But that's exactly how it works in many other lines of businesses, e.g. in construction. Many small companies can't provide compliance with the required codes, so they're forced to work their way up the ladder slowly or create joint ventures. Sure, that way you probably can't become a billionaire in a few years, but also bridges fall down less often because of it, so in the end it's not necessarily a bad thing for the society.
Software and construction are not analogous. For one thing, no one is talking about regulation of social media that has to do with life and death matters. Are you proposing that no one should be allowed to create a video sharing platform unless they can prove in advance they can actively monitor all uploaded content, regardless of how popular they get?
> For one thing, no one is talking about regulation of social media that has to do with life and death matters
You may not believe that if you live in Myanmar or Kenya. Large amounts of behavioral information in the hands of the wrong people can absolutely be a life or death issue.
I'm not saying there are no life and death matters, I'm saying no one is talking about regulation that would address them. I could be wrong, I'm not current regarding the relevance of Facebook and those countries.
Huh? Isn't the point of this whole comment chain that large companies are able to comply with regulations that protect user safety that small companies might not be able to? In that case it's self evident why a large company is better able to protect user safety.
Organization size doesn't really correlate to software reliability or security. But that's not where the problems with Facebook and online privacy generally are. Any org of any size can follow rules like not sharing user information with third parties (though eliminating business models dependent upon that could be limiting).
Smaller organizations would have a much harder time complying with legal changes that significantly erode the Safe Harbor provisions of the DMCA that make platforms not responsible for the actions of their users.
> That’s assuming the regulations work instead of just throw obstacles in the way of new companies.
Not only that, laws have a tendency to set a particular model in stone.
The model large companies use is to collect everything they possibly can and then use bureaucratic processes to control access.
The model small companies and individuals use is to minimize the data they collect and use technical means to ensure that the company has no access to the customer's data at all. This obviously tends to be more secure.
But if the bureaucratic process is required by law regardless of whether it's really protecting anything, the more secure model becomes impossible -- you have to collect all the data because it's the only way to make enough money to pay for the bureaucratic overhead.
> The model small companies and individuals use is to minimize the data they collect and use technical means to ensure that the company has no access to the customer's data at all.
There have been a zillion startups that have had collecting user data baked into their business model.
