Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
legohead 2 days ago

We didn't set out to hide our GDPR requests, we put them behind our Support/Legal button. But we got sued anyway, and we lost.

Now we have to have the "delete my data" and "request my data" as part of our main settings list. Result: flooded with requests. People are clicking the buttons just because they are there. For me it's not a big deal, I automate all the requests. But, I still feel like this went too far.

inetknght 2 days ago | parent | next [-]

> People are clicking the buttons just because they are there.

I think this isn't a very charitable opinion of why people click buttons.

> But, I still feel like this went too far.

Why?

2 days ago | parent | next [-]
[deleted]
user_7832 2 days ago | parent | prev [-]

Yeah, as long as there's eg a confirmation to prevent misclicks "Are you sure you want to delete", I don't really see what's the problem.

Slow_Hand 2 days ago | parent | prev | next [-]

I don’t know what business you work for, but what makes you sure users aren’t clicking the buttons because it’s what they want AND it’s convenient?

jFriedensreich 2 days ago | parent | prev | next [-]

Its our human right to have realtime machine readable data copies of everything we do, its no companies business to question or interfere. Unless it crashes your servers because trolls are trying to DOS, it is really hard to not be angry at a statement as "this is going too far".

matheusmoreira 2 days ago | parent | prev | next [-]

> People are clicking the buttons just because they are there.

The reasons why they click the buttons are utterly irrelevant to anyone except them.

Let them click the buttons. It's their right.

> But, I still feel like this went too far.

Not far enough. I think data should be a massive liability. It should actively cost you lots of money to know any fact at all about any person anywhere on the planet.

In other words, in an ideal world you would be scrambling to press that button on their behalf the second your business with them was concluded. "Can we please forget everything we know about you please?" and only their explicit affirmative consent would allow you to not delete their data.

mnw21cam 2 days ago | parent | next [-]

At the moment, holding data about someone is not a significant recurrent cost, but it is a liability in the form of a risk that could get you in serious trouble if you get something wrong. However, that particular business risk doesn't tend to be recognised by many many organisations. It should be.

matheusmoreira 2 days ago | parent [-]

If they can afford to be ignorant of the risks, it's because the liability is not high enough. Gotta raise the liability until they start doing what we want them to do by default. Private information should be an existential risk for them. They should be deleting every last bit without even asking, not sucking up endless amounts of it without consent.

2 days ago | parent | prev [-]
[deleted]
const_cast 2 days ago | parent | prev | next [-]

Users have basic bare bones functionality that all applications should support is "too far"?

If the user can create and account, they should be able to delete one. One is not harder or further than the other.

We just don't view it that way because we're all parasites who feed off the current status quo.

Dylan16807 2 days ago | parent [-]

> Users have basic bare bones functionality that all applications should support is "too far"?

They were objecting to the idea that putting it behind the "support" button is a violation. If true, that's excessive in terms of mandating accessibility.

const_cast 2 days ago | parent [-]

I would never file a support ticket to open an account. If you did that, your business would be under by the end of the week.

No, requiring actual application functionality isn't too far. For God's sake, just make normal software like a normal person. This should all be very intuitive.

Stop trying to game things, stop trying to maximize conversions and other bullshit metrics, stop trying to implement every dark pattern under the sun and just... Be normal. I promise you will comply without even trying.

And, bonus points, your software will be less shit. I know it doesn't feel that way right now, because most software is shit. You shouldn't aspire to be another turd floating around in the cesspool that is the modern web.

Dylan16807 2 days ago | parent [-]

> I would never file a support ticket to

Well now we're deep into the realm of assumptions.

They said "behind our Support/Legal button" which to me sounds like it probably loads another normal page.

Though a GDPR request basically is a ticket.

dns_snek 2 days ago | parent | prev [-]

Can we get the full story? I don't believe that's what happened because GDPR does not prescribe any specific avenue of requesting data. You're not required to have a button on your website at all, it's completely valid to accept and respond to requests by mail, but it's obviously much cheaper to offer automated data export.