undefined | Better HN

0 pointsjacquesm7y ago0 comments

Thank you for making a coherent argument. You are missing one point I think: if not for those regulations those companies would love to do business. They are forbidden from doing business, this guy sees the law and runs off without even trying to become compliant. That's a different thing. There is no way that Kinder could be compliant with US law in such a way that they would not be exposed to what - to EU sensibilities - amount to exorbitant damage claims.

Similar arguments apply to the other examples you use, I see your point and there are valid reasons to not enter a certain market because of the legal climate there but the point I am trying to make is that the OP has not raise any valid point at all other than 'I don't want to comply'. And that's fine by me but then don't bother dressing it up in a bunch of made up requirements.

0 comments

kingofhdds7y ago

>this guy sees the law and runs off without even trying to become compliant

This guy quite clearly states that he doesn't have resources to become compliant, while it is too risky to make a mistake here.

There are fans of GDPR on this website, who prefer to ignore the fact that the compliance has its cost, and added to that still unknown risks of practical interpretation of legislation which also have their cost. But these are real life things.

Angostura7y ago

I respect his right to do whatever he would like with his own hobby, but we should be clear that the guy is stating he doesn’t have the resources, based on a series of misunderstandings.

So, for example, he says he is required to appoint a DPO.

The U.K. Information Commissioner has this to say:

>Do we need to appoint a Data Protection Officer?

A> Under the GDPR, you must appoint a DPO if:

> you are a public authority (except for courts acting in their judicial capacity);

> your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking);

> * or your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.

caffeine51507y ago

You are correct as to a DPO, but if he is, say in the US, and subject to GDPR, he must have an EU Representative, who by all indications would be liable for his violations. That's a significant burden if not a practical impossibility for most in his position. Also, if he's transferring personal data from the EU to the US directly from individuals, his only practical way of making that transfer compliant is likely to be privacy shield certified which is not cost free (although he could maybe rely on consent as a derogation, but relying on that has risk). I can think of many things like this that have, if not a hard cost, then a definite cost in time and resources to comply including keeping up with compliance. Could easily be not worth the effort for a single individual.

kingofhdds7y ago

And "large scale" means how many records in DB? How many users? Or records per day?

5 more replies

e12e7y ago

Perhaps more important, dpo is just another hat - if he's ceo,cfo,cto - he can be dpo too?

2 more replies

aembleton7y ago

That's the UK's interpretation of GDPR. What about France or Poland, or any of the other countries?

I suppose it depends where in Europe he would like to visit

3 more replies

number67y ago

GDPR compliance takes resources. I would say for a small business it takes about 1 or 2 days. Not hard work but tedious. In the end you will have around 5 documents that will show your processes, what you do to keep data save, a plan how you deal with questions from customers and regulators, that you trained your employees and that you choose your subs carefully.

Essentially that's it.

I am no lawyer but I am a CPO.

Pro tip: Speak with the regulators they are on your side.

kingofhdds7y ago

I guess you are EU-based, unlike the guy whose text we are debating here.

1 more reply

wiz21c7y ago

Well many of us find it completely normal to spend days on having a good security, setting up HTTPS, encrypting content to protect privacy. I wonder why GDPR seems so different, it's just more of the same, just less technical.

askmike7y ago

Exactly. It will take a while before standards and best practices form, but they will.

bryanrasmussen7y ago

I guess I am a fan of GDPR, certainly compliance to anything has a cost. I personally don't find the costs of GDPR compliance onerous unless you have already built up lots of non compliant systems that now need to be fixed, in which case the free ride is over. Anyway, this guy is pulling out of the EU but if he allows anyone from the EU to use his service from a non-EU location anyway he would be risking non-compliance.

jiveturkey7y ago

no. gdpr applies only to people in the eu. if you are an eu person in canada it does not apply to you.

1 more reply

subway7y ago

Kinder is an amusing example, since they decided to offer a compliant variant of their product in the US.

https://www.today.com/food/kinder-joy-chocolate-eggs-are-com...

Sylos7y ago

They did that in a rather smart way, too, by diverging it enough from the original that they could sell it elsewhere as a new thing.

I mean, it never really took off here, very few people prefer it over the original, but better than not being able to sell it outside of the US at all.

fcbrooklyn7y ago

Yes. Rather a step back from the original offering isn't it? If I'm being honest, I couldn't give a damn about the kinder eggs prohibition, as I am not a child, and I do not have children. The Bovril issue is by far my biggest personal concern, although I'd really like to be able to buy raw milk cheese.

jkaplowitz7y ago

There are states in the US where you can buy raw milk cheese legally. You just can't do it through interstate commerce, but for example it can be done in person at farmer's markets with cash. New York is one such state, I dunno about the other major tech hub states.

fcbrooklyn7y ago

Bovril could easily comply. They would simply have to open a manufacturing facility that did not use UK beef. The French cheese makers could sort of comply, by pasteurizing their milk. Kinder, I admit, has a more difficult problem, and has, in fact attempted to comply, by creating a completely different product with the same name.

CaptainZapp7y ago

"The French cheese makers could sort of comply, by pasteurizing their milk"

And why should the French cripple a delicious and traditional product, which is gladly gobbled up by millions of happy consumers to sell their product in the US?

tinus_hn7y ago

Because otherwise they can’t sell it there. Their country, their rules. A French cheese maker doesn’t get to dictate the rules abroad. Take it or leave it.

1 more reply

C4stor7y ago

You mean, exactly what we are doing right now, causing all kind of outrage in France ? Funny you should bring that up, because it's a very hot topic currently :-D

dogecoinbase7y ago

Ah yes, "simply" open a manufacturing facility.

fcbrooklyn7y ago

There will be a cost involved. And presumably there will be some benefits that result. Those are precisely the parameters of OP's decision.

tokyodude7y ago

I'm not following your distinction. The only difference seems to be timing.

Case 1: CompanyA is already doing business in CountryB. CountryB changes regulations. CompanyA pulls out of CountryB because of regulations

Case 2: CountryB has regulations. CompanyA choose not to do business in CountryB because of regulations

am I missing something?

Moru7y ago

Except EU has always (well, Sweden since 1973) had regulation, if you would gave followed that, you would not have to change much in most cases. Just write some documents and smaller changes.

llcoolv7y ago

But in this case this is not even a business. It is a zero-revenue open-source project. It seems to me that only very well-funded charities are allowed to run web services now.

P.S. I sincerely hope my country gets out of this ASAP.

kerng7y ago

Kinder is a great example actually on how a company adjusted their product. Now I believe in all markets (even beyond USA) the product is safer and less dangerous for kids to get injured.

Sylos7y ago

I really don't think, it got safer.

It takes some special talent, even as an adult, to take such a big bite off of a classic Kinder egg that you'd have any chance of accidentally swallowing the plastic capsule or somehow else hurting yourself on it.

And with the new egg, I'd be concerned that my kids swallowed that plastic spoon. Like, that's something they actively have to put into their mouth and it's not as interesting as the toy for them to be motivated to not swallow it.

It's also small enough for them to realistically pull this off.

qz37y ago

Is safety a real concern here? I would have never viewed Kinder Eggs as dangerous in any way.

I haven't found a single case of a child getting hurt in Germany. Only news reports about them being unhealthy (big surprise).

fcbrooklyn7y ago

Actually, I'm pretty sure they still stick the toys inside the eggs everywhere except the US. Perhaps a European can correct me on this assumption.

EDIT: Turns out the US-style kinder eggs are indeed available outside the US.

mast7y ago

In Canada they definitely still put toys in the eggs. http://www.ferrero.ca/our-brands/kinder-surprise/moments-of-...

1 more reply

Some_Degenerate7y ago

I've seen this variety sold in Poland

https://www.candywarehouse.com/assets/item/regular/kinder-jo...

But I'm not sure it's typical.

1 more reply

Sylos7y ago

They marketed it as a new thing beside the original here in Germany.

Most people seem to prefer the original, though. They lost a lot of charm by going from toy+edible+tinfoil to plastic+toy+plastic+edible+plastic spoon+plastic.

1 more reply

kerng7y ago

Looks like this now http://fortune.com/2017/05/22/kinder-egg-usa-debut/

I have seen this outside of US also (pretty sure it was doing a Europe trip)

1 more reply

youngtaff7y ago

Yup, Kinder Eggs have toys inside in the UK

Karlozkiller7y ago

They're not forbidden to so business, they're forbidden to so business unless they adapt their product or practices. I'd say that is pretty much the same as this case?

j / k navigate · click thread line to collapse

0 comments

kingofhdds7y ago

>this guy sees the law and runs off without even trying to become compliant

This guy quite clearly states that he doesn't have resources to become compliant, while it is too risky to make a mistake here.

Angostura7y ago

I respect his right to do whatever he would like with his own hobby, but we should be clear that the guy is stating he doesn’t have the resources, based on a series of misunderstandings.

So, for example, he says he is required to appoint a DPO.

The U.K. Information Commissioner has this to say:

>Do we need to appoint a Data Protection Officer?

A> Under the GDPR, you must appoint a DPO if:

> you are a public authority (except for courts acting in their judicial capacity);

> your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking);

> * or your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.

caffeine51507y ago

kingofhdds7y ago

And "large scale" means how many records in DB? How many users? Or records per day?

5 more replies

e12e7y ago

Perhaps more important, dpo is just another hat - if he's ceo,cfo,cto - he can be dpo too?

2 more replies

aembleton7y ago

That's the UK's interpretation of GDPR. What about France or Poland, or any of the other countries?

I suppose it depends where in Europe he would like to visit

3 more replies

number67y ago

Essentially that's it.

I am no lawyer but I am a CPO.

Pro tip: Speak with the regulators they are on your side.

kingofhdds7y ago

I guess you are EU-based, unlike the guy whose text we are debating here.

1 more reply

wiz21c7y ago

askmike7y ago

Exactly. It will take a while before standards and best practices form, but they will.

bryanrasmussen7y ago

jiveturkey7y ago

no. gdpr applies only to people in the eu. if you are an eu person in canada it does not apply to you.

1 more reply

subway7y ago

Kinder is an amusing example, since they decided to offer a compliant variant of their product in the US.

https://www.today.com/food/kinder-joy-chocolate-eggs-are-com...

Sylos7y ago

They did that in a rather smart way, too, by diverging it enough from the original that they could sell it elsewhere as a new thing.

I mean, it never really took off here, very few people prefer it over the original, but better than not being able to sell it outside of the US at all.

fcbrooklyn7y ago

jkaplowitz7y ago

fcbrooklyn7y ago

CaptainZapp7y ago

"The French cheese makers could sort of comply, by pasteurizing their milk"

And why should the French cripple a delicious and traditional product, which is gladly gobbled up by millions of happy consumers to sell their product in the US?

tinus_hn7y ago

Because otherwise they can’t sell it there. Their country, their rules. A French cheese maker doesn’t get to dictate the rules abroad. Take it or leave it.

1 more reply

C4stor7y ago

You mean, exactly what we are doing right now, causing all kind of outrage in France ? Funny you should bring that up, because it's a very hot topic currently :-D

dogecoinbase7y ago

Ah yes, "simply" open a manufacturing facility.

fcbrooklyn7y ago

There will be a cost involved. And presumably there will be some benefits that result. Those are precisely the parameters of OP's decision.

tokyodude7y ago

I'm not following your distinction. The only difference seems to be timing.

Case 1: CompanyA is already doing business in CountryB. CountryB changes regulations. CompanyA pulls out of CountryB because of regulations

Case 2: CountryB has regulations. CompanyA choose not to do business in CountryB because of regulations

am I missing something?

Moru7y ago

Except EU has always (well, Sweden since 1973) had regulation, if you would gave followed that, you would not have to change much in most cases. Just write some documents and smaller changes.

llcoolv7y ago

But in this case this is not even a business. It is a zero-revenue open-source project. It seems to me that only very well-funded charities are allowed to run web services now.

P.S. I sincerely hope my country gets out of this ASAP.

kerng7y ago

Kinder is a great example actually on how a company adjusted their product. Now I believe in all markets (even beyond USA) the product is safer and less dangerous for kids to get injured.

Sylos7y ago

I really don't think, it got safer.

It's also small enough for them to realistically pull this off.

qz37y ago

Is safety a real concern here? I would have never viewed Kinder Eggs as dangerous in any way.

I haven't found a single case of a child getting hurt in Germany. Only news reports about them being unhealthy (big surprise).

fcbrooklyn7y ago

Actually, I'm pretty sure they still stick the toys inside the eggs everywhere except the US. Perhaps a European can correct me on this assumption.

EDIT: Turns out the US-style kinder eggs are indeed available outside the US.

mast7y ago

In Canada they definitely still put toys in the eggs. http://www.ferrero.ca/our-brands/kinder-surprise/moments-of-...

1 more reply

Some_Degenerate7y ago

I've seen this variety sold in Poland

https://www.candywarehouse.com/assets/item/regular/kinder-jo...

But I'm not sure it's typical.

1 more reply

Sylos7y ago

They marketed it as a new thing beside the original here in Germany.

Most people seem to prefer the original, though. They lost a lot of charm by going from toy+edible+tinfoil to plastic+toy+plastic+edible+plastic spoon+plastic.

1 more reply

kerng7y ago

Looks like this now http://fortune.com/2017/05/22/kinder-egg-usa-debut/

I have seen this outside of US also (pretty sure it was doing a Europe trip)

1 more reply

youngtaff7y ago

Yup, Kinder Eggs have toys inside in the UK

Karlozkiller7y ago

They're not forbidden to so business, they're forbidden to so business unless they adapt their product or practices. I'd say that is pretty much the same as this case?

j / k navigate · click thread line to collapse