This as much as you want to do it though. I share OP's view point, but will also let those house keeping tasks rote away for a while if I'm not in the mood too.
They'll still need to be done at some point, but now we have more choice on when we want to do it, and not just between 8PM and 8 AM or only on weekends, as it was the case before.
I think it vastly depends on what you are ordering.
We passed a ton of orders for valuable goods that were processed by small companies who used amazon as an alternative storefront to boost their sales. Communication was finnicky but everything went fine.
Then we also order a ton of cheap, little convenient stuff that we could have ordered on aliexpress but went to amazon for faster delivery. It was a lot more hit or miss, with pure junk coming in from tjmes to times.
We never hit the level of scam described in the article, but we'd also pay a lot more attention on where it’s coming from before forking 7k.
For years McDonalds and other fast foods in America bundled toys with Happy Meals. Building cheap little toys is way less expensive than big budget media.
A case where it can matter is when there is no clear commitment yet to use that API.
For instance if there is 2 or 3 alternative services, and you want to explore one of them to have a better idea of the trade-offs. Setting up an account and making “real” requests will be your benchmark.
Actually, even for a service with a decent chance to commit to it, there will still be an exploration phase to get an estimate for the implementation cost. Depending on how much the devs struggle to just try the API, the project could get more or less reprioritized for lower hanging fruits.
I generally like French culture, and also see a strong economic rationale that covers the "amusing" part.
It has a strong (and also protected) agriculture sector, from memory they're in the 10 largest in the world, and having consummers buying these products is a big deal. McDonalds is fine, but they also definitely need restaurants serving steaks with blue cheese sauce with a small glass of wine.
Language protection also had an incredible effect on the entertainment industry that was seriously struggling before (also due to how strongly it was enforced, notably with the 40% rule)
You have a point, but I also think we should be thinking beyond smartphones and try to act on what they are used for.
Not in a "guns don't kill people way", but because I think smarphone helped spread society's worse effects on girls, but they were already in a very shitty position, and we can't just get back to the status quo before the smarphones and social networks.
We can of course also work on reducing sns negative impacts, but I think it will also be a bad, long and thorny way before seeing improvements.
Car related issues are never “someone else” ’s problem though.
Cars getting hacked when running around you won’t be a risk you can ignore. Your town’s critical services car systems getting compromised won’t be something you turn a blind eye to either.
As usual, apart from engaging in local committees there is little we can do from the outside, but we’ll definitely be the ones paying the price at the end.
A US company can decalare themselves whatever they want, that doesn't make it legal in the EU. They don't get in trouble for saying this, EU companies are those that get in trouble when they believe the link you have provided.
> Mailchimp may in principle be subject to data access by US intelligence services on the basis of the US legal provision FISA702 (50 U.S.C. § 1881)
It might not be just a matter of where the data is stored, but also who can get access to it. From my reading, any US based conpany would be affected.
This feels like a super huge impact that would have made more waves, but the ruling also seems recent. And perhaps there will be more twists and turns yet ?
As described in the Wikipedia article, the contract has been thrown out by the European Court of Justice for exactly the reasons stated by the parent comment.
> [Standard contractual clauses] do not necessarily protect data in countries where the law is fundamentally incompatible with the Charter of Fundamental Rights of the EU and the GDPR, like the US.
They would need to a have an independent legal entity in the EU on top of hosting data in the EU, perhaps only owning shares in that entity. The construct would need to be setup in a way that three letter agencies in the US (and courts) would have no way of forcing the US company to hand over data - not sure this is possible IANAL.
Wait, is that really the standard? Wouldn't that imply that virtually any service doing business with EU customers would need to be either a multinational business or based in the EU? And just buying server hosting in the EU won't actually change that much about data access; if I'm a purely American business and I buy hosting in the EU, I think I'm still subject to US data requests. None of that goes away as far as I know, so I don't see how a hosting restriction would even help unless I literally move my business to the EU.
I thought that I understood GDPR at least reasonably well: be specific about what data you collect, don't collect unneeded data, allow deletion of data, and a couple other minor caveats. But if I sell software in multiple countries, and part of my account process is collecting an email address or other PII, is that not GDPR compliant unless I set up offices in the EU?
That can't possibly be what the law actually says; nobody except the biggest US companies would be able to do any business online with EU customers if that was the case. What am I missing?
It's most specific to the US because of CLOUD ACT and FISA courts. It would be the same for countries that have a similar structure in place.
If you're an US company you would at least need to setup a independent EU subsidiary that you do not directly operationally control (perhaps owning shares works).
So what are the full implications of that? I hate FISA too, but most non-EU countries have FISA-like structures in place as far as I know.
Sublime Text 4 just came out. That's based in Australia, where courts have similar data access, including the ability to require companies to circumvent encryption. Part of the purchasing process requires providing an email and other billing information.
Is it legal to sell Sublime Text 4 to a European? If Sublime Text was based in the US, would it be legal to sell it to a European citizen? What you're implying is that the EU can't legally have access to the majority of US-based Internet services, and that just seems so extreme that I feel like I wouldn't be hearing about it on Hackernews if that was the case.
But I don't know, I can't really confidently say you're wrong. Maybe it's just been under-covered, or I'm just not paying attention to the right news sources. At the very least, this can't apply to business-necessary information, right? Otherwise, it seems like you're saying that EU data in general can't be legally exported from the EU to most of the world, which seems like it would be a massive problem for the majority of the software industry.
There are a lot of software services based in countries with intrusive government data access: Fastmail (Australia), DuckDuckGo (US), Github (US), Itch.io (US). You're claiming EU residents don't legally have access to them? Again, I don't have any basis to argue that you're wrong, it's just... why wouldn't that be covered on basically every single tech blog if that was the case?
If the EU customer is a company and not a private citizen and if it does involve storing personal information of the EU customer customers.
"What you're implying is that the EU can't legally have access to the majority of US-based Internet services"
No. You as an EU company can't transfer customer data to or redirect customers to US companies in a legal way.
"Otherwise, it seems like you're saying that EU data in general can't be legally exported from the EU to most of the world"
It depends on who does the "exporting" and what the "exporting" includes. But in general yes, it can't if the citizen whos data is exported can't be guaranteed to have the same rights as with the data in the EU.
That is the core of it, Facebook can't offer a website in the US that is open to the EU and take information on the website "exporting" the data by POST HTTP requests to it's servers in the US (which they don't because Ireland, but in general yes).
There is much more to it, like "Can I store customer data in Google for Business spreadsheets?"
You're probably fine with Gmail because people know that this is an US company and sending an email to an US company is something a EU citizen might want to do. It's not as clear with Fastmail. It's not clear at all if you use custom domains with both. If you use a custom domain, where the customer can't see that it's outside the EU, do you export email addresses outside of the EU e.g. to Australia? But data protection agencies in the EU will take some more time to arrive at all these finer nuances. For now they are focused on Facebook and Google, and in 2021 went one level deeper with acknowledging that it's illegal to use Mailchimp in the EU (currently, I assume Mailchimp will create an EU legal entity and host EU data in the EU in the future when pressure rises).
For large enterprise that have subsidiaries in the EU it's already illegal to transfer EU employee data to the US for processing.
"You're claiming EU residents don't legally have access to them?"
As an EU citizen you can do whatever you want with your data, so "EU residents don't legally have access to them?" is misleading, because it would not be illegal for the citizen but - if - for the company.
The company has a problem if it can't prevent three letter agencies from accessing the data. If you have no assets in the EU and do not plan on visiting the EU there is not much to fear though probably. I think it might be legal - not sure I've read something about it - to process data e.g. as a hotel for EU tourists, if you delete the data afterwards. Yes the GDPR is broad.
"But if I sell software in multiple countries, and part of my account process is collecting an email address or other PII, is that not GDPR compliant unless I set up offices in the EU?"
If you sell drugs to the US you're in trouble, even if it is legal to sell drugs in the country you live in.
You as a US company probably can sell to EU citizens but IANAL. The bigger problem for the EU if you sell to EU citizens from the US is VAT. If you send physical goods then your customer needs to pay VAT at customs - as many people in the EU found out after Brexit, if you send digital goods then the customer usually doesn't pay VAT. This is what agonizes the EU more than the GDPR and is the base for France to charge digital taxes to US companies.
"I wouldn't be hearing about it on Hackernews if that was the case."
Well I've lost 100+ karma for pointing out in the last years that it is illegal for EU companies to use Mailchimp. Today is the first discussion where people agree - still I lost 10 karma.
> if you send digital goods then the customer usually doesn't pay VAT.
VAT might be annoying in the sense that it forces me to ask for an address if I'm selling software to someone who lives in the EU, but that's basically fine. I can do that as a US company, and I can pay higher taxes, that's not a problem.
But if I'm building a software company, I don't have the resources to set up a foreign company to handle everyone in the EU who wants to buy a copy of my software. In practice, that requirement would mean that most single-person software teams outside of a few allowed countries can't sell to the EU.
Eventually you just get a lawyer to answer questions like these, but it does kind of sound like if I'm understanding you correctly, I should just be excluding any EU residents from buying anything I make regardless of the privacy policy, unless I have a zero-knowledge product. Which... being zero-knowledge is tricky because VAT exists, and I don't think I can not collect EU resident billing addresses and still pay taxes in an auditable form.
Maybe that's fine though, maybe that just means in practice you have to contract billing to a company that has an EU office, and then the problem is gone.
I should have phrased this differently, I know that GDPR doesn't constrain what EU residents do. But in practice it doesn't really matter to me if it's legal for them, it matters to me if it's legal for me. I don't know, apparently I need to do more research on this.
Interesting though, I appreciate you taking the time to elaborate.
> So the problem is that an US company cannot be GDPR compliant, because that conflicts with US law.
This is completely not true. First, most US companies are GDPR-compliant because they don't gather, store and process personal data of EU citizens. Now, those that do - mainly Internet companies - they need to abide by the terms of the GDPR (or not to serve EU customers, which for some is the easiest way - like New York Daily News). If you decide to store personal data of EU citizens, you need to do it using servers located in the EU, which, depending on the nature of your business, might or might not be easy, but companies had several years to prepare for that. There is no any conflict with US law anywhere.
Personally I was in a similar position and instead of choosing Mailchimp I choose Mailerlite, which is Europe-based and, being less popular than Mailchimp, (much) less expensive for the customers I have (with mailing lists in the range of 5k-50k contacts). It has its quirks but it works and I have no much reasons to complain.
They'll still need to be done at some point, but now we have more choice on when we want to do it, and not just between 8PM and 8 AM or only on weekends, as it was the case before.