zlacker

I suppose this is a serious question - does this mean that in theory HN should ban UK users? Or is HN likely compliant with this law? It is hard to pierce through the Orwellian language in the article (does "safeguarding children’s personal information" mean retaining or deleting the data?).

>>roenxi+(OP)
It looks like this law (which is unrelated to the Online Safety Act) is concerned with children being subjected to ad-tech tracking and similar indiscriminate data harvesting, so a site like this which doesn't feel the need to share your habits with 2,541 partners is probably out of scope.

https://ico.org.uk/for-the-public/the-children-s-code-what-i...

>>roenxi+(OP)
In theory, HackerNews should be concerned. There is no prevention of children using the site, and potentially "harmful content" could be access either on or through the site. Being an aggregator doesn't seem to be a get-out.

>>bArray+t5
This has nothing to do with harmful content it’s about managing children’s data you collect.

>>jshear+F2
> a site like this which doesn't feel the need to share your habits with 2,541 partners

How many might there be in this case, one wonders? https://www.ycombinator.com/legal/

>>IanCal+j8
So if I (not really) a 13 year old of the UK provide my email address to HN, how is that managed?

>>jshear+F2
I like how it's always "oh just safeguard people's data", oh "just" don't do anything bad with people's data.

Then you look up what the actual regulation says and it's hundreds of pages of pure legaleese (over 100 pages for GDPR, over 300 for Online Safety Act), that you'd need to hire a team of lawyers to parse and interpret to make sure you're not breaking any of the regulations therein.

>>roenxi+(OP)
HN is already non-compliant with several data privacy laws

>>thegri+or
> over 100 pages for GDPR

The first 33 pages are reasons why the law needs to exist. 23 pages are instructions for EU member countries and the EU itself.

The remaining legal text itself is spaced out more than any high school teacher would ever allow, and IMO it's also quite light on the legalese. Not enough that I'd feel confident to skip the legal department in my multinational, but it's far from the unreadable mess people make it out to be.

The OSA on the other hand... I'm glad I don't personally serve the UK.

>>thegri+or
> Then you look up what the actual regulation says and it's hundreds of pages of pure legaleese

sigh

There is a difference between guidance and regulation.

GDPR isn't that hard to comply with, I know because I helped take a very large Financial News company from 0 compliance to full compliance. the guidance is quite easy to understand: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...

but, why are the regulations 100 pages of legalese? because rich companies, and unscrupulous shits pay money to to lawyers to avoid having to pay fines for breaking the law. You also have to carve out exceptions for things like charities, small organisations, have specific rules for things like health care, and define exceptions based on what are reasonable exceptions when detecting criminality

Say you take "the right to be forgotten", ie, I as someone who banks with Natwest want to close my account, withdraw my money, and get them to forget everything about me (ie stop sending me fucking emails you shits)

Thats simple right? the law says I have the right to have my details deleted.

But what if I committed fraud in that time? what if I am opening and closing, asking for deletion to get round money laundering laws?

And thats why the regulations for data protections are long.

Also GDPR regulations aren't that unreadable. You're most likely a programmer, legal texts are highly structured instructions (ie just like any high level programming language)

However, do not take this as endorsement of the unrelated law that is the online saftey act, which is badly drafted, gives too much power to an under resourced semi independent body, and is too loosely defined to be practically managed in any meaningful way by OFCOM.

I will however stick up for GDPR, because it stops the fucking nasty trade in in personal data that is so rife in the USA.

>>bArray+t5
Wrong law.

This is GDPR. So long as they conform to the 13 principles then HN will be fine. Its nothing to do with the online safety act.

For the OSA (which I think is very badly drafted, and poorly enforced by OFCOM) so long as there is decent moderation (which there is), a way to report posts (there is) and the site doesn't persistently host actual abuse, then you're mostly fine.

It doesn't help that OFCOM are unwilling to change the scope of guidance to match the size and type of community.

>>IlikeK+z91
In what way?

>>roenxi+(OP)
HN has moderation, won't track you without telling you, and will delete your content if you ask. That's literally all it takes, it's really not that Orwellian

>>crimso+Gh1
Will HN really delete all your content if you ask?

Like, all your posts just disappear?

>>thegri+or
The US tax code is over 2.5k pages, with an additional 10k pages of regulations. And I manage to file my taxes fine every year without having read all that because most of it doesn't apply to me. Following the GDPR is easy if you aren't trying to maximize tracking with minimal concessions to the law.

>>pavon+Zk1
> because most of it doesn't apply to me

Maybe, you hope. Unless you've read (and understood!) all of it you can't say this with certainty.

In all likelihood you trust a 3rd party company like Intuit and their team of lawyers to tell you what actually applies to you.

>>deadba+1k1
No they will not. You can change your username at the most.

>>Kaiser+Sc1
You cannot delete your comments.

>>celtic+eA1
Are public comments in a public forum classed as private data under GDPR?

for example the only thing that can really be classed as PII is my username. does it count as reasonable to request it be deleted?

>>pixl97+Oh
that's not data.

>>IlikeK+z91
Good

>>celtic+aA1
What if you are European? How is this not a violation

>>Kaiser+tC1
Yes and yes. Google “right to be forgotten”

>>thegri+or
The GDPR is incredibly easy to read, what are you on about?

>>oncall+cI1
The right to be forgotten is not an absolute right.

>>pavon+Zk1
Most of this comes down to "Use your brain" and if you try to get around it with an Um Actually, they have the specific page to counter it. You need a legal team when you want to ride as close as physically possible to violating the law without crossing the line.

>>crimso+Gh1
HN will restrict how fast you can comment without telling you (unless you figure it out and ask). There's no indicator that your account has this restriction besides being prevented from commenting, there's no indicator what the limit is, and the appeals process involves a subjective judgement by HN leadership

>>oncall+cI1
Remember that GDPR is about storage and processing of personal information, not data created by a user. They are related by not 1:1 linked.

If the username is removed, and there is no reasonable way to link the user to the comment, then its not PII. I would hope that this is logical because its not personally identifiable. (caveats apply here like if you put your home address in every comment. However is it reasonable to expect a user to do that in a public forum? probably not. )

As you can request that your username is deleted here, and assuming they are deleted properly, then HN is reasonably following the user's request. Hence my assertion that HN is GDPR compliant enough to no worry.

>>Braxto+Hm2
There is no law against shadowbanning users