https://ico.org.uk/for-the-public/the-children-s-code-what-i...
How many might there be in this case, one wonders? https://www.ycombinator.com/legal/
Then you look up what the actual regulation says and it's hundreds of pages of pure legaleese (over 100 pages for GDPR, over 300 for Online Safety Act), that you'd need to hire a team of lawyers to parse and interpret to make sure you're not breaking any of the regulations therein.
The first 33 pages are reasons why the law needs to exist. 23 pages are instructions for EU member countries and the EU itself.
The remaining legal text itself is spaced out more than any high school teacher would ever allow, and IMO it's also quite light on the legalese. Not enough that I'd feel confident to skip the legal department in my multinational, but it's far from the unreadable mess people make it out to be.
The OSA on the other hand... I'm glad I don't personally serve the UK.
sigh
There is a difference between guidance and regulation.
GDPR isn't that hard to comply with, I know because I helped take a very large Financial News company from 0 compliance to full compliance. the guidance is quite easy to understand: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...
but, why are the regulations 100 pages of legalese? because rich companies, and unscrupulous shits pay money to to lawyers to avoid having to pay fines for breaking the law. You also have to carve out exceptions for things like charities, small organisations, have specific rules for things like health care, and define exceptions based on what are reasonable exceptions when detecting criminality
Say you take "the right to be forgotten", ie, I as someone who banks with Natwest want to close my account, withdraw my money, and get them to forget everything about me (ie stop sending me fucking emails you shits)
Thats simple right? the law says I have the right to have my details deleted.
But what if I committed fraud in that time? what if I am opening and closing, asking for deletion to get round money laundering laws?
And thats why the regulations for data protections are long.
Also GDPR regulations aren't that unreadable. You're most likely a programmer, legal texts are highly structured instructions (ie just like any high level programming language)
However, do not take this as endorsement of the unrelated law that is the online saftey act, which is badly drafted, gives too much power to an under resourced semi independent body, and is too loosely defined to be practically managed in any meaningful way by OFCOM.
I will however stick up for GDPR, because it stops the fucking nasty trade in in personal data that is so rife in the USA.
Maybe, you hope. Unless you've read (and understood!) all of it you can't say this with certainty.
In all likelihood you trust a 3rd party company like Intuit and their team of lawyers to tell you what actually applies to you.