Hacker News new | past | comments | ask | show | jobs | submit login

There is no arrest warrant for Google, Facebook or ad network employees either despite them violating the GDPR on a daily basis and very large scale.

Granted, the GDPR doesn't say anything about arresting offenders, but the companies should at least be investigated and fined, which isn't happening either.

The GDPR is a joke.

This exactly, it's very much happening even if you're not reading it in the news every time.

If you search for Google, you will find one 50M fine. What is the 4% of Google revenue's again? 50M is filed under cost of doing business or the corruption budget if you are not that generous.

So you mean the small companies won't get fines of 10Mi dollars as everyone is so quick to claim here?

That is not what I said. I only asserted that major and repeat offenders do not get the book thrown at them.

Your info seems a bit out of date:


> 2020-03-11

> 7,000,000

> Google LLC

> Art. 5 GDPR, Art. 6 GDPR, Art. 17 GDPR

What specific violation do you have in mind? Google has been fined $5B for various non-GDPR violations.

Have they paid any of it? FCC has fined robodialers in the hundreds of millions but only managed to collect a fraction of a percent.

The difference being jurisdiction. Google operates within the EU. Most robodialers targeting the US are not in the US.

As long as they process openly available data I do not see a difference from searching your name on the internet in terms of the gdpr. They also responded to the request (maybe not fast enough) . Deletion would be a difficult thing maybe to be fully compliant to eu regulations .if its ethical is another story...


PII may only be processed if you have explicitly consent for the exact purpose you want to use it for.

There is no "open" personal data you may just use for anything.

> PII may only be processed if you have explicitly consent for the exact purpose you want to use it for.

Not exactly. Consent is one of six allowed ways to process PII. It’s just that for advertising/tracking use its probably the only one that you can use.

And biometrics (which would include images of faces) are a special category of data with stricter restrictions.

Can you back your claim? Its true that the data is still personal but a lower level of protec to ion is applied. Except for children as i remember. There is need for notification but exceptions if not realistically feasible . Sorry on my phone with child sleeping in my arm.

Here is an article I could quickly come up with in English


Just saw that data used for biometric purposes is under special protection beyond typical pii. That seems to be the basis for current investigations.

How is a Facebook profile openly available? Facebook probably gets pii via unreasonably broad blanket opt-outs, which is itself problematic, then it is shared with / not kept safe from a third party.

It's literally on a pubicly viewable URL. Do you delete your local copy of any photo view on Facebook?

Good thing I'm not relying on you for my legal questions. GDPR gives the user control over their own data, and each new use of the data requires specific consent be asked. So using PII on any person, no matter where you found it, requires explicit consent.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact