undefined | Better HN

0 pointsmanigandham8y ago0 comments

Also tired of people thinking that a company not wanting a rule means they were intending to do the exact the opposite of that rule, especially given said rule is incredibly vague and designed to be applied "on principle".

Fortunately for all of us, safety regulation is actually very specific in requirements.

0 comments

9 comments · 2 top-level

mintplant8y ago· 6 in thread

Upthread we have the claim that "most early-stage startups use the... best practice of 'delete=1'," pretending to delete user data while actually retaining it. So, the exact opposite of the rule.

manigandhamOP8y ago

Yes, and many things will remain that way with GDPR because of necessity (ie: old invoices and transactions will continue to have your details). Most startups are doing their best to be good stewards of data, and they didn't need big global regulation to force them.

But do let me know when GDPR actually does anything to deal with ISPs, credit unions, medical companies, and plenty of other institutions that have breaches all the time and have endured roughly $0 in penalties.

lathiat8y ago

> Most startups are doing their best to be good stewards of data, and they didn't need big global regulation to force them.

lol

1 more reply

lagadu8y ago

> Most startups are doing their best to be good stewards of data, and they didn't need big global regulation to force them.

If that were true we wouldn't be seeing daily threads here (like this one) that effectively amount to "I don't want to follow the law/protect the data I collect" for months now.

1 more reply

brobdingnagians8y ago

I think it is an important point about "many things will remain that way with GDPR because of necessity (ie: old invoices and transactions will continue to have your details)". Most people doing business have _very_ legitimate reasons for having sensitive data; invoices, charges, security, etc. all require having personally identifying and sensitive information, and GDPR recognizes that-- but what it means is that companies _will_ and _should_ have customer information. Just because it isn't sitting in their database to improve customer experience doesn't mean it won't be sitting in the billing department for accounting & auditing purposes. So GDPR doesn't actually change much about people having your data, just kind of shuffles it around.

sunir8y ago

Why is delete=1 a best practice? There are competing concerns here. The government has now decided for everyone. Agree or disagree it is not worth implyng immorality where no immoral intent is present.

fiddlerwoaroof8y ago

I’m not sure that delete=1 is a good idea, because you’re still mutating database records. But, it’s often lot cleaner conceptually to model state as an append-only log of assertions and retractions or via a log-structured system, where you never delete old records but just push a new index record that leaves the appropriate record out.

1 more reply

pilsetnieks8y ago· 1 in thread

> especially given said rule is incredibly vague and designed to be applied "on principle".

You know, I'm starting to feel that at least some of this contention is based on how Americans interpret the law vs. how Europeans do it. Somehow it seems that Americans (and the UK) has this huge legal corpus but everything has to be nitpicked to the letter, or the common law judges' interpretations may vary wildly, and some people might skate on technicalities, i.e. abuse of the letter of the law.

Whereas in civil law, which the EU is, there's less leeway for interpretation, however, the spirit of the law is also taken into account.

manigandhamOP8y ago

It's the opposite. "In-principle" creates lots of potential for interpretation, depending on who is doing the reading. The spirit of the law is also taken into account all the time in America.

It's really not as simple as you make it out to be and the EU has plenty of argumentative litigation.

j / k navigate · click thread line to collapse

0 comments

9 comments · 2 top-level

mintplant8y ago· 6 in thread

Upthread we have the claim that "most early-stage startups use the... best practice of 'delete=1'," pretending to delete user data while actually retaining it. So, the exact opposite of the rule.

manigandhamOP8y ago

lathiat8y ago

> Most startups are doing their best to be good stewards of data, and they didn't need big global regulation to force them.

lol

1 more reply

lagadu8y ago

> Most startups are doing their best to be good stewards of data, and they didn't need big global regulation to force them.

If that were true we wouldn't be seeing daily threads here (like this one) that effectively amount to "I don't want to follow the law/protect the data I collect" for months now.

1 more reply

brobdingnagians8y ago

sunir8y ago

fiddlerwoaroof8y ago

1 more reply

pilsetnieks8y ago· 1 in thread

> especially given said rule is incredibly vague and designed to be applied "on principle".

Whereas in civil law, which the EU is, there's less leeway for interpretation, however, the spirit of the law is also taken into account.

manigandhamOP8y ago

It's the opposite. "In-principle" creates lots of potential for interpretation, depending on who is doing the reading. The spirit of the law is also taken into account all the time in America.

It's really not as simple as you make it out to be and the EU has plenty of argumentative litigation.

j / k navigate · click thread line to collapse