Hacker News new | past | comments | ask | show | jobs | submit login

I'd wager they have read their own rules. The GDPR is riddled with language to the effect of "lol but not EU governments OBVIOUSLY GUYS COME ON".

I think GDPR is a great law, but if there's one critique of it'd I'd level without hesitation, god damn is it hypocritical.




Examples? I read parts of the GDPR, especially those covering exceptions and everything I read seemed reasonable.


Sure, examples:

===

Article 6.1.e "in the exercise of official authority vested in the controller;" - Wide open door.

Article 9.2.d - exception to prohibition on racial profiling for political parties on their own membership.

Article 9.2.g "processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued" - The "anything we declare acceptable" biometrics exception.

Article 9.2.h - The "no opting out of online medical records" clause.

Article 17.3.b "or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller" - The "if we say it's in the public interest not to delete it then we don't have to delete it" clause.

Article 23.1 - The laundry list of cases where any EU government can throw out all rights the GDPR establishes. Includes the following: "other important objectives of general public interest of the Union or of a Member State" as if that's not a goalpost a mile wide.

Article 49.1.d - Allows transfers of data to countries with inadequate data protections to take place if they are declared to be "in the public interest".

===

Pretty much everything in the GDPR document is untested at this point, and whether government or corporation, quite a lot of cases are going to have to be argued before the courts.

However, this document leaves open many arguments for governments that are not open for others. There is no definition for what might be "in the public interest" in GDPR, nor are there guidelines for interpreting when someone is "exercising official authority". One could argue that police departments are doing that 24/7 and thus large chunks of GDPR don't apply to them at all because processing is always lawful as a result.

By leaving themselves so many fruitful avenues of arguments to present to courts that have not been granted to others, the collective EU governments have created a law that holds others to a higher standard than themselves. Hence, hypocritical.


> Pretty much everything in the GDPR document is untested at this point, and whether government or corporation, quite a lot of cases are going to have to be argued before the courts.

Why would a law be needed to be argued in court? There's been various improvements related to privacy already. Various big (national) companies have been ignoring the GDPR (disallow visitors unless they agree); this practice is now being investigated. Simplified: Netherlands asked the EU to clarify if the practice is ok according to the GDPR or not. There's been no court case. There has been discussions between companies, government as well as the EU.

See https://tweakers.net/nieuws/146391/privacywaakhond-onderzoek...

The purpose is improved privacy, not fines.


>Why would a law be needed to be argued in court?

By the grace of living in a democratic society and not a despotic dictatorship, it is in essentially every western nation the right of any legal person who is accused of breaking a law to request judgement on the matter by the courts.


Talking about how to implement or write a law and going to court to fight against a fine you get for breaking that law is two different steps far removed from each other. It is in the last one the courts decide if/how the law should be upheld and where democracy lives.

What you are implying would make judges politicians.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: