Hacker News new | past | comments | ask | show | jobs | submit login

GDPR can't come too soon. That would definitely put an end to these shady practices, as the penalties of several individual infractions would endanger any company.



It will offer a possibile solution in Europe, where Facebook has already been under heavy scrutiny. It won't change anything in the US, South America, SE Asia and developing countries where Facebook is already dangerously synonimical to the whole online experience of the average user.


> developing countries where Facebook is already dangerously synonimical to the whole online experience of the average user.

Was that not the case with AOL in the US in decades past?


The hope is that Facebook will not have two different data handling strategies for EU and non-EU users and we'll see some sort of regulatory encroachment from the EU to the rest of the world. But obviously GDPR endangers so many of Facebook's shady but lucrative practices that they will have financial incentives to set up two different user silos.


> The hope is that Facebook will not have two different data handling strategies for EU and non-EU users and we'll see some sort of regulatory encroachment from the EU to the rest of the world. But obviously GDPR endangers so many of Facebook's shady but lucrative practices that they will have financial incentives to set up two different user silos.

Facebook might be one of the few organizations with the motivation and ability to set up two different regimes to contain the effects of GDPR on their practices.

In that case, I would love to know what their selection criteria is.


I wonder if other countries also start making laws like the GDPR? The EU is creating a frameworks which makes it very easy for other countries to "attach" on too. The only danger is not having enough leverage to "prevent" companies from leaving and not adhering to privacy standards, but by cooperating this should be possible?


No it won't.

> [] I want to see dancing monkeys and for that, I agree to have all my data shared with unnamed third and fourth parties indefinitely.

See? Everyone clicked that :).


Under GDPR you cannot mix these two things. They cannot force you to accept conditions that are not relevant to the requested item - if you do not accept the opt-in, they are still not allowed to refuse your access to the monkey video, as there is no meaningful connection between said video and all of your data.

It would be different if you had to pay for something, in which case you would have to agree to share your name, credit card etc. However, they still would not be allowed to share it with unrelated (!) third parties.


Even if they complied with your erasure request and deleted everything from all their servers and their backups (spanning the world over a decade), think of all the non-EU third-parties who have your FB data already


GDPR isn't only about data deletion, but also about the transparency of data handling strategies. There was a "nightmare GDPR" letter HN post a couple of days ago that illustrates some of those responsibilities.


I wonder if GDPR could be applied to companies I don't have a relationship with but have my data (i.e. CA-type data collection companies)?


The GDPR basically states that a company have a relashionship with you if they have data about you.


Sure. That's already possible in Germany, where any company has to provide you with the details of their knowledge about you once a year for free: https://selbstauskunft.net/


and how many people are aware of it and will write to companies like FB asking for their data?


That's not how GDPR works.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: