I operated under a relatively high-ceremony US regulatory regime (HIPAA, for healthcare information privacy) for several years. I sympathize with the general normative direction for the regulations, but the compliance steps themselves very rarely added value for anyone.
-
-
Show this thread
-
A fun example: a regulated business has to train all of their employees annually on their responsibilities under the regulations and keep a record of them having attended the training. I had a very surreal discussion (with myself, alone in a room) and recorded that I had had it.
Show this thread -
That sounds like a parody of "stupid bureaucratic box ticking" but the nature of bureaucracies is that you really, really don't want to have to say "Look I know 45 CFR § 164.308(a)(5) says all members of the workforce, explicitly including management, need training, but come on."
Show this thread -
Regulations often end up incorporated by reference in contracts, sometimes organically and sometimes because they were explicitly designed to be viral. This lets regulators conscript the regulatees as surveillance regarding their business partners.
Show this thread -
Take GDPR, for example. You might think "Well, that's certainly a big ball of mud, but thankfully I am too small to worry about it." BigCo is not too small. BigCo will hire a department to worry about it. Someone in BigCo will put "Vendor attests to GDPR compliance" on checklist.
Show this thread
End of conversation
New conversation -
-
-
Stripe
@atlas founder here with a UK company as well... I'm not a fan of how any of these laws are written, but I can't help but feel there's a lot of exaggerated shade being thrown around here. VATMOSS, GDPR, and the Cookie Law all good ideas sadly incredibly poorly implemented. -
Big fan of your guides, but would you really *not have run with* an idea you believed in because of any of them? Curious, and surprised to hear you say it.
- 2 more replies
New conversation -
-
-
This is overplayed. EU VATMOSS is simpler than the US state sales tax system. GDPR is good for users. Cookie law is half a days work to comply. The copyright thing is BS though.
-
And it ignores the fact that most SV tech companies ignore existing regulations anyway...
End of conversation
New conversation -
-
-
An experiment in what happens when mostly people that don't know or care about laws start businesses. Has precedents, Spotify's Daniel Ek mentioned that he didn't know to pay Sweden's high taxes for his first businesses but luckily managed to sell them when the bill came due.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.