Ask HN: Had anyone already had to deal with the GDPR fines / abuse?
Recently there was a fair amount of concerns about GDPR being a harbinger of doom for smaller companies and fears of user abusing GDPR requests or other companies using GDPR as a tool for taking down competitors.
Had anyone on HN had experience with people / companies / institutions abusing GDPR?
27 comments
[ 3.3 ms ] story [ 23.7 ms ] threadOn the forums I run email is the only identifying property and in my case the trolls (2 of them I think) were unable to sign in as the users in question, so I have refused to recognise the request (and then had the threats of legal action... but what else can one do if someone cannot prove their identity?).
Forums which collect other personal data, like maybe date of birth, and allow it to remain hidden... those might have a problem, depending on the sensibility of the data, but still if you shared the account details with someone, it seems to me difficult to claim that the forum and not the user is the one responsible.
I kinda wanted to make a larger point on how even if someone logs in to your service you don't know who you are talking with and might be going against wishes of owners of the account which would be unethical if you haven't priorly obtained their informed consent to do so.
Here are scenarios under which third parties might try to unethically obtain access to your user's data, perhaps as you described by logging in or via some other means:
1) PC gets hacked and owner loses control over their email. It's easy for a hacker to replace password and log in. You can't blame user for shity state of this industry when it comes to security. You are talking to a hacker.
2) SIM card is cloned via social engineering and passwords changed if email is improperly secured. You are talking to a hacker.
3) People share computers. Persistently logging out from websites on spouse's computer seems shifty. You are talking with a family member.
4) Not all people agree or understand that for some services people shouldn't share accounts. You can't know which pieces of data belong to whom so you can't give it out. It's also unreasonable to demand from all services to require each account to be used by only one person just for the sake of GDPR to be workable. You are talking only to one user.
5) People trade accounts. It's unethical to give data to a new owner if previous owner wasn't aware of what data you store. You are talking only to the newest owner.
6) People can be forced to sign in to their accounts. You are talking with an abuser.
In all these cases I think it isn't ethical to reveal data that couldn't already be accessed by normal means. It seems to me that GDPR, ironically, weakens users' privacy.
[0] https://en.m.wikipedia.org/wiki/Pseudonymization
[1] https://www.protegrity.com/pseudonymization-vs-anonymization...
Optical Center : 250 k€
https://www.clubic.com/rgpd/actualite-844065-sanction-rgpd-p...
Challenges.fr : 25 k€
https://www.legalis.net/actualite/le-conseil-detat-confirme-...
FF61 on Mac. Solutions for Chrome would also be interesting.
Note that I specifically don't want 'self destructing cookies' or session- or time-limited ones. I just want to white/blacklist by site, cookie name, and perhaps cookie content.
I've briefly looked for suitable extensions, but not yet found anything.
I would’ve been surprised if the authorities had handed out fines that fast, as they usually need to give companies a reasonable amount of time to fix problems after they are revealed.
It instead moved to a much less useful Reddit subthread.
They collect data about you from every website that you visit that uses Discourse. They share it with a lot of other organisations, including Google analytics.
Do you just want to trust them, pinky promise, they they aren’t (for instance) compiling a record of all your comments on Internet forums, and sending them to job recruiters and HR?
> CDCK sets only its own privacy practices, not the privacy practices of CDCK customers or others who host Discourse forums for themselves or others. You should ask all of those involved in administering and hosting Discourse forums that you use for information about their privacy practices.
> Had anyone on HN had experience with people / companies / institutions abusing GDPR?
Any site that gives you a consent box with the bullshit tracking enabled by default, or that lets you know they use cookies with no way to opt-out. Per GDPR tracking should be opt-in so even pre-ticked checkboxes aren't allowed.
The only site that I've seen do this right is Quartz. They have a simple modal "we use tracking for X and Y", do you want to allow or deny?