A lending website ceased all operations over concerns with the European Union's General Data Protection Regulation (GDPR). Chris Beach, the founder of Streetlend.com, decided to shut down the service after five years of operation due to uncertainty and risk created by the GDPR. He explained in a message posted to the site that the penalties associated with the Regulation made it too costly for Streetlend.com to remain active. "GDPR threatens website owners with fines of 4% of turnover or €20 million (whichever is higher) if they do not jump through a number of ambiguously-defined hoops," He said. "The law, combined with parasitic no-win-no-fee legal firms, puts website owners at risk of vindictive reporting. Young websites and non-profits cannot afford legal teams. Therefore the risk posed by GDPR is unacceptably high." Until April 2018, Streetlend.com was a website that let neighbors and friends lend each other tools like ladders and gardening equipment. It collected users' location data and displayed it on a map along with other nearby members with items to offer. From there, users connected with lenders to figure out the specifics of transaction, including settling on a cost (if any) for the loan.
A screenshot from the now-defunct Streetlend.com borrowing window. Streetlend.com worked in affiliation with Amazon where members saw items to buy whenever they borrowed something. The tech giant then gave Beach a share of the sales revenue. It wasn't enough to make the site profitable, but Beach said his day job helped keep the site in operation. All this changed with the GDPR. Beach wrote that this data protection standard unfairly favors some businesses over others:
Perversely, this new EU law hurts small and ethical startups, but helps reinforce the dominance of Facebook, Google and Twitter, who are able to prepare and defend themselves using established legal teams and cash reserves, and who now face less competition from startups. The EU Cookie Law, EU VAT regulation and now the EU GDPR are all examples of poorly-implemented laws that add complexity and unintended side-effects for businesses within the EU.
The penalties associated with the GDPR should be weighing on the minds of all organizations that process EU citizens' data. To protect themselves against those fees, they need to make sure they're compliant with the Regulation before it takes full effect on 25 May 2018. Tripwire can help in this regard.
