Hacker News new | past | comments | ask | show | jobs | submit login

> perhaps it's not completely inconceivable that we could require businesses collecting any personal information from users to be licensed and audited

In Sweden it used to be like this. Starting with a law in 1973 that grew out of fears of big corporation mainframe databases, everyone with a registry of personal information had to register with the government, pay a license fee and comply with a strict data privacy law. Then the 80's and 90's came and the law was slowly weakened and eventually replaced with an implementation of the EU data protection directive which is more self-regulatory.

UK legislation still requires every organisation that processes personal information to register with the ICO (Information Commissioner's Office) [1].

Kids Pass are registered: https://ico.org.uk/ESDWebPages/Entry/ZA145885

[1] https://ico.org.uk/about-the-ico/what-we-do/register-of-data...

Good find! So maybe this organization needs to go beyond mere registration and start educating people, at the very least -- actual audits would be better, but of course much more expensive.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact