When he read the law it roughly said, "Anyone operating an app store in the state of Texas must, bla bla bla."
My issue with this is what does it mean to "operate in." Tech companies small and large, but especially small, can't comply with every law of every state, county, provence, country in the entire world. Am I supposed to comply with North Korean law? Am I supposed to comply with Saudi Arabian law and prevent anyone from insulting Mohammad?
What's worse is these laws can contradict. You have privacy laws that say you can't collect certain data. You have data retention laws that claim you need to collect data to help with surveillance in some countries. You have laws that say you can't collect information on or sell certain things to certain people. Then you have laws telling you that you can't collect the data to even know who you can't collect data on. Like COPPA. You can't collect data on minors. But if you don't collect data on minors how would you have enough data to machine learn who is a minor? You can't target someone for non-collection of data without collecting data on that user.
As far as I'm concerned the only people who have jurisdiction over me, and I don't even fully agree with this, is the location I'm at and where I run servers. Anyone who contacts me from out of state is operating in their state but I am not operating in their state by responding to a TCP packet that is received in my state.
Now a lot of people like the idea of pushing more laws onto big tech as if that is hurting them. The problem is that big companies and small have to exist inside of the same legal framework. Everyone likes thinking they are David fighting Goliath when their small jurisdiction tells Google what to do. But Google loves this too. Because this is a model that can't include small companies. Small companies can't operate in a model that requires compliance with 600+ jurisdictions.
Log in
When he read the law it roughly said, "Anyone operating an app store in the state of Texas must, bla bla bla."
My issue with this is what does it mean to "operate in." Tech companies small and large, but especially small, can't comply with every law of every state, county, provence, country in the entire world. Am I supposed to comply with North Korean law? Am I supposed to comply with Saudi Arabian law and prevent anyone from insulting Mohammad?
What's worse is these laws can contradict. You have privacy laws that say you can't collect certain data. You have data retention laws that claim you need to collect data to help with surveillance in some countries. You have laws that say you can't collect information on or sell certain things to certain people. Then you have laws telling you that you can't collect the data to even know who you can't collect data on. Like COPPA. You can't collect data on minors. But if you don't collect data on minors how would you have enough data to machine learn who is a minor? You can't target someone for non-collection of data without collecting data on that user.
As far as I'm concerned the only people who have jurisdiction over me, and I don't even fully agree with this, is the location I'm at and where I run servers. Anyone who contacts me from out of state is operating in their state but I am not operating in their state by responding to a TCP packet that is received in my state.
Now a lot of people like the idea of pushing more laws onto big tech as if that is hurting them. The problem is that big companies and small have to exist inside of the same legal framework. Everyone likes thinking they are David fighting Goliath when their small jurisdiction tells Google what to do. But Google loves this too. Because this is a model that can't include small companies. Small companies can't operate in a model that requires compliance with 600+ jurisdictions.