undefined | Better HN

0 pointsdrcode7y ago0 comments

Reading the FAQ, the only way to really safely ignore the DPO provision would be to hire a law firm with GDPR expertise to parse the vague language in the law and to give written guidance as to whether the law applies to each specific web site, which you can then present to EU authorities in the future to show you performed due diligence to try to meet the requirements of the law.

0 comments

jimnotgym7y ago

I can only think you are not familiar with European principle based law vs US rule based law. Where you see 'vague', I see 'flexible' and 'able to move with the times'

yesco7y ago

Have you considered that a law being "flexible" and "able to move with the times" is exactly why someone wouldn't like it being vague? A law that is "flexible" means that it's a law that can be arbitrarily applied. A law that can "move with the times" means that what might be fine now won't be fine later and just maybe you will be the first to find out.

It doesn't matter if European law has a history of being "principle based", if it can fuck you then someday it just might. Europeans might be fine with this, but I think most Americans would not be. If I was in OP's position I would do the same thing, by simply blocking an IP range all possibility of being made an example of by some people from another continent is flushed down the drain. I'm absolutely baffled why people think this is absurd, if you're not even making any income off of it, why would you ever open yourself up to such expensive potential liability?

jimnotgym7y ago

I think comments like that just open you up to rather obvious jibes about how long European law has been around vs the US.

I will leave the reader to make their own jokes.

snogaraleal7y ago

The FAQ is referencing the legal concepts in the law's text. For example "sensitive data":

"(...) including for the processing of special categories of personal data (‘sensitive data’)", special categories are mentioned on Article 9. "(...) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation"

Do you store or transfer or process any of that data on a large scale? Is it personally identifiable? "Processing" is defined on Article 4.

I believe the original legal text, though not the easiest to read, gives you a fairly clear idea on where your organization or project should stand with respect to GDPR.

(1) What data do you process? (2) How is it connected to your economic activity? (3) How do users consent this use of the data? (4) Is your data "sensitive data"?

If you're some random guy online doing large scale processing of "sensitive data" you better hire a law firm with GDPR expertise to understand and comply with the law, I mean, that's the whole point.

j / k navigate · click thread line to collapse

0 comments

jimnotgym7y ago

I can only think you are not familiar with European principle based law vs US rule based law. Where you see 'vague', I see 'flexible' and 'able to move with the times'

yesco7y ago

jimnotgym7y ago

I think comments like that just open you up to rather obvious jibes about how long European law has been around vs the US.

I will leave the reader to make their own jokes.

snogaraleal7y ago

The FAQ is referencing the legal concepts in the law's text. For example "sensitive data":

Do you store or transfer or process any of that data on a large scale? Is it personally identifiable? "Processing" is defined on Article 4.

I believe the original legal text, though not the easiest to read, gives you a fairly clear idea on where your organization or project should stand with respect to GDPR.

(1) What data do you process? (2) How is it connected to your economic activity? (3) How do users consent this use of the data? (4) Is your data "sensitive data"?

If you're some random guy online doing large scale processing of "sensitive data" you better hire a law firm with GDPR expertise to understand and comply with the law, I mean, that's the whole point.

j / k navigate · click thread line to collapse