
Ask HN: Legal compliance for small side projects - zawerf
To fix my paranoia, can I get some case studies for what&#x27;s the worst that can happen for messing up terms of service &#x2F; privacy policies?<p>Fines for $xx billions for messing up COPPA compliance like in Silicon Valley(the HBO show) is probably not real: https:&#x2F;&#x2F;youtu.be&#x2F;JNuTcsp4SvA?t=40<p>But what&#x27;s something more realistic that actually happened before?<p>My specific website has user generated content which blows up the legal complexity a lot (intellectual property rights, DMCA compliance, user accounts which means GDPR stuff).<p>Is there any scenario where I can&#x27;t just fold up shop and run away? Do I need to be doing the project under some LLC?
======
enyone
The worst that can happen is described in GDPR quite clearly [https://eur-
lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...](https://eur-
lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN)

Note that I'm certainly NOT a lawyer.

..but still here in European Union the preference has been (at least pre-GDPR
era) to first give a written warning to service provider about not being
inline with the regulations. This has also included a period during which the
provider can fix it's behavior. If regulations are not met after given period
only then (usually progressively and aligned with the extent of the business
and real damages caused) monetary penalties will arrive. This is EU not US.

When looking here from Finland GDPR is not that big change as we have had
quite strict national regulations in place since 1999. The biggest change here
is that user should really be able to get all it's data removed permanently
from whatever service she/he has previously used (usually referred with terms
right-to-be-forgotten). Another big change is that it is not anymore up to
only the actual end-user to raise a lawsuit about personal data losses but to
give also for an authoritative entity possibility to raise that lawsuit
without prior actions of the original end-user.

~~~
zawerf
I am asking for something more general than GDPR. And I guess the worst case
isn't what I am looking for either (since that would just be "fullest extent
of the law").

I am trying to see what people would actually litigate over and from what I've
read it seems like GDPR only applies to larger companies or pretty egregious
behaviors.

I want to get a sense of the EXPECTED financial damage versus the cost of full
compliance. This is just random side projects and it will take longer to
understand the legalese than to code it!

For example I am sure people often misuse open-sourced licenses, forget to pay
for rights to use images or fonts, forget to register at copyright office for
DMCA safe harbor, etc. But the cost for all of these is not the same. Open
source license misuse only matters once you get pretty big and get on their
radar. But misusing a Getty Image has a 100% chance of being fined since they
scan the web for unlicensed use.

~~~
enyone
One additional question?;

are you referring on to a case where you have not met the regulations (from
the perspective of the information and options you give to your end-users) and
authoritative entity comes to you with warning which you are not going to
notice

-OR-

are you referring on to a case where personal user data is stored and used
without end-user explicit consent and/or knowledge and/or that data "leakage"
has caused/will probably cause in the future real damage to this user

~~~
zawerf
The first case but I am not worried about anything where they "warn" you
first. So despite the timing my question isn't GDPR specific.

I am mostly worried about cases where you just get sent a settlement letter or
a fine. There's a sue-happy litigation-for-profit culture in America.

------
blakdawg
If “fold[ing] up shop” includes filing bankruptcy and losing all of your non-
retirement assets, and you’re cool with that, then you’re basically good.

An LLC won’t protect you from claims that you _personally_ screwed up; or that
you treated the LLC like an alter ego (rather than as a separate entity) and
thus piercing the veil is appropriate.

If you want to consider a very very unlikely but not impossible scenario, look
at the Hulk Hogan/Peter Thiel vs. Gawker litigation and its aftermath.

If you need protection from litigation threats, you need insurance; structures
like LLC’s don’t win/settle lawsuits, they make it tougher for plaintiffs to
collect after they win a judgement.

