undefined | Better HN

0 pointsjeremyt8y ago0 comments

Again, I was in my early 20s and fresh out of college. I had no idea what I was doing.

It’s not that I was trying to cut ethical corners or do things poorly, I just didn’t know what the right way to do things was. Computer science education is often very theoretical and high level and not at all practical .

I’ll be the first person to say that I was not the most experienced and or talented programmer in the world, but do we want to prevent such people from starting companies?

And secondly, not all PII is the same. We stored names and addresses and phone numbers and websites. Not exactly medical histories or DNA profiles.

0 comments

3 comments · 3 top-level

gkya8y ago

> I’ll be the first person to say that I was not the most experienced and or talented programmer in the world, but do we want to prevent such people from starting companies?

Yes. You should be fine as long as you're not collecting anybody's data or potentially harming them in any way, but apart from that, there should be established a bar to entry to what has become the fundamental motor of almost every single thing on the earth.

ACow_Adonis8y ago

Perhaps this is a cultural difference, but I've collected names and addresses and phone numbers, and I worked under legislation where I can go to jail if i disclose the information i saw or had access to.

Later, outside of that legislation, when I'm collecting it, I deal with the Australian Privacy Principles [0].

It doesn't bother me that much, because I take a "well if we don't need it, we shouldn't be collecting it, and if we are collecting it, we should do so minimally and protect it anyway."

I believe under GDPR, if you need it, you can collect it. If you don't need it, why would you be/collecting or holding it?

There are certainly legal problems/ambiguities around ip and data collection, and yes, its usually legislated by people who really don't understand tech or information theory or data linking, but frankly I haven't heard very many legitimate ones brought up in relation to GDPR.

What I think someone naive and fresh out of college would do, for instance, when asked to delete data is...delete data.

And if they think that "delete my data" means go through a database and put a '1' in a delete flag against a record that is still retained, then I think they're not so naive, they picked that up somewhere from someone acting nefariously who told them it was "best practice".

And if they picked that up somewhere and it is industry "best practice", that's the kind of bullshit we should be weeding out of the tech industry.

If the user can't view/delete their data, that's a dark pattern. Which again, see above: needs to be weeded out of tech.

[0] https://www.oaic.gov.au/privacy-law/privacy-act/australian-p...

ryanwaggoner8y ago

I think that to the hardcore GDPR fans that you're arguing with, this is like asking if we should let someone who is interested in structural engineering go build a skyscraper and figure it out as they go. Or someone who is interested in medicine start doing brain surgery on people.

They don't really agree that all PII is not the same. To them, storing their IP address without permission is a horrific violation of their human rights.

It strikes me personally as illogical and paranoid to the point of hysteria. However, that's just me, and at the end of the day, I think there's a cultural divide here as to what constitutes privacy, who owns what data, and what power we should trust the government with.

j / k navigate · click thread line to collapse