undefined | Better HN

0 pointsdiggan1y ago0 comments

> this was a predictable response to a stupid rule

It was predictable that ultimately people would blame the regulation instead of the companies? Not sure I understand what you mean, and even if you meant what I think you meant, not sure what the point is? People blame all sorts of things all the time...

Edit since you've added more to your comment

> Proving compliance with GDPR is tedious

That's my point. No need to prove compliance if GDPR doesn't apply.

0 comments

JumpCrisscross1y ago

> predictable that ultimately people would blame the regulation instead of the companies

It was predictable this would result in disclosure/consent spam.

> No need to prove compliance if GDPR doesn't apply

If you are in the EU, GDPR applies. It may not be relevant. But you’re subject to it and its regulatory arms. (And if you have a competitor in the EU, it’s known practice you can waste time and money with requests and complaints.)

Both laws’ aims are noble. But they require tweaks. Starting with the cookie banners would be smart.

digganOP1y ago

> If you are in the EU, GDPR applies. It may not be relevant. But you’re subject to it and its regulatory arms.

I think you might be missing that I'm talking about this from the companies perspective, not from the perspective of a person inside EU.

If the company doesn't store any "personal data", GDPR has nothing to do with it. It's strictly about "personal data" as defined here: https://gdpr.eu/article-4-definitions/

> (And if you have a competitor in the EU, it’s known practice you can waste time and money with requests and complaints.)

Happen to have any quotes/sources for this? Would be the first time I've come across it myself. I'm genuinely interested in if it's being misused like that.

JumpCrisscross1y ago

> If the company doesn't store any "personal data", GDPR has nothing to do with it. It's strictly about "personal data"

You’re still obligated to respond to requests, even if it’s no response. And data regulators will still follow up on groundless complaints.

DMCA is strictly about copyright violation. If you’re not violating copyrights it should have nothing to do with you. But that isn’t how things play out in reality.

> have any quotes/sources for this?

No, just anecdotal. Every Magic Circle firm, however, will happily file complaints in multiple jurisdictions for you.

I’ll admit I’ve used GDPR a touch vindictively after a customer service interaction went poorly. Lots of requests, wait for a minor fuck-up, escalate to multiple data regulators because I technically have multiple nexuses. European equivalent of copying your state AG on a letter, except the burden to respond is on the company.

kasey_junk1y ago

I built a GDPR request deletion system for a company right as GDPR came into effect. In the first year the only requests that came in were from privacy advocates and competitors.

I don’t know if after that it saw more natural usage but I doubt it.

j / k navigate · click thread line to collapse

0 comments

JumpCrisscross1y ago

> predictable that ultimately people would blame the regulation instead of the companies

It was predictable this would result in disclosure/consent spam.

> No need to prove compliance if GDPR doesn't apply

Both laws’ aims are noble. But they require tweaks. Starting with the cookie banners would be smart.

digganOP1y ago

> If you are in the EU, GDPR applies. It may not be relevant. But you’re subject to it and its regulatory arms.

I think you might be missing that I'm talking about this from the companies perspective, not from the perspective of a person inside EU.

If the company doesn't store any "personal data", GDPR has nothing to do with it. It's strictly about "personal data" as defined here: https://gdpr.eu/article-4-definitions/

> (And if you have a competitor in the EU, it’s known practice you can waste time and money with requests and complaints.)

Happen to have any quotes/sources for this? Would be the first time I've come across it myself. I'm genuinely interested in if it's being misused like that.

JumpCrisscross1y ago

> If the company doesn't store any "personal data", GDPR has nothing to do with it. It's strictly about "personal data"

You’re still obligated to respond to requests, even if it’s no response. And data regulators will still follow up on groundless complaints.

DMCA is strictly about copyright violation. If you’re not violating copyrights it should have nothing to do with you. But that isn’t how things play out in reality.

> have any quotes/sources for this?

No, just anecdotal. Every Magic Circle firm, however, will happily file complaints in multiple jurisdictions for you.

kasey_junk1y ago

I built a GDPR request deletion system for a company right as GDPR came into effect. In the first year the only requests that came in were from privacy advocates and competitors.

I don’t know if after that it saw more natural usage but I doubt it.

j / k navigate · click thread line to collapse