undefined | Better HN

0 pointsjacquesm4y ago0 comments

This is nonsense. You could simply decide not to track you users and then your garage in Berlin works just as well as your garage in Palo Alto would (though the latter would likely lead to an easier round of funding).

0 comments

3 comments · 1 top-level

flipbrad4y ago· 2 in thread

GDPR also applies to the data you process about your prospective, current and former employees; the data you hold about your customers in order to fulfil your contracts with them; their feedback; etc. You can't avoid GDPR just by not tracking users; that does help you avoid a different law though (the ePrivacy directive's so-called "cookie rule".)

jacquesmOP4y ago

Yes, which is excellent.

But the start-up in a garage example was - at least, that's the way I read it - meant as there currently not being a level playing field with respect to end users, not necessarily employees. And let's be perfectly clear here: employers that are callous with their employees data are to be avoided like the plague, no matter where they are located.

As for your customers: yes, you should be careful with that data, and no, their feedback does not necessarily fall under the GDPR, only when it concerns the privacy of the individuals mentioned therein. But normally speaking such feedback would not be about such specifics but about the product itself.

Not tracking your users has a big impact on how a company is set up, what data marketing has access to, what data system administrators and sometimes even programmers have access to. Storing your data in an anonymized way can make good sense. It likely will impact your business, but leaking of that data will impact the lives of your customers more, so that's why the GDPR is written the way it is: you minimize your footprint to that which you need and you will be doing just fine.

flipbrad4y ago

"I like your Widget Max Pro, it's better than the Rival X1 I had last year. But I dropped it in the toilet and now it won't turn on, so I suspect you're lying about its IP56 rating".

Let's says that 1 out of every 3 product / service reviews is like this. Do you (a) block/filter them out and treat the remaining ones as non-personal data, or (b) treat your feedback pipelines/database as personal data regardless of whether some of the reviews are, somehow, devoid of personal data?

(Or (c), do you not think the example above contains personal data?)

1 more reply

j / k navigate · click thread line to collapse