Hacker News new | past | comments | ask | show | jobs | submit login
Internet Privacy: Federal Authority Could Enhance Consumer Protection [pdf] (gao.gov)
87 points by jdmark 36 days ago | hide | past | web | favorite | 21 comments

Awesome, maybe now all those news website blocking European IPs will instead fix their stupid tracking. I can't wait to see how many dark patterns they will use to force the user to "consent".

Why would it change anything? Unless it's close to 100% compatible with GDPR it won't help. The reason sites are blocking Europe is that serving content to European users is too great of a liability compared to the amount of money they make. Unless the US one has basically the same terms, that liability is still going to be there.

This doesn't look like legislation, it's just a report to tell congress that they should consider developing legislation.

Yes, exactly as the title indicated with the phrase "proposed to lawmakers". Whats your point?

It is possible to read the title as to mean that the link will contain the actual "proposed legislation" rather than the "recommendation" for such legislation.

People "propose things to lawmakers" all the time; that's not particularly interesting. The linked report is interesting because the GAO does a nice nonpartisan analysis of the issue.

But apparently GDPR ruined the Internet, so surely the US would never do something like that.

There are positive and negative impacts of GDPR. Yes, poorly implemented consent is annoying, but forcing companies to use time and energy on privacy is super positive.

I have spent the last nine months in a few different co-working spaces here in Denmark, and all startups there have informed and essential conversations about handling users data. Just a few years ago that would never have been a topic. For me that's a very positive change.

There's been a whole bunch of unexpected benefits.

Physical junk mail has noticeably gone down. So much so the Royal Mail issued a profit warning because GDPR had decreased total volume 10% or some such. Well that was unexpected, but grounds for flags and parties by itself.

> Just a few years ago that would never have been a topic

Really? I remember discussions at UK startups and larger places I worked about whether such and such was a part of the Data Protection 1998, whether some data should exist, or whether we were covered by the regs at all.

Far as I can see the big positives of GDPR are the tidying up and extending what constitutes personal data and plugging some of the loopholes. That and the max penalty has been increased enough to hope multinationals start caring too.

>but forcing companies to use time and energy on privacy is super positive.

Until you find out that for some reason your country/region has far fewer strong internet companies than other regions of the world. Then you realize that you effectively shot your own economy in the foot.

Can you elaborate?

Europe is large and educated. The EU has 50% more population than the US and the EU is just as highly educated and almost as rich. Yet how much everyday software do you use that's from the EU compared to the US?

Something has kept EU companies down. I assume that it's the combination of the various regulations we have in the EU that make it less welcoming of an environment to run an online business. GDPR is just one additional brick in that wall.

These companies grew up with local data protection laws. UK's Data Protection Act 2018 implemented GDPR, repealing the DPA of 1998, which repealed the DPA of 1984.

I am no longer afraid of entering contests that ask for my email address, as the GDPR means that they can't spam me with their crap afterwards. To me, the GDPR has been extremely positive so far, and I don't consider having to think about the privacy of the users of my apps a bad thing (I was doing it anyway).

Article 13, on the other hand, can go fuck itself.

do you care to elaborate without expletives?

This is pretty illuminating and expletive-free: https://juliareda.eu/2019/02/eu-copyright-final-text/

Why do you think you can trust the people that handle the data just because it's illegal to do something in Europe? If the entity running the website or handling the data is outside of EU jurisdiction then they can take all of your data and there would be no repercussions for them. It's also possible that you agree in some step to having your data used or your data falls under one of the exceptions. GDPR is feel-good legislation first and foremost.

> Why do you think you can trust the people that handle the data just because it's illegal to do something in Europe?

Why do you think you can trust people not to do illegal things just because they're illegal?

> GDPR is feel-good legislation first and foremost

I guess that's true, I do feel pretty good about it.

>Why do you think you can trust people not to do illegal things just because they're illegal?

It depends on how sensitive the data is and how much I trust the company. I trust my bank to handle my money because if they do something shady I can rely on the justice system. But I would not trust random websites with data I wouldn't want them to have, GDPR or no GDPR.

There's nothing stopping a Chinese website from ignoring GDPR and taking your data and selling it. You don't even have legal recourse there.

GDPA may be 10x as effective as GDPR if it is drafted correctly.

Once again the U.S. has been caught on the back foot. We are late in responding to GDPR and by now the scope has changed. The real issue is that there is no regulatory body for the protocols of the 4th Industrial Revolution. Market driven responses develop slowly, and in the meantime the various competitive solutions will turn the marketplace into a spaghetti junction. We still don't have an eCoin, no direction on the potential issues with Blockchain, the web is, and continues to be leaky and DARPA is dragging their heels in spite of being offered solutions. Currently the Web has over 3000 specifications, and the corporations behind the W3c want to maintain control rather than working toward solutions. Meantime, our friends toward the far East are better organized, and are working toward control. This is path-dependent work and whoever controls next-gen ecommerce will maintain command of commerce for a long time. We're in trouble, and the Academy appears to be incapable of finding a solution. Treating GDPR is working on the symptoms rather than addressing the root causes. It's time to wake the f*ck up! --John Bottoms, inventor of the browser

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact