small publishers will die out.

I think the basis of GP's comment is the bias a lot of GDPR supporters - myself included - have: we'd like to see the entire advertising industry die. So even if the effects hit smaller publishers more than the large ones, as long as it causes enough damage to the whole business model and incentivizes people to look for alternatives, it's a step in the right direction.

> even if the effects hit smaller publishers more than the large ones, as long as it causes enough damage to the whole business model and incentivizes people to look for alternatives, it's a step in the right direction

Remember the adage “divide and conquer”? If you want to destroy something, consolidating its power base (like GDPR does to advertising in Europe) is a poor first move.

That might be a good first move. It's much easier to regulate one or two evil big corporations than a sacred cow of small and medium business.

> we'd like to see the entire advertising industry die

The GDPR doesn't only apply to advertising companies. When you're offering services in exchange for money you still have your customers' names, IP addresses etc. Even if you aren't using any of that information for advertising or data mining, you still have it, which means you still have the compliance cost. A lot of that cost is not proportional to how much data you have or what you do with it.

And that's the problem. The GDPR will never destroy Google or Facebook, but it can destroy a three person startup that has nothing to do with advertising and might have offered an ad-free alternative to some of their services.

If destroying the ad industry is the goal, why not just tax advertising at >90%?

Either that or new small players will spring up that do not base their business on the user as a commodity.

Problem is, those players will still incur the compliance costs. The GDPR rules are not simply penalties for bad behavior. They mandate proscriptive actions companies must take, policies they need to design, services they must perform on demand, etc. whether the company is engaging in bad behavior or not.

I think the issue here is that advertisers are not willing to evaluate if clients can protect user data unless large sums of money are offered up front.

And if you don't profit from a website and just want to place advertisements to keep the lights on, you don't have that kind of money.

GDPR is an EU mandated protection for the US advertising giants. It guaranteed EU companies can never challenge them in the ad market. It guarantees the EU can never produce a Twitter, Snapchat, Reddit, Google, Facebook, YouTube, or any other consumer advertising platform of consequence. Meanwhile, the US ad market will continue to produce an infinite bounty of vast, expanding profit, filling the coffers of the US giants. Those giants will then leverage that to enter / operate in the EU (even if it requires subsidy from the US profit machine), comply with GDPR, and perpetuate their dominance.

How many Twitters EU produced before GDPR? Approximately, 0. If we'll go below that number now, it will be an economic miracle I'd really like to see it.

Now, seriously, there are so many other problems here and GDPR compliance is so easy when you've already paid attention to security of your service, that it really does not make sense to blame a good law. Losers who cannot comply just don't deserve to be on the market.

The story with copyright directive is completely different and has no connection to GDPR.