I always wondered how the EU was going to enforce GDPR outside of the EU. I guess they really can't
This is hardly news TBH. Check this paper out
https://www.ndss-symposium.org/ndss-paper/understanding-worl...
We got hooked on cheap Chinese and US stuff. And guess what, drug dealers don't respect their customers.
That’s not been my experience with drug dealers.
Except for Aliexpress you are not a customer. Just like Facebook, Insta,... they are selling your attention to the highest bidder.
Responding to the article: Yeah, no shit. Glad to see someone is at least trying to do something about it, and I wish them luck.
Relevant, from their about page:
> noyb is a donation-funded NGO based in Vienna, Austria working to enforce data protection laws, in particular the GDPR and the ePrivacy Directive. At the present, a team of more than 20 legal and IT experts from all over Europe is working to ensure that the fundamental right to privacy is respected by the private sector. More than 5,000 supporting members support our work
[flagged]
How does this show EU tech regulation being out of touch and not these companies operating in countries and not following the laws in those companies? Requesting user data is a good way to make sure there’s not more data than is required and it’s a feature most tech companies have already implemented.
That may be, but meanwhile, these companies make a lot of money operating in Europe, so they need to follow the law.
I think some of it is out of touch (omg, the cookie alerts!), but being able to understand what data a company retains about its users, and making that available to individuals if they ask, is probably one I agree with. Most of us don't need to know, most of the time, but the fact that people will occasionally audit this information is good for both users and the companies.
We have cookie alerts because the world's largest browser, which is created and run by the world's largest advertising agency, has no incentive to make it easier for you to stop the flow of data you're sending them that's making them so much money.
That is not the reason at all.
Google was very new when the EU proposed these laws in 2000. It certainly didn't have a browser.
I think the privacy provisions and disclosures required under GDPR give users more useful information (ie they now actually need a privacy policy), and Cookie popups are just a silly distraction that offer no further value. We open so many web pages, so quickly these days, most users are not making informed rational decisions about the popup - they're just clicking it to make it go away. They both annoy users and give them a false sense of improved privacy protection.
The blocking of third party cookies by browsers, and proper privacy disclosures are a much better solution.
Multiple official websites such as https://gdpr.eu/ have cookie banners.
Those have banners because they have to by law, regardless if the cookies they set would otherwise require a banner.
https://commission.europa.eu/resources/europa-web-guide/desi...
> Use of the cookie consent kit is mandatory on each page of the DGs and executive agencies-owned websites, regardless of the cookies used.
Odd. I tried it in (what I thought) was a clean browser I use for testing, and didn't get a banner. Is it just me?
I'm curious what the implications are if I host a free web-app that EU users might end up using.
As far as I understand, you're still subject to GDPR even if you're not making money off it. Seems like to me there's massive overreach where the lowest liability way forward is to just ban EU users from using anything you make (which still takes engineering/time to do).
Obviously? I mean, half of the GDPR is 'if you have to store users data, make sure it's encrypted and don't sell it unless the agree to it', doesn't matter if you make money or not. But just following industry standards is enough.
Like if you want to build a bridge at your own cost because the state doesn't want to do it. Even if you don't install a toll booth, you still have to follow safety regulations before people other than you can cross it, right?
Not only, you also must be able to delete user data. If you have anything that could be considered PII (including IP addresses) you're responsible for potentially needing to delete that.
It completely makes certain engineering patterns like event sourcing/soft deletion almost infeasible, as you cannot have immutable records.
The way it's described is very fuzzy and it's 200 pages long. Certainly it's long enough that I'd rather ban EU residents than open myself up to liability even if I generally want to do the right thing with user data.
The GDPR isn’t hard and its application isn’t unreasonable. Just don’t be an asshole collecting unnecessary user data and you’re fine. No one’s going to ask you to delete specific IP addresses, and you don’t need to keep those forever anyway. The only people who need to fear that law are those who have no respect for user data.
If you don't run a business in the EU there's no liability, you are only liable if you have users from the EU and a business entity in any EU country.
Blanket bans for EU users is quite common, I see it all the time with local US news outlets, they simply block me from accessing it.
aren't you the one out of touch?
Please shutup. Last time this kind of EU-whining produced only "If you dont accept cookies, you can piss off"-type checkboxes, whose effect to security is less than zero.
The Cookie Law is different to the GDPR, I don't understand how HN of all places keep getting this wrong after 9+ years of GDPR, it's just a meme and I wish people here would be more well informed.
It's almost as if the least informed people are the ones screaming the loudest.
People are confusing the two because both come from the same basket and both have a similar smell.
From the perspective of many non-EU citizens, it's just one more piece of EU legislation that hurts and annoys. Being technically part of the GDPR or not isn't terribly relevant for most people.
Note: I'm not defending or criticizing the law, just talking about how many people perceive it outside the EU.