I'm rather confused as to why you're harping on about whether or not developers "deserve sympathy". I'd be making the same points about pretty much any business regulation - that they impose costs, and that we need to be cognizant of them in order to make sure it's a net positive. If the costs outweigh the benefits, then the regulation is a good thing. If they don't, but you advocate for it anyways because don't care about hurting a specific class of people that don't "deserve sympathy", that makes you quite a mean-spirited person.
>If anything, startups benefit: they have less data and systems.
It's not about the absolute costs of regulatory compliance, which are relatively small. It's about the relative costs of compliance compared to the economic value of regulated activity. Google has roughly a million times more revenue than a ten-person start-up will. Privacy compliance is not a million times more expensive for Google than it is for the start-up. If it costs a startup a day of engineering effort to comply, and it costs Google ten million dollars, this is a relative business advantage for Google.
This is a pretty general pattern; established businesses get a competitive advantage from regulation, since it prevents competition from arising. If it costs $400 to get your setup inspected before you can sell lemonade that you make, this helps Nestle sell more bottled lemonade at the cost of your kids' lemonade stand.
> If they don't, but you advocate for it anyways because don't care about hurting a specific class of people that don't "deserve sympathy", that makes you quite a mean-spirited person.
Let's not gloss over the fact that the specific class of people who are "hurt" are the ones causing the hurt. If they only collected data they needed and secured the data they did collect, the regulation wouldn't be needed in the first place.
It's not mean-spirited to expect people who have widely profited from collecting bulk data to foot the bill for securing that data.
