
Ask EU users: why are you using this shady site that doesn’t comply with GDPR? - ryanwaggoner
Pretty sure that HN is not fully compliant with GDPR, and that only very shady sites that intend to misuse your data are not compliant as of today. How can you stand this blatant violation of your human rights?<p>OK, I’m being deliberately provocative about it, but it’s a serious question. Is HN actually compliant and I’m just not aware? Or are you giving them a pass for some reason? Or are you all filing complaints right now?<p>Genuinely curious.
======
drKarl
First, you can use HN without even creating an account. If you want to comment
and upvote you can create a an account, and the only personal information you
need to provide is an email address, which doesn't even need to be your main
email address. It doesn't show ads, so it doesn't have an incentive to collect
our personal data and interests to target ads or sell the data to third
parties.

Your comment seems to denote that you think GDPR is a silly european thing and
that it restricts companies freedom and that USA doesn't need similar laws to
protect user data and privacy. So, are you really ok with Facebook, Google,
Amazon and so many other companies spying on us for their own benefit, to
profit off personal data, even share that data with three letter agencies or
it's just because it's an US vs THEM mentality that everything outside US is
strange and slightly frightening? Genuinely curious.

~~~
ryanwaggoner
They’re likely storing your IP, and collecting data for analytics. Maybe not?

I’m general, yes, I’m OK with Google and Facebook collecting my info. I’m
sending it to them voluntarily as a tradeoff for using their services.

Your use of the word “spying” is just propaganda. And the accusations of
xenophobia are a cheap shot as well. I love Europe, I lived there for several
years, and I’d do so again. I currently visit Europe 1-2x per year.

I’m generally in favor of some of the intent behind the GDPR, and would
probably support a more sane version of it here. I’m not in favor of its
claims to jurisdiction over any company in the world under the logic that an
EU citizen might visit their website. That’s a dangerous precedent.

~~~
gargravarr
HN's privacy policy is freely readable here:
[http://www.ycombinator.com/legal/](http://www.ycombinator.com/legal/)

They go out of their way to ensure you need to give them absolutely minimal
data - IP communications won't work without IP addresses, and logging them is
pretty harmless in my mind. Geolocation for analytics purposes is also fine in
my book.

The biggest part of GDPR is to give individual end users control over their
personal data and the way it's processed. The easiest way to sidestep GDPR is
to not collect this data in the first place.

As a European and as someone involved in my company's GDPR implementation, I
am fully in favour of it, it's what 'normal' users have clamoured for. EU laws
are quite powerful and can be applied to any member state, equivalent to
federal law in the US. This grants a very good standard of basic rights and
legal protection, and I am very glad we have it.

Edit: in fact, I view it as a massive cop-out that so many non-EU sites have
chosen to block requests from the EU rather than face up to the fact they do
not need to collect and process this data for general operation of their sites
- I'm looking at you, US news sites. Frankly, that is also fine by me - if
visiting such a site requires me to submit to being clinically profiled and
categorised for reading a news article, I'll go somewhere else.

~~~
ryanwaggoner
_logging them is pretty harmless in my mind. Geolocation for analytics
purposes is also fine in my book._

Great, but that's not what the law says?

I think it's fine for sites to block EU visitors, and fine for EU visitors to
go somewhere else, whether they're blocked or not. But that's not at issue
here, is it? HN isn't blocking EU users, they haven't updated their privacy
policy in more than a year, and they're likely collecting data that, while you
personally may be OK with it, isn't compliant with the GDPR.

So it seems like you're willing to give them a pass even though they're not
compliant? So why the hostility towards other sites that are in the same boat,
but take the additional precautionary step of blocking EU users to show that
they're really trying not to violate the law, and that they don't want those
visitors since they're not compliant?

