Ask HN: How to Get Around GDPR?

3 points by collegeburner ↗ HN
I want to avoid compliance as much as I can. What are the ways I can comply with letter but not the spirit of it? I am most interested in ways to refuse service to people who do not accept but others corners I can cut as well.

20 comments

[ 3.5 ms ] story [ 55.6 ms ] thread
Why?
It hurts my business. I am not interested in offering service to people who I can't track how they use my site. No other way for me to improve it beside costly and unreliable customer interviews. No other way for me to track sales and advertise better.
Can't you just focus on those who do opt-in to tracking and ignore the others?
This is a reasonable suggestion, but by doing so the results are heavily skewed and might not be representative for the majority of the users.
Don't do business in the EU. As a local citizen, your question makes me believe that it won't be a loss for me as well, so everyone is happy.
There's plenty of people there who are ok with me setting cookies, I just don't like those who decline because they fuck up my metrics so I can't do sales effectively.

Anyway this doesn't answer the question.

1. There are various privacy oriented metric systems regularly advertised on HN. Have you tried any of them?

2. Unless you want to follow people across multiple sessions and multiple websites, you don't actually need any PI to make deductions for your client's behavior.

3. You can actually just don't track people who don't want to be tracked and optimize your service for those who want to be tracked.

And a question from me: what would you think of a restaurant owner who publicly asks how they can serve people the lowest quality vegetables that the law allows?

1. I am looking into them but my current metrics are self made and cost little. It's this cookie consent bullshit that is causing trouble, I want users to have to accept all my cookies (no 3rd party trackers though) when they sign up.

2. No just my own cookies but there are separate non-essential ones that I do 1st party.

3. Why would I want to do that when I get better with all customers tracked?

This is a bad analogy, I am not seeking to sell people's data or send targeted ads. Literally 100% to improve customer experience and sales.

>1. I am looking into them but my current metrics are self made and cost little. It's this cookie consent bullshit that is causing trouble, I want users to have to accept all my cookies (no 3rd party trackers though) when they sign up.

The answer is simple. Don't allow access to anyone unless they provide you with the tracking info you want.

Personally, I refuse to access sites which require me to provide them with information I don't wish to provide.

Please do post your site name, so I (even though I'm not in the EU) can make sure never to go there.

Good luck!

1. If they have an account, you don't need anything but the auth cookie to make your tracking.

2. I'm 90% sure that you can drop those cookies and keep log of their actions serverside.

3. Because you are denying agency to those people who don't want to be tracked. If your customers don't think that you respect them and their choices, they will say "f*ck you" and move to the business next door. People are social creatures and we often do irrational things to reassure ourselves that we are respected by those we deal with.

On the other hand, if you are smart, you can diferentiate on the fact that it is your own tracking. A sample cookie banner is:

This website does not share your data!

We don't use third party trackers and we will never share your data with anyone.

We use cookies only to make the service better and we promise never to use them for anything else.

Button: Yes, I agree to cookies as far as all of it stays between us.

Button: Thanks, I've really considered it and I'll skip on the cookies this time.

First, this is not the usual cookie banner and it will be interesting. Second, it shows that it is a personal relationship between you and the customer. Most people deny cookies because it is like letting someone follow you all around the town taking pictures of everything you do, say or buy. Third, you clearly make a promise to maintain this way of work in the future. Of course, some people will deny the request, but they will have one less reason to do so and it is very likely that they might change their minds.

Finally, you can always think for a better analogy, but think of the essence of it: a business owner asks publicly how to circumvent the law in order to mislead their customers to the nature of the service they are providing.

So now HN is used to ask for shady business practices.

Just don't do business here, we couldn't care less.

A large majority of HN users make their money from illicit data collection & processing. This guy is at least willing to admit to it.
This is not shady. I am not selling data. I want to run my business without dumbass eurocrats telling me I have to let the site function for people who reject my analytics cookies. Also, do you give your colleagues at Meta or Google the same shit? Because they are selling data and targeting ads, I am not, I just want to minimze the amount of $ I waste on stupid compliance rules from people who exist to hinder business. That is not "shady".

Also you did not help with the question or point at answers.

> I am not selling data

You're giving away data to whoever your analytics provider is, that's not much better.

> I have to let the site function for people who reject my analytics cookies

Yes, because people should have the right to buy your service/product without having third-parties stalking them.

Make people login on you service to be served. Those interested in privacy won't bother, and even if they do, you can get your metrics without cookies.
Don't operate here, simple as.
What's wrong with letting people opt in, rather than forcing them to opt out?

If you're that vehemently against complying with the GDPR, then block visitors from the EU.

And, as someone said please post the URL to your site. I'd like to avoid it. Not that I'd ever stumble across it by accident, but stranger things have happened ...

Either you don’t do business anymore with Eu users or any user on Eu territory (but how do you know there are not actually on Eu territory), either you try to automate it so you continue to “not care about it”
There are 60 countries with GDPR-like regulations so you can't avoid it anymore. Even USA are preparing a federal bill, so you'd better get ready for that rather than trying to fake it.