
HN Violates the GDPR - feld
There is no way to delete your account and your comments on HN. This is a violation of the GDPR. Why has this not been addressed yet?<p>https:&#x2F;&#x2F;gdpr-info.eu&#x2F;art-17-gdpr&#x2F;
======
DanBC
Citizens don't have an absolute right to have all data erased on request.

The comments are still needed and being used for the purpose they were
gathered for, so this fails the first point in your link

> the personal data are no longer necessary in relation to the purposes for
> which they were collected or otherwise processed;

If there is identifying data in the comment you can email the mods and they
will (I think) redact it for you.

Most usernames do not identify a natural person, so that means most accounts
fall outside GDPR. If they do identify a natural person I think you could
email the mods and they'd change the name. (Obviously I have nothing to do
with HN so I can't tell you what they will or won't do).

tl;dr most accounts aren't covered by GDPR and the mods will do stuff with the
ones that are.

~~~
yummybear
I don't believe this is compliant with the GDPR. Afaik usernames are
considered personal data, as are user ids. Both are a form of online
identifiers:

"Natural persons may be associated with online identifiers provided by their
devices, applications, tools and protocols, such as internet protocol
addresses, cookie identifiers or other identifiers such as radio frequency
identification tags. This may leave traces which, in particular when combined
with unique identifiers and other information received by the servers, may be
used to create profiles of the natural persons and identify them."

~~~
DanBC
Sure, if I can identify the natural person from the name yummybear then
yummybear is personal information.

But HN simply can't do that for most accounts, and so for most people their
username isn't personal data.

------
alanfranz
If you write to the moderators at hn@ycombinator.com they'll answer and comply
quickly.

------
jsty
IANAL

My armchair argument would be that when you sign up to post on a public forum,
you should have every expectation that your posts will remain visible.
Expecting otherwise would be rather like publishing a book before invoking
GDPR to 'un-publish' it and demanding to have all the sold copies destroyed
several months after release simply because your name is on the cover.

The expectation of content remaining public is also explicitly stated in HN's
terms, along with a pretty broad-ranging agreement to allow them to use the
content you upload. Thus arguably HN has a contractual right to continue
publishing the content, as allowed for under art 6.1(b).

GDPR Article 6: "Processing shall be legal if and only if to the extent that
at least one of the following applies ... (b) processing is necessary for the
performance of a contract to which the data subject is party ..."

------
ars
Are you saying you want EU users blocked from HN? Lots of sites have done
that, but I think EU users find the blocks annoying.

------
trothamel
I'm sure we could find a North Korean law HN doesn't comply with, if we looked
hard enough.

------
mtmail
Last year's discussion "Ask HN: Does HN respect the GDPR?"
[https://news.ycombinator.com/item?id=16661323](https://news.ycombinator.com/item?id=16661323)

------
Dayshine
Why do you think Article 17 applies to Hacker News?

I don't mean the GDPR, I mean having read the article, which of the grounds do
you believe applies?

The only one that's plausible is 1.b), and I'm not convinced that Hacker News
is storing your data using Article 6 1(a).

The Right to Erasure applies to some pretty specific situations, mainly where
the data is being held using consent only. I'm fairly sure that Hacker News
stores your user content either under "Legitimate interest" or "Contract".

------
hombre_fatal
Why would HN care about some EU directive? They also don't have that obnoxious
cookie warning.

~~~
yulaow
I think they don't have a cookie warning because they don't use profiling
cookies but just the technical ones.

------
zxcvbn4038
I care about GDPR because my employer has a physical presence in multiple EU
countries. However, a US based company with no physical presence wouldn't
really care. Wouldn't it be nice if they had to.

There are a lot of things in GDPR that I agree with and anyone who follows it
in spirit is going to get my business over someone who does not, and that is
something all of us can do. But beyond that, I'd recommend that OP remember
the classic saying "You catch more flies with honey than you do with vinegar"
and maybe ask the moderators nicely to remove whatever past comments are
irking him.

~~~
PerusesVanes
AFAIK the GDPR applies to every company, regardless of where it is located, as
long said company has customers / users / ... from an EU country

------
ariwilson
HN is a small scrappy upstart that has only invested in $80B of tech
companies. It can't possibly be expected to comply with the GDPR.

<sarcasm>

