They struggle with it for the same reason people on the political left always struggle to understand why some people oppose new regulations: the question of whether and how to regulate commercial activities is always a proxy for deeper underlying differences in how people view the world. GDPR is just a proxy fight between the left and the right and is showing all the same characteristics.
Consider adventured's sibling post - it quite astutely points out that GDPR discussions are much more vitriolic than you'd expect for discussions of the minutiae of data handling. People who say that GDPR compliance is hard are being attacked on a personal level. He explains it as 'emotional investment' in GDPR but I don't think that's a good explanation; the people arguing most strongly for it are also those saying it's not much work, so that seems backwards. You'd expect people who put in the most effort to be most emotionally invested in it.
There's a much better explanation available: your view on GDPR is a direct consequence of your assumptions about human nature. If you believe in the existence of benign and enlightened technocrats then GDPR seems like excellent progress towards building a better world - it's extreme vagueness and severe penalties are exactly what's needed to foster obedience to technocratic elites. People who complain about this are just being unnecessarily awkward ... just be reasonable after all, and you'll be fine! The EU are reasonable so if you're reasonable too, you have nothing to fear! From this perspective, anyone who objects to GDPR or actually decides compliance is impossible must - almost by definition - be being unreasonable. What are they hiding? Why can't they just get on board; the only answer available is that they have flawed characters and any points they make about gray-area debatable things like cost:benefit ratios must be some sort of obfuscation.
If on the other hand you believe the whole idea of wise and beneficent bureaucrats is naive, then GDPR looks like a hell of a lot like a power grab by the very sort of people who shouldn't be able to grab power. Vagueness is of deep concern because it's in the shadows of vagueness that abuse can be found, and when a law is nothing but vagueness, it even makes sense to question to motives of those who created it - that's a problem because lots of self-styled Europeans have bought into the EU's utopian rhetoric and can't separate criticism of the EU from criticism of themselves and their desired future.
There's no real scientific way to prove whose assumptions about human nature are right. The USSR was a rare example of a real-life experiment in who was right and for a long time it proved the American style, conservative, small weak government is better mentality to have superior results. But that was decades ago and many have forgotten or weren't alive back then, so now rule by technocratic dictatorship seems attractive again.
As a consequence GDPR discussions will always have the same flavour as Clinton v Trump debates, or Brexit debates, or whether to restrict spending on political campaigning. They are ultimately about the same issues.
You're bringing your US-American assumptions about politics and left vs right into the context of European politics where they are a poor fit. The world is not Democrats vs Republicans.
There is no GDPR debate or fight: it's done, it was done six years ago, and the only people pushing back are American companies who are unhappy that Europeans don't want their data hoovered up by corporations they have no control or oversight of, for who-knows-what purpose.
Sorry, but do you want to say that EU has no left and right in politics (parent post did not mention Democrats or Republicans)? Or that everyone in the EU is unanimously happy with GDPR? Seriously, if a law's getting applied only after a long while it's passed - it's not unheard of to have a debate as people start to actually care.
Maybe I'm wrong, but I think that parent example is not US-specific at all and is applicable to just about any country where there are people that learn toward different beliefs (that "direct consequence of your assumptions about human nature" part of the post)
The assumptions may be wrong, but that was generally constructive.
First of all, come on, obviously I'm not saying there are left and right in EU politics (and in the national politics of EU countries), but what those left and rights are concerned with don't match 1:1 with the issues under debate in American politics.
Partly because there is a much broader political spectrum -- Democrats in the US roughly line up with, for example, the Conservatives in the UK or the CDU in Germany -- but also because it's just a different set of issues and preoccupations.
I do think it's fair to say that within the EU there is a general consensus about the importance of data privacy, and I also don't detect any resistance to the GDPR in general, or any question that it should be repealed. (That was partly sealed by the revelation of US spying on Europeans a few years ago, which hasn't been forgotten.)
Second, if I'm honest, I find the whole "assumptions about human nature" is a bunch of hokum and quite the opposite of constructive. Nothing about GDPR has to do with "obedience to technocratic elites", and is in fact about rejecting the ability of institutions which are not democratically accountable to gather personal data and monitor people, or make decisions that affect their daily lives, without their informed knowledge and consent.
GDPR is not a "power grab" (hah!), it's about distributing the power that comes from control of information more evenly. The EU has a lot of flaws, but this is one of the most democratic and equalizing bits of regulation that they've produced, and frankly the concessions it makes to large companies are huge.
I don't accept the argument that to be in favor of this I must be in favor of USSR-style totalitarianism. If anything, the inefficient planned economy of VC-funded startups, with their cults of personality around founders, that want to collect data and influence populations with impunity are the petty dictators of the 21st century. Personal rights should trump the rights of corporations, and I am deeply suspicious of people who would equate the two.
But that's all making a mountain out of a molehill: most of what GDPR does is harmonize existing regulation across the EU to make it easier for companies within and outside of Europe to do business here, adds enforcement teeth to the regulatory agencies and harmonizes the penalties, and sets out in actually rather specific detail what is required to be compliant, while giving everyone years to implement this regulation.
If people don't want to comply with GDPR and just block all EU users, then that will make the internet a nicer place for us, so by all means go ahead!
You probably haven't looked then. Despite assumptions elsewhere, I'm from Europe and still live there for example. The idea that everyone loves GDPR is naive. Only today I was working next to someone who was trying to figure out how it applied to her (tiny) business, and getting annoyed by the process. She's just copy/pasting the contents of an email she received into her own mail copy to avoid having to do extra work.
Nothing about GDPR has to do with "obedience to technocratic elites"
No? I think you missed by points then.
The GDPR was created, is enforced by and serves the interests of regulators. It specifies so little it is essentially a direct grant of power to those people - they can do whatever they want within its framework and that framework allows nearly anything.
As for 'technocratic elites', did you see political parties campaigning on this issue? I sure as heck did not. Right now the hot topics in European politics are immigration, terrorism and economic growth. Not data protection.
is in fact about rejecting the ability of institutions which are not democratically accountable to gather personal data and monitor people
Of course companies are democratically accountable - outside of monoplies (rare), you can just not trade with them if you don't like their data handling practices.
Interestingly enough, GDPR gets the most support from the center-right parties within the EU, in my experience because it's a law that protects individual's rights to their data. You'll find that it's not that popular among the left-wing member parties.
It's a deflection tactic by people who are emotionally invested into GDPR. Note the extreme emotionalism that GDPR draws out of its supporters. That makes it difficult for some of the supporters to have a rational discussion when it comes to the flaws of GDPR. They don't have a legitimate response to the context in question, so the easy approach is to attack the credibility of the person stating that they've struggled with compliance, rather than engaging in substantive discussion about the problems that GDPR generates for small businesses. The fear for the supporters is that if they admit to there being any flaws in GDPR, that will then act as a threat to GDPR (which they view as a monumental victory for privacy). They don't want to give an inch of ground, no matter the issue, because they're afraid of having GDPR diluted, taken away, and or not spread to the rest of the planet.
This is also why in all cases you'll see the GDPR supporters go after the character of the site/service owner (including always questioning their motives to muddy the waters). It's an attempt to short-circuit any reasoned debate, to destroy the credibility of the opponent. This has happened numerous times on HN in the last month or two.
You are aware that there is a time and monetary cost to comply for those with legitimate data collection purposes, right?