I would say that if something works in China, that's a useful heuristic to know that it should be stopped from adoption in the West at all costs due to anti-democratising technology.
The EU's biggest contribution to the internet in the last 10 years was forcing every site to add a popup, ruining UX while desensitizing the world, where it was transparent to everyone in the industry that if they wanted to do something they should have targeted browser vendors and not websites.
The EU's biggest contribution is the power it gave me, a simple citizen, to force* billion-dollar companies to not share and even delete my personal data if I want to, without a complicated procedure.
First off, thats not really in the spirit of account deletion in my opinion. Because you're making me pinpoint myself to another person that I want it deleted. Maybe I don't want a human browsing my stuff reading it wondering why I'm asking for it to be deleted. Even less privacy in my opinion.
But beyond that, it won't delete your messages. I guess they just own my words forever now.
> Because you're making me pinpoint myself to another person that I want it deleted. Maybe I don't want a human browsing my stuff reading it wondering why I'm asking for it to be deleted.
That's a pretty weird objection. Even if there was a button at the bottom of your profile page that you could push to delete your account, there's nothing stopping that button from notifying some real person behind HN who could peruse your posting history before deletion.
> Even less privacy in my opinion.
What "privacy" are you talking about? You've posted these comments to a public website, where any user can view your entire comment history.
> But beyond that, it won't delete your messages. I guess they just own my words forever now.
I haven't read HN's terms of use or privacy policy (I suspect you haven't either? Ironic, considering the tone of your post), but presumably, as a condition of signing up in the first place, you've elected to allow that practice.
As a fellow HN user, I think it would be really bad for the community if random bits of old discussions just disappeared, making it difficult or impossible to understand the conversation that was going on at the time. I certainly think there should be exceptions; say you accidentally (or regretfully) posted some personal information that should be deleted... I believe in that case the HN mods would do you a solid and delete it. And I know that in some (all?) cases of account deletion, they'll make up a new username to attribute your posts to, which would dilute any association the posts have with you (assuming you used a name that you've used in other places).
Regardless, there's nothing stopping someone from scraping HN (or using the HN API) to mirror the content of discussions elsewhere. And they might not be in a jurisdiction where you can expect to get your data deleted if you really want to.
To me, these privacy/deletion laws are most useful to force a corporation to delete any data it has on you that it holds privately, and could use to identify you or monetize you or whatever. Once user-generated content comes into play, it feels like a different beast to me.
Oh you got me, I didn't read the policy when signing up. Like 98% of people.
Yet from a site dedicated to creating the modern web, I assume modern web practices are followed.
Even 20 years ago in forums you could go through and delete your posts and edit your comments to blank. Add in 20 years of "we should be able to delete our accounts!", I had figured HN follows this practice.
Whatever, I don't care, I just make a new username once every few months.
dang can and will delete any post or comment you've made if you ask him to, and the FAQ literally says while they prefer not to delete your entire comment history they will if that's what you want.
Yes, although HN has a (transparently spurious) legal argument for why what they do is OK, so you may have to actually take them to court to make it happen.
The outcome is really the only thing that matters in a practical sense. The EU might have good intentions but they've likely been a net negative to the web as a whole.
You're proving GP's point. The EU's legislation left a doorway open so websites could bully users in to continuing letting them harvest their data. If the EU had gone after browsers instead of individual websites, this wouldn't still be an issue.
This is misleading. If only technically necessary cookies are used, no consent pop-up needs to be shown.
I can't follow your point regarding targeting browser vendors. The websites are tracking their users so websites are the right target.
They are not forced to make those popups because they are not forced to collect that data in the first place.
I will take those annoying popups all day every day and happily in return for everything else that's getting better only because of them and the rest of the effects of gdpr.
And it's still weaksauce. It's merely a solid start. They should keep going and do even more.
MORE GDPR PLEASE.
I cheer them on. It's a shame I have to rely on some other countries governments to do their damned jobs that my own isn't.
It's also a shame some of those same governments are also trying to censor porn. But this comment is about the cookie consent popups.
The pop-up is only necessary if you engage in shady tracking nonsense. GDPR does not mandate a pop-up for cookies that simply allow the site to function. Essentially, it's like blaming the flashlight for having made the rats scurry across the kitchen floor.
I read gp’s as: some people expected the rat problem to be solved, but found out that rats now suggest you to opt out of them by filling out a complex form every time you visit a kitchen. Idk, this frustration is understandable.
Every site chooses to uses a popup as a fig leaf to justify their unnecessarily intrusive data collection. Comply with GDPR rules by default and you don't need a popup or can defer it until necessary.
> To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:
> ...
> Receive users’ consent before you use any cookies except strictly necessary cookies.
Defined as:
> Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.
It's entirely possible to have a useful website without requiring a popup. It's just not how most companies prefer to have the web work.
No, a popup or banner would be for requiring consent. A non-consent explanation can be in the privacy policy, or on a dedicated page that is linked in the page's footer or something.
Also, "should" be explained; I don't believe it's a violation of the law to not do so.
The GDPR is mostly good [1], but the EU is trying to ban porn and censor the web, which is wholeheartedly worse than the good that they've done. We should care about our privacy, but we should care an order of magnitude more about our liberty. One does no good without the other.
[1] In its current form, the GDPR massively helps entrench existing incumbents. Compliance is technically difficult and costly and can be difficult for new players just getting started. There should be more assistance given to startups and small companies, and pieces such as the right to access and export data should only apply to companies of 10 employees and larger (or some revenue threshold). These are costly and difficult to implement, and I know my startup is not in compliance. It would take a month just to build that functionality.
I think it's a lot easier to comply with the GDPR now if you're just starting out as a brand-new company. The difficult bit was if you were an existing, smallish company with (in some ways understandably) lax data collection/tracking policies, and suddenly needed to spend a multiple of your revenue to clean all that up in order to comply with this new law that was coming onto the scene. Big companies also had a lot of trouble getting their systems in order, but often had a lot more resources available to do so.
If you are starting out now, and you want to avoid trouble, you just avoid collecting data about site visitors. And when you do need to collect data (perhaps you need customer accounts), then you spend some time thinking about what it means to furnish that data on request, or to delete that data. No, it's not zero work. But it's a hell of a lot easier to build these sorts of controls into a system from the start, than it is to build it in later. I don't really work with web/full-stack frameworks, but I would be surprised if there aren't built-in or third-party modules for the popular ones to help with this process.
"Compliance is hard" when it comes to the GDPR is patently false. Don't gather data you don't need, and don't track things you don't need, don't share personally identifying data, and don't retain data you no longer need.
All those things are the default. It is hard to run into a situation where you risk violating the GDPR without actively making a decision to do so, with maybe the exception of the whole "users have a right to all their information/delete all their information" thing, which should be a straight-forward database operation unless you're doing something asinine.
The minute you have user accounts, you have to export everything associated with EU residents that invoke data export rights. Every table with a user foreign key.
This is a big scope.
Every upvote. Every comment. Every file upload. Even on your innocuous personal blog. Not sure if it's in scope? Hire a lawyer.
Any product imaginable quickly becomes a big GDPR data export problem and legal headache.
If you're a small company, then you probably only have one database with a few tables in it. If that's the case, it really shouldn't be a huge burden to be able to run a few queries to export that data. And if it is, then you probably have other scaling problems that are an existential threat to your business.
As an example: assuming a standard RDBMS setup with a primary and replicas, I would expect that bulk operations would be done on particular replicas dedicated for that purpose. That way you aren't interfering with writes, or with the "normal" reads that come with regular website use.
GDPR is a small step in the right direction but there have also been major steps backwards, especially with respect to encryption. They talk consumer privacy on one hand but discuss how to remove protective tools with the other. I'm not saying it is better anywhere else, but that we can't just say "oh GDPR is here, everything is alright."
I understand why people point to GDPR but I agree that it is misguided. Mostly Americans see the dark patterns (when I use a European VPN the experience is generally smoother). The much larger share of the blame is on the companies, the ones who got us into this mess in the first place. And there are egregious examples like StackOverflow which just have no excuse.
Governments have always lagged to regulate corporations, either because of conflicts of interest or plain incompetence, which is especially true for Big Tech.
But at least the EU is trying to some extent, which was GP's point.
> No they just made it peppered with useless popups.
The popups were a workaround the web adopted due to the lack of technical details in the law, but the law itself isn't to blame. There have been many fines handed out, which is a step in the right direction, at the very least. We should celebrate any step towards protecting citizens from corporations, not scoff that it's not perfect.
The lack of technical details was a good one. The pop ups was the solution the industry chose.
They could have gone with the do not track header, but they didn't although they still could and it would be okay within the concept of the law which just requires consent for tracking.
I agree, and nearly everyone on this forum could come up with a better technical solution. I'm not familiar with how the GDPR came to be, but presumably they had technical advisors, and still took this approach. Maybe it was due to corporate pressure, maybe incompetence; we can only speculate at this point.
I'm hopeful that the laws will keep evolving in response to citizen needs, but I'm still glad I have some control over the data companies have on me, however limited that may be.
I didn’t say any and all ideas coming from China are bad, merely that we should be cautious of anything that got adopted with a wildfire speed throughout the Chinese society.
These ideas get so widely adopted for a reason, and that reason is often that a particular idea thrives in, or reinforces, a totalitarian social environment. For example, “everything apps” are a dream come true for any anti-democratic regime.
A single point where all everyday transactions and information flows through, that you can easily monitor and influence to control citizens? And it comes with free network effects that mean you don’t have to spend time eradicating or control competing ecosystems? Very useful.
Yes, any idea that's enthusiastically supported by the CCP is antithetical to human well being.
For example China has done more to make lock downs impossible to happen again in the last three months than three years of trucker convoys and freedom marches could have done.
That's a very uncharitable reading. "Works in China" in an Internet context would have to include something about having government approval and being subject to government control.
I also read it with the uncharitable reading. I think if OP's intention was this, they shouldn't talk about China in such general terms.
Even with the "charitable reading", I don't agree with OP. China is ranked better on the gender inequality index than America. This would fit in with the notion of government approval and subject to government control, or lack therefore. Similar picture with self-made billionaire women. Does that mean the United States should strive for the contrary?
So China has a more equal gender distribution of both oppressors, and the oppressed? Indeed, very progressive.
The context for any general points raised by my comments is readily available from any online source of your choice. It’s widely known that in China, big tech intersects with anti-democracy, oppression and social control. I specifically mentioned anti-democratic tendencies in Chinese tech for this reason.
So then, should the useful heuristic include the US as well? By far, the most imprisoning country in the history of the Earth? Whose major technology companies have been clearly documented to be funneling user information to that same state's security services?
