Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think GDPR absolutely makes sense. It's my data and you must delete it if I ask.


The GPDR is far more complicated than just that superficial example.

But I'm curious about how far you feel that assertion goes. Ignoring what the GPDR says exactly, how do you feel about the various examples?

I have http request logs from requests that you've made. Do I have to delete them when you ask?

You sent me an email, do I have to delete my copy?

I host an email service for me and a friend exclusively, you request that I delete your data, do I have to delete emails you sent to him as well?

You answered a long thread about an esoteric computing question, hypothetically under the name denvercoder9, do I have to delete that comment? What about the replies to it which quote you?

I have evidence that you committed a crime of some sort, do I have to delete that?

Someone else posted true information about you to my site intended to categorize comments to HN posts. It's someone else data about you, do I have to delete that when you ask?

What if the information is actually false?

Where should the line be drawn, and why?


You questions, which are entirely valid, are why decent legal education is vital

Common law has the concept of reasonableness.

If you're a single person hosting a simple website, having logs is perfectly reasonable thing to have to check for fraud and other nefarious things.

> You sent me an email, do I have to delete my copy?

Depends who hosts the email server, and is it commercial. Buisnesses need a purpose for holding onto emails, its not reasonable for a non business single person to have one.

> You answered a long thread about an esoteric computing question, hypothetically under the name denvercoder9, do I have to delete that comment? What about the replies to it which quote you?

Thats actually interesting, the only thing that PII is the name, so if the name is deleted thats complying.

> I have evidence that you committed a crime of some sort, do I have to delete that?

There is a specific carve out for criminality.


In most cases it's not your data, really, you didn't produce any of it. But it's data about you.


The only real information about me is data I produced myself.

Anything else is just an observation and isn't neccesarily true at all.


GDPR is about protecting information that can be used to identify people.

> The only real information about me is data I produced myself.

Thats copyright law, which is whole 'nother kettle of fish. Its also one I don't know that well


you generated it? It should be trivial for you to delete it then

Oh what's that, you actually just want to control other people's data?


Ok so there are three things here

One, the thing you "generate" ie typed out by hand, rather than got a machine to make, is copyright.

Data about you is GDPR

> Oh what's that, you actually just want to control other people's data?

sounds like a projection...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: