This worst-case web would still support all of the original use-cases of the web, where ordinary folks and organizations were posting ordinary documents that anyone anywhere in the world could view.

It's small-business webapps that have problems. But I would be very glad for those to stop doing so many terribly sketchy things that have become the norm on this consumer-unfriendly internet we're dealing with.

So like I'm super afraid of a "regulated internet", but I'm also super sad by what's happened while it's been unregulated. Businesses, governments, even ICANN have done terrible things to the internet. I'm not very optimistic for any outcome anymore.

Not really. If you have a personal website with analytics (even your own), suddenly you need to display some cookie warning. If you allow comments all of a sudden you need to follow GDPR. Understanding it may require more time that you were willing to spend on share your ideas with the world. So if you really want to share you move to some big platform that handles it all for you.

The law is already so complex that even within a single country or a state, people who study it need specialisations. Regulators have no grasp regarding existing laws or full extent of laws they are voting for. It's madness.

Small business that government or a big company doesn't like can already be killed by thousand cuts because they don't have infinite amount of money to spend on lawyers.

You already have server logs for analytics.

What you refer to as “analytics” is actually stalking and I’m glad we have regulation around it now.

By the way, you don’t need to display a warning, you need to ask for consent in a non-intrusive way (consent should be freely given).

Or just you know, don’t stalk people. Seems like an easy enough solution.

no, GDPR does not have any effect on personal websites.

Article 2 of GDPR defines the scope of the law.

> This Regulation does not apply to the processing of personal data: by a natural person in the course of a purely personal or household activity

If I had a website about programming and it had a forum part is it purely personal? What if is it just comment section? What if I had ads to cover server costs vs when I don't have them now? I closed the website because I don't know. And I don't think I would say I know until I hire a lawyer.

Re analytics part from another comment, I only care how they interact with my website. Without sharing that info with anybody. You could avoid cookies if you really wanted to but then you actually collect more data about your visitors.

> If you have a personal website with analytics (even your own), suddenly you need to display some cookie warning. If you allow comments all of a sudden you need to follow GDPR.

Not having both of those is a good thing, so I see no downside.

Not having comments on anything personal is a good thing with zero downside?

First of all, California isn't just any state, it's the largest one. It even has stricter auto emissions standards pushing forwards the rest of the country -- so this isn't so much a dangerous precedent, as a "special California thing" which is historically more protective of the consumer than the federal government. (I personally see this as a positive thing.)

And as long as state laws are limiting abusive behaviors, I don't see what the problem is -- then we all follow the new "floor" and the whole country benefits. A small start-up can not choose not to lie about a bot being a person just as easily as a tech giant can.

The problem is if local laws conflict with each other or impose a significant burden. But then the federal government generally steps in quickly and shuts things down thanks to the interstate commerce clause.

So I don't think there's anything to worry about here.

If you know how to create a bot, then you know how to make it tell you that it is a bot.

I accept the general premise of your point, but this particular law isn't asking anything onerous. The societal benefits that come from limiting the ways in which political and commercial bots can decieve the public are just too great to claim this is a bad thing.

1) There is already balkanization based on countries. Does California change that situation so much? Enough that it shouldn't perform it's role in the U.S. as a laboratory for legislation (a role of all states)?

2) Commerce and communication restrictions should not be considered without also considering the purpose and benefit the legislation intends to cause. First and foremost is whether it actually helps more than it harms. For example, it could have been (and I'm sure was) argued that abolishing slavery was problematic from the standpoint of groups of people and businesses interacting with those states and what it meant to use slaves in them or take slaves to them. The point is not to equate this issue with the abolitionist movement, but to point out that how the law affects interactions between states may have very little (or very great) bearing on whether it should be ratified, and it depends entirely on the legislation in question. Great leaps in both positive and negative directions both cause friction between (nation)states, so friction itself is a poor indicator of whether legislation is good or bad.

Please keep in mind that this is not California's first internet specific law. It has already passed laws about phishing, sexual exploitation, cyberbullying etc. See https://oag.ca.gov/privacy/privacy-laws

If you want to sell something in a place, you abide by that place's laws. If you want to sell in a zillion different jurisdictions, you're big enough to do comply by each law.

If the alternative is to wait for Congress to pass a law, then the precedent is long since set. The Congress sets a bar for passing new legislation very high (two separate houses, one of which has a 41% veto, plus the chief executive).

The "laboratory of the states" thing is a legal nightmare in a networked world, but it's inevitable under the current organization. Well-crafted nation rules would be better, but a lot of people seem to want it this way.

It’s not ugly, either.

For generations people who wanted to do business in another jurisdiction had to follow the law of that place, even if it meant physically traveling there or opening a store.

Internet businesses would still have things much easier, as a change in software can be done by someone working from home or in Chennai or what have you- without any capital expenditure.

Dont make this out to be armageddon- it’s not.

Agreed, when are you enforcing Article 11/13 in the US? /s

Actually Article 11 is in effect in Germany. Article 13 also.

GDPR is absolutely insane. I was working on a European website where a user would upload a product info along with a photo of the product. I had to abandon it, because I'd have to somehow filter all uploaded content for copyright and other violations, as I'd be liable under this new law.

Ah, I think you're referring to the recent EU copyright directive (https://en.wikipedia.org/wiki/Directive_on_Copyright_in_the_...) rather than GDPR.