| ▲ | bmelton a day ago |
| > The GDPR doesn't try to remove anything from the global internet GDPR Article 17 expressly requires the removal of things from the global internet > You're free to not serve your site in the EU Geoblocking is functionally impossible |
|
| ▲ | sitharus a day ago | parent | next [-] |
| GDPR Article 17 expressly requires the removal _of your personal data_ from the internet _upon your request_, which is very different from a US state trying to remove a website hosted in and run by a company incorporated in another country. And geo blocking may be functionally impossible but the law cares about intent and actions, not if you prevented someone who used a VPN or lied about their location from using your service. |
| |
| ▲ | fc417fc802 a day ago | parent | next [-] | | > .. which is very different from ... And yet still an attempt at extraterritorial overreach. Regardless, I imagine that the rest of us who don't do business in the EU will continue to disregard its very existence. (Except in principle when we write negative comments about it on the internet that don't in practice matter whatsoever, such as this one that you're reading right now.) | | |
| ▲ | applfanboysbgon a day ago | parent [-] | | How is it extraterritorial overreach when you acknowledge in the same comment that you can ignore it because you aren't in the EU? Unlike the site that is the subject of the thread, which has actually been subjected to extraterritorial overreach. This criticism and false equivalency is ridiculous. | | |
| ▲ | fc417fc802 13 hours ago | parent [-] | | I wrote "an attempt at" did I not? Attempted murder and murder have the same intent behind them despite the fact that the former failed. Attempting to claim that as a false equivalency is what's ridiculous. |
|
| |
| ▲ | bmelton a day ago | parent | prev [-] | | > which is very different If you say so |
|
|
| ▲ | inigyou a day ago | parent | prev | next [-] |
| HN ignores GDPR, in particular Article 17, and it hasn't been taken down from the internet or even blocked in the EU. |
| |
| ▲ | ndsipa_pomu 21 hours ago | parent [-] | | I'm curious - what kind of PII does HN make available and has it ever refused to remove it when asked by the individual concerned? I can't recall HN asking/requiring PII from me in any fashion, so I don't see the relevance. If a commenter published some PII about me, then I wonder if HN would remove the comment if I complained to them about it. As I see it, HN isn't acting as a data controller. | | |
| ▲ | inigyou 21 hours ago | parent [-] | | You can post your home address in a comment and then you can't delete it. | | |
| ▲ | ndsipa_pomu 20 hours ago | parent [-] | | That seems a bit contrived, but it would be similar to if someone else posted your home address in a comment. Presumably emailing HN to request its removal would be the correct thing to do and I wonder if HN would remove the PII. Edit: it's covered by HN Privacy policy which is available here: https://www.ycombinator.com/legal/ TLDR: email privacy@ycombinator.com for privacy concerns which should cover removing comments. In my opinion, that seems compliant with GDPR. |
|
|
|
|
| ▲ | applfanboysbgon a day ago | parent | prev [-] |
| > GDPR Article 17 expressly requires the removal of things from the global internet ...as part of compliance with GDPR, if you choose to be compliant. Please name one instance of the EU suing and successfully removing an American website from the internet under this article, or any part of the GDPR? Considering we're talking about an actual case of the US seizing the domain of a European website, whataboutting a hypothetical with the GDPR which has never done the reverse despite being in force for 10 years is incredibly disingenuous. --- Rate-limit edit: > Are you saying that you don’t think that the GDPR text is written to apply outside of the EU, or that it does say that but it’s not relevant because it’s not viable for anybody to enforce that? The GDPR is European legislation, written for the territory the EU has legal jurisdiction over. Why would anybody think it's meant to apply outside of the EU? Plenty of businesses choose to operate by two sets of privacy policies, one where they continue fucking over their American users and one where they adhere to the GDPR for European users, and that is perfectly acceptable. There is no "think" about it, the legislation obviously does not apply outside the EU, nor is it intended to. |
| |
| ▲ | fc417fc802 a day ago | parent | next [-] | | > Why would anybody think it's meant to apply outside of the EU? Because it's clearly worded in such a manner, similar to US financial laws. The key difference is that the EU so far lacks the leverage to throw its weight around outside its own territory to the extent that the US does. (Also presumably politicians won't be willing to burn bridges over PII handling violations to the same extent that they do over financial crimes.) | |
| ▲ | akerl_ a day ago | parent | prev [-] | | Are you saying that you don’t think that the GDPR text is written to apply outside of the EU, or that it does say that but it’s not relevant because it’s not viable for anybody to enforce that? |
|