Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Surely if your website collects data using browser fingerprinting this is covered by GDPR and you have to tell your visitors/ask for permission?

https://www.eff.org/deeplinks/2018/06/gdpr-and-browser-finge...



I believe that, despite their claims, this fingerprinting technique actually DOES violate the GDPR.


They claim to be ‘GDPR and CCPA Compliant: Your compliance officer will love us, too’. However, GDPR defines ‘personal data’ as ‘any information relating to an identified or identifiable natural person’, and this includes ‘an identifier such as an online identifier’. Therefore, browser fingerprinting may also fall under the scope of GDPR.


GDPR doesn't really apply outside of Europe, despite what the EU might claim.


The EU does not claim that it applies outside of Europe, just that the law applies to all your customers/visitors that are within the EU.


IIRC they do try to claim it applies outside of Europe; they say their laws apply to any entity processing data of EU citizens, regardless of where the data or website actually lie.


I think it's well within the rights of the EU to legislate in which way the data of its citizens is processed. If your product or service is accessible to EU citizens, in the EU market, then you need to abide by the laws of the EU. It's no different for physical or virtual products.


Many EU websites carry speech which is illegal in other countries.


> If your product or service is accessible to EU citizens, in the EU market, then you need to abide by the laws of the EU

It's not that simple though.

If I offer a website in the US, I can collect the info of anyone that visit it as long as I am not breaking US law.

If the EU doesn't like that, then they can block my site.

They claim though that I am subject to their law if I harness the data of Europeans.


Yes, this is what they claim. As long as your company has no physical offices in the EU you probably don't have to worry about it. If your company grows bigger, you probably should.


That was my only point, that they claim something which simply is not true.


also, one could just roll it up into a wall of fine print or something, no? who reads these things anyway?


> also, one could just roll it up into a wall of fine print or something, no?

That also violates it. Facebook just lost in court in the first instance trying that.


GDPR requires an opt out available, that is just as easy to opt out of as it is to opt in. Fine print disclaimers are illegal.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: