Hacker News new | past | comments | ask | show | jobs | submit login

I'm sure there's some good reason not do it, so I'll ask if anyone here knows: why doesn't the law just require some technical implementation that can be automated? Why can't the law just specify something similar to the DNT header (finer grained) and require compliance with that?

The GDPR offers a general privacy framework. Technological specifics may (or may not) become part of the upcoming, heavily embattled "ePrivacy regulation", which was intended to come in effect simultaneously with the GDPR. Right now, we have a somewhat unfortunate limbo.

The law should lay out principles, not techniques. The GDPR works for any kind of data processing, it is not specific to browsing on the Web.

The core issue is that the ~150 companies of the Oath network will effectively go out of business when they comply with GDPR. So now they try to play some games, until the fines handed out to them become too large to sustain in EU.

Can't they just stop their business in the EU?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact