I just checked on a private window there were no tracking cookies. And according to the FAQ if you want your account deleted you just have to contact HN.
The main page contains embedded YouTube videos that autoload and send tracking info to Google, associated with your Google account. That's a tracking cookie.
You mean on www.ycombinator.com? I see 3 cookies one is XSRF. The other two could be for analytics.
About the youtube thing. Does anyone here know? If you have an iframe and that iframe sets analytics cookies on it's own domain, do you have to have cookie banner?
Does the GDPR apply to non-European companies?
If a YC-funded startup wants to operate in Europe, presumably they'd have to follow those laws. But YC itself? Are they under any obligation?
It applies if you have European users. Companies that want to avoid having to comply will typically block European users. They usually respond with http error code 451 Unavailable For Legal Reasons.
why should anyone have to build extra logic to block EU users? Let EU block themselves.
It does, if the company has any branch/office/agent or similar in the EU, or if it targets their services/website to EU residents.
What "targets" means exactly in this case I'm not sure, but given that YC actively markets to EU based companies too, I would think that GDPR applies to them as well.
I see, thank you!
Here's a link with more info: https://gdpr.eu/compliance-checklist-us-companies/
> Why US companies must comply with the GDPR
> The GDPR applies to companies outside the EU because it is extra-territorial in scope. Specifically, the law is designed not so much to regulate businesses as it is to protect the data subjects’ rights. A “data subject” is any person in the EU, including citizens, residents, and even, perhaps, visitors.
> What this means in practice is that if you collect any personal data of people in the EU, you are required to comply with the GDPR. The data could be in the form of email addresses in a marketing list or the IP addresses of those who visit your website. (See our article explaining what is considered personal data under the GDPR.)
> You may be wondering how the European Union will enforce a law in territory it does not control. The fact is, foreign governments help other countries enforce their laws through mutual assistance treaties and other mechanisms all the time. GDPR Article 50 addresses this question directly. So far, the EU’s reach has not been tested, but no doubt data protection authorities are exploring their options on a case-by-case basis.