52 comments

[ 3.2 ms ] story [ 110 ms ] thread
It always seemed to be that Europe came up with GDPR because (1) they felt envious of other geographical regions that were more successful at developing web services, and (2) they passed a law to guarantee they'd never produce a Google or a Facebook.

(These are contradictory, but so are the preferences of committees)

Before GDPR every web site had somebody involved who officially or not served as a "voice of the user" who pushed back on user hostile features such as pop-up, pop-in, pop-under, and other annoying windows.

The GDPR drove all of these people into hiding, and once it was normalized that you'd pop in a window to harass users about privacy, it no longer felt safe to advocate for the user and against pop up windows asking people to subscribe to notifications that nobody in their right mind would want, against having two or three pop-ups asking a user to subscribe to an email list, etc.

(And us computer programmers get blamed for "not having empathy for the user"... I just wish I could take all the negative emotions aimed at us and magically redirect them to the handful of Eurocrats who made life worse for the rest of us.)

My experience is pretty much the opposite. GDPR was a response to user hostile behavior and some sites responded with fixibg that while others doubled down on user hostility.

As a programmer I blame my fellow programmers who created the problems and not the eurocrats who tried to fix it.

I don't think that's true, before GDPR, websites and apps were just hoovering up user data and not telling anyone about it, knowingly or not, by implementing their own user hoovering, or just putting ads on pages.

Whatever person was responsible for the voice of the user, would be overruled by the people responsible for the making of the money

No one had any idea where that data was, who had access to it, if it was secure, would it be deleted if requested

> every web site had somebody involved who officially or not served as a "voice of the user"

Not really, no. Before GDPR lots of websites also had popups for example asking you to subscribe.

The cookie law introduced lots of annoying popups that were of no use, I agree with that. GDPR at least made it so that you can be sure you have the option to disagree to tracking that way.

Personally, I don't know anyone that would blame developers for 'not having empathy for users' or something similar. The consensus seems to be that the fault lies with the people in charge of a) the website making use of monetization through user tracking and b) the services that allow websites to monetize user tracking.

>It always seemed to be that Europe came up with GDPR because (1) they felt envious of other geographical regions that were more successful at developing web services, and (2) they passed a law to guarantee they'd never produce a Google or a Facebook.

As a European citizen, I'd like my privacy to be somewhat respected. As of today, I have little options in terms of smartphones – mostly Android and iOS. If I choose Android (because I want choices), I must log into a Google account in order to access the Play Store. Almost all app editors only distribute their apps through that Play Store. And when I log into the Play Store, Google forces me to have all my local contacts to be uploaded to their server. There's no workaround this. Why should Google believe they're entitled to all my friends and family data only because they have a monopoly on Android apps distribution? This is crazy and I'm hopeful that GDPR will probably prevent that: thanks to GDPR, any data protection authority in EU can now sentence Google harshly enough for Google to stop sucking data they have no rights over.

I'm also a business developer at at a European mobile app editor (with millions of active users) and, believe me, things have changed for the best for the end users. We now only collect data we know we actively need to improve the apps (and we anonymize it and delete it after 16 months), we apply GDPR rights globally (not just EU users), we stop doing ads in our apps (freemium model only), etc. GDPR is great.

Before that, I worked as marketing manager for an independent app store. The CEO forced us to collect data massively for no legitimate reasons. It was crazy. We got millions of people (early 2010's) to log into our website with Facebook and we collected everything (people's friends list, birthdays, gender, etc). Things really have changed for the best.

I REALLY don't understand your reasoning.

Most privacy advocates claim GDPR didn't go far enough.

Maybe I've been doing this longer than some of you.

The way I saw it was that there was always pressure to harass users (privacy is not just an lack of dossier building, it's also a "right to be let alone") and I was successful at pushing back against this at least somewhat in many places I worked.

When GDPR came out it was like the dam broke or like when Phillip Zimbardo smashed the window on the car... All of a sudden nobody wanted to listen when you said they should slow down on the harassment. The EU set this example that harassment was "good" or "required", so it made other forms of web harassment more acceptable.

In the US we also had the HIPPA law which showed the moral bankrupcy of "privacy policies". That is, if you get the simplest health care services in the US you have to sign a 50 page document that enumerates such a long list of people who are entitled to your health care data any reasonable person would ask "Why don't they just leave all my health records on the curb and save so much money on paperwork they could cut my health insurance premiums in half."

The harassment, paperwork, costs, and lost innovation is all real. Dossier builders are going to go ahead and build dossiers anyway. The EU gets to prove it is a player by doing a stupendous act of vandalism against a public resource.

(e.g. if you want to improve privacy don't ask for "consent"... that's as problematic as consent for sex... just don't let the data get collected to begin with)

Quick question, why just don't collect data that is not essential for your product? Is it because you are jealous that some bastard still collects it and you don't want to be the sucker that respects the laws?

or this non-essential data is making you enough money? Be honest, some people here appreciate capitalists with no morals, blame the game not the player kind of people

I am not sure if I can follow your arguments. Why would GDPR result in Europe never producing a Google or Facebook? I can imagine arguments that a product that has to abide to the EU rules could be less competitive outside EU, but the same issues apply for Google and Facebook if they want to continue operating within the EU.

Since both Google and Facebook are slow to comply to GDPR and are perhaps in the dubious position of having to comply to competing USA/EU regulations, presumably EU based companies would have an edge within the EU.

If you mean GDPR results in less companies being able to grow to the current scale of Facebook and Google, because the global market gets splintered I can see your point. That would imply an impact for Facebook and Google as well though. Personally, I would not object to that.

Final sentence of abstract:

>> Whatever the privacy benefits of GDPR, they come at substantial costs in foregone innovation.

Based on a quantitative analysis of the number of existing and rate of new apps in the store. It seems like quite a stretch to equate volume with innovation, unless you are using the "10,000 monkeys" strategy.

I wonder if they would make the same argument about regulations around advertising to children?
I think when their talking about loss of innovation here, it would seem to be innovation in gathering user data.

Like, if I introduce legislation to stop fraud, am I reducing innovation in fraud?

What an odd definition of "innovation".

If your business model is at odds with respecting peoples privacy, do we really need your busines??

Yeah, I feel this is like saying that creating a better tax law killed innovation in the tax dodging space. The kind of innovation that the GDPR killed is nothing I miss.
Famous last words in a global economy, alongside "tax businesses and the elite". All three are a very delicate balancing act on the global scope of things, between letting the private sector run rampant or rapidly becoming a third world s#%t-hole by nuking your economy. More importantly, this isn't about privacy. This is about protecting information from foreign entities. If Facebook and Google were based in the EU and subject to their governments' control as well as order, I have serious doubts as to whether the GDPR would've ever come to exist. China and Baidu, for example.
Global economy is on its way out, as covid, and the return of the cold war, have shown what happens when vital sectors depend on foreign powers.
While that may be the sentiment, very few countries have the scale required to afford the luxury of acting on such a perspective.
It is a matter of time, even if it takes a couple of generations.

Globalization only works when most countries on the same side.

The "study" uses app revenue as a proxy for actual innovation, implying that the innovation they care about consists of GDPR-affected exploitation tricks that cannot be adequately inflicted. Highwaymen complaining about gun control.
Privacy used to be a right, but it's becoming seen as more of a duty.

You might not need their business, and the law should ensure you don't suffer by refusing it, but I'm not sure we should completely eliminate nonprivate tech.

Some things are inherently nonprivate because of P2P tech. Other things only deal with data that the users don't care about. Some things will probably make privacy advocates uncomfortable no matter what, like Tile and Sidewalk, and might be at risk depending on how far people go with this.

The GDPR is 99% great, but they could have had exceptions for small companies with a prominent "This service does not meet GDPR standards and your privacy is not protected on this site" disclaimer.

Most lost apps are probably utter shit full of viruses, but some may have left just because it was a hassle and they felt they might need a lawyer, and the 2 man dev team just scattered. They might not have been actually violating anyone's privacy.

Others might have been caught by the right to deletion thing, and not had the money to fix it, but nonetheless were not doing anything deceptive.

Of course, this is more theoretical, since most of the apps were probably literally a flashlight that mines bitcoin, or a dating app made by some porn app drop shipping company, with 8 total users(all fake), and a monthly fee to message a buggy bot.

Once you get big enough that people stop having free choice, and competition no longer applies, like with Facebook where you risk social exclusion, it makes sense to regulate it more.

I'd hate to see exceptions for the data portability stuff though. That was pretty much an unqualified win for everyone.

What garbage. I would support even tighter restrictions of data to force more companies to shut down. If they need such detailed personal data to survive I would not consider that innovative at all.
Why isn't the reduction in quantity of apps on the app stores indicative of less shovelware that was only able to bring cash in because of user tracking? Why do we want the kind of innovation which GDPR forbids?
> Reduced consumer welfare from a diminished choice set: Because of the unpredictability of app quality at entry, GDPR’s depressing effect on the number of apps available – and, in particular, its depressing effect on entry – can have a substantial effect on the value of the app choice set to consumers.

This sentence is _very_ loaded with at least two assumptions that:

a. The quality of apps scale with the quantity of apps (and especially that the discontinued apps were representative of the app store environment as a whole and not the worst of the worst of the bunch who had no choice but to close up shop).

b. The only way to provide quality applications is by surreptitiously harvest and process user data.

I am currently being paid to innovate on my companies data and processes to fully support GDPR and similar laws; so I'm happy.
We document that the ban on dumping dioxins in rivers has induced the exit of a number of chemical plants; and following implementation entry of dangerous chemical handling facilities fell by half. Whatever the health benefits of banning dioxins, they come at substantial costs of forgone innovation.
Child Labor Laws and the Lost Generation of Innovative Coal Mines
Environmental Protection Orders and the Lost Generation of Innovative Chemical Plants
Also not forgetting all the great lead-sugar based candy we're foregoing
It was also a great disaster for the thriving and competitive asbestos industry. The number of new applications for it have dwindled ever since.
Having a rather successfull app with no tracking at all I'll be throwing in my doubts.
> For example, 38 percent of developers using ads for revenue generation, and almost all apps selling data to third parties, reported a decline in revenue with their post-GDPR monetization strategies

Oh no.

Does that mean there’s been a drop in parasitic flash light apps?

Not sorry at all for that "lost generation", maybe they should have though about business ideas that don't rely on exploiting private data.
Reminder:

Due to GDPR, companies can not track when people have gone for abortions and sell said data.

Remember safegraph [1]? This is in their privacy policy[2].

> As of May 25, 2018, a new data privacy law known as the EU General Data Protection Regulation (or the "GDPR") went into effect through the EEA countries. SafeGraph does not offer products or services involving the collection or sale of “personal data” in EEA countries. We likewise seek not to collect such personal data from our data providers. Should any of the foregoing change, we will update this section of our Privacy Policy.

This, to me, is one of the greatest wins of GDPR.

[1] https://www.vice.com/en/article/m7vzjb/location-data-abortio...

[2] https://www.safegraph.com/privacy-policy

We lost so many innovative apps that can't survive without those 10 cents or whatever they get by stealing your data.

Sorry but if you app is so good quality then I would pay for it, support you on Ptreon or similar or if I am poor I would make an account and fill a form with some personal data or if your app is so high quality and you beg I will enable the fucking cookies just for you.

What I think is happen is someone is lying with statistics, they tortured some numbers until they got the result they wanted.

> Sorry but if you app is so good quality then I would pay for it, support you on Patreon or similar

Whatever you think you would do, the issue is whether most people would.

Paid apps generally struggle to make the same money as ad-supported ones do.

It's a lot of what we are conditioned to do and expect. We learned that the default cost for most apps is free (with the hidden cost of data mining), this assumption can be challenged and possibly changed.

It won't necessarily be easy or quick and likely requires cooperation with the major App Store owners to help assist with things like store visibility, upgrade pricing models, and/or friendly subscription interfaces.

Why you think people expect free? People buy expensive games on consoles and steam, some developers buy expensive IDEs,editors, subscription to services. The only expectation is that crap should be free, like you made a shit TODO app in a weekend why would someone pay for it?

I agree, a simple way to free trial an mobile application would help, also have the greedy giants tax apps exactly the same how themselves pay taxes (only on profit and only after all possible loopholes are used)

From numerous places I get this impression:

1. Family and friends often refuse to download even cheap apps that I recommend, even though they are from known publishers and of high quality with good reviews.

2. Colleagues at work express a similar sentiment, even at a programmer-centric place of work few are willing to pay for software on their phones.

3. On r/apple and r/ios I meet this sentiment a lot as well.

4. 92% of the Apple App Store apps are free to download, and 96% of Google Play Store are free to download, this helps with the impression that free is the default.

5. Free apps are generally higher rated: https://www.statista.com/statistics/879863/customer-ratings-...

What would be such a innovative app that people won't pay 1 dollar for it? Maybe there are free software alternatives that are good enough.
Most recently, I recommended Hidgets to someone who wanted additional Health App widgets on their dashboard. But it costs money, so they hesitated and did ultimately not purchase it.

https://apps.apple.com/us/app/hidgets/id1533426260

Is that app innovative in your opinion? We had people creating widgets for Linux desktop 20 years ago. That person probably decided to maybe he can open the health app for free or maybe find some script that does it (not sure if Apple let's you script your phone or you need to first ask permission).

I would pay for an app if either it saves me time by doing some of my work for me or if is entertaining like a game.

Innovative? Absolutely-effing-lutely.

Inventive? (the word some people use when they actually say innovative). Not so much. Only a handful software applications over the past 50 years deserve that title.

Seems like moving goalposts here. Why does it have to be innovative to deserve a few minutes of my income? Why is not the value in of itself?

This entire thread was about this Innovative apps that people don't pay for. I can believe that people won't pay for some shitty apps that you spend 2 minutes on a year.

But for sure there are people that don't pay for apps, my parents don't have a credit card connected to their device, I told them that all they actually need is free and not risk buying garbage or get scammed.

>Paid apps generally struggle to make the same money as ad-supported ones do.

I would say those are not innovative enough or the developer did not made the case why he needs support. People like me pay for a quality IDE even there some good enough free alternatives exists because for me quality means more productivity.

I would really like to hear from such a developer with a truly innovative app explain why only targeted advertising works for him.

This article doesn't mention a shakeout [0] effect. Shakeouts are typical in new industries, even when new entrants continue to come to market..

I also find the timeframe, blinkered to pre-2016 and post-2019 to be unnecessarily blinkered. This should be included in the introductory preamble.

Pre-2016, the number of apps in both the iTunes [1] and Google Play [2] stored saw rapid growth.

Post-2020, iTunes plateaued while Google Play rose by about 10% in 2020 before declining to 2018 levels in Q3 and Q4 2021.

[0] https://en.wikipedia.org/wiki/Shakeout

[1] https://www.statista.com/statistics/268251/number-of-apps-in...

[2] https://www.statista.com/statistics/268251/number-of-apps-in...

It would be interesting if the article attempted to control for shakeout events, such as 'number of PDF readers', a perhaps low-'innovation' type of app, rather than total number of apps as a proxy for innovation.

Edit: Here's a paper on shakeouts, if interested in reading beyond the brief Wikipedia article: https://homepages.rpi.edu/~simonk/pdf/siisp.pdf