Hacker News new | past | comments | ask | show | jobs | submit login

It is not "themselves". This article is about government websites in member states. That is not the same thing as the EU itself. Although in this case they will not be fining anybody, since governments are exempt from GPPR. (The article doesn't say it is illegal either, just that it is disgraceful.)



> Although in this case they will not be fining anybody, since governments are exempt from GPPR.

That depends on how the GDPR is implemented within the country. E.g. above is factual for Belgium, but _not_ factual for The Netherlands. "Autoriteit Persoonsgegevens" has been notifying everyone to comply, government website or not. It's a steep learning curve though, there's also an multi-year effort to have government websites make use of TLS/certificates.

Edit: A reference: https://www.rijksoverheid.nl/onderwerpen/privacy-en-persoons...: "Sinds 25 mei 2018 moeten overheden, bedrijfsleven en verenigingen voldoen aan de Algemene Verordening Gegevensbescherming (AVG)."

meaning: "Since 25 May 2018, governments, businesses and associations must comply with the General Data Protection Regulation (AVG)."

Overheid.nl is the official government site.


The EU commission's websites were in violation of GDPR as well [1], but their websites are and were also exempt from the law.

[1] https://www.techdirt.com/articles/20180605/22253339978/eu-co...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: