Against all my instincts, even though this post is unconstructive and snarky and flame bait, and even though I am European (or perhaps because of it), I have to upvote this. European people, those voting for representatives voting for representatives (!) making the laws, need to start feeling the negative feedback of the regulations. I’m not saying there are no benefits to consumer protection; there are, I am a massive GDPR fan, but we are too unaware of the opportunity price we pay for this.
Be aware, fellow Europeans: there is a cost to all regulation. If you feel like a constant afterthought, maybe it’s because you are.
(I know these are not necessarily specifically related to this Stripe product. It’s more of a cultural undertone. What I’m trying to say is: the parent comment has a point.)
As a fellow European living in the US I feel divided about this: while the opportunity cost is high and the business environment is definitely stifled by regulation, the quality of life and health consequences of the lack of regulation in the USA are massive and there's very little recourse for the little people against the criminal misbehavior of corporations.
There must be a happy medium between the two positions, I don't know that a country has gotten it right yet but the US is no paradise.
There is no lack of regulation in the USA, it's just the USA has some wrong regulations that creates horrible results you see sometimes. Most of it is from a lack of single payer healthcare and a public culture of infrastructure neglect with high amounts of waste compared to pretty much everywhere else in the world.
I really think it comes down to legislation philosophy. In the english speaking countries, cost of compliance is something that is thought about for small businesses, so many regulations are small business exempt until you get to certain employee counts or revenue numbers.
In the EU, that concept doesn't seem to exist and businesses of 1 are assumed to be $100M revenue businesses that can afford to do things like GDPR properly.
If you are a 1 man show, how about not collecting data you most likely don't need anyway? And the 4% global revenue fine the GDPR is famous for does exactly what you want -- scales with the means of the business.
Last I saw there was a minimum fine of x million Euros.
Edit: had to verify. It seems a bit more reasonable: """Article 83 of the General Data Protection Regulation provides details of the administrative fines. There are two tiers of fines. The first is up to €10 million or 2% of annual global turnover of the previous year, whichever is higher. The second is up to €20 million or 4% of annual turnover of the previous year, whichever is higher.""" - https://www.gdpr.associates/what-is-gdpr/understanding-gdpr-...
Yes, because a minimum fine of $10 million for a 1 person business is totally reasonable, unless by the grace of the bureaucracy, they decide to give you a warning instead. /s
Also the GP post, there is more than 'avoiding collecting data'. If you have text field comments form and a 3rd party puts 'personal data' in that, then that is GDPR liable! You also need audit logs and and list of other requirements that needs multi engineer teams to implement properly.
As a result, most small businesses with email are probably not going to be properly compliant on some level and you can prosecute anyone. Just like the new-ish VAT laws, large stores are going to be compliant because they can afford it, while some petty bureaucrat will prosecute the small online shops instead.
I don’t see your logic. Of course new features of a US company are going to be focussed on their home market first.
And claiming that regulation in EU is stifling business is a bit naive. Regulation is everywhere. Have you ever tried to sell an app that uses encryption (like TLS or SSH) on the app store? The stuff you need to do in the US for „export compliance“ is ridiculous (even if it‘s an app that wasn‘t written in the US in the first place)
I doubt that EU regulations are more onerous than their US counterparts. And, obviously, the EU is mostly just replacing country-specific regulations, making it about 16x easier to enter the European market.
I'd also like people to name specific regulations they disagree with, yet any time I challenge s/o they slink away.
In this case, a stripe rep in this thread posted a list of their todos for the EU. Note that literally "putting VAT ID numbers on invoices" makes their top 5! Can't be that bad after all:
"localize the invoices, add EU specific payment methods to invoices, improve tax support, make default invoice templates EU compliant with VAT ID"
US requirements around what we put on invoices: 0
EU requirements around what we put on invoices: Still figuring it out
The technical implementation is not difficult. It's dealing with all the lawyers and accountants who have to understand regulations of 27 different countries.
There is a significant difference between "not regulated" and "regulated at all". The burden of understanding the regulation itself is a cost, even if the actual compliance turns out to be simple.
His opinion "I wonder why the EU is an afterthought when you need to spend millions on compliance for every new feature" is not backed up by any facts.
If he had said that meeting the legal requirements in 28 different independent and sovereign countries adds too much cost then he would be correct.
Remember the EU Single Market and Custom Union does not cover every aspect of commerce and industry across all 28 member states.
Having said that, the Payment Services Directive 2 (PSD2) which applies to Stripe, will remove any remaining barriers and costs that still exist between member states when applied to the provision of electronic payments. If one was to add in the eIDAS directive then meeting compliance for identity, fraud, etc will soon be irrelevant.
The EU has been moving towards more standardization for quite a while now. The most prominent example is the euro coin. And although the GDPR may seem to many like another regulation to comply to, it's actually a unifying regulation because now you don't have to deal with separate privacy laws for each member state.
Be aware, fellow Europeans: there is a cost to all regulation. If you feel like a constant afterthought, maybe it’s because you are.
(I know these are not necessarily specifically related to this Stripe product. It’s more of a cultural undertone. What I’m trying to say is: the parent comment has a point.)