undefined | Better HN

0 pointsJensson4y ago0 comments

They don't know. But if evidence comes up showing a company didn't then they will take legal action against that company, in which case intent to break the law from the would be crystal clear so they would get maximum fines which are huge for GDPR.

It isn't like laws prevents all crimes, the goal is to reduce illegit data usage, there is nobody who thinks it can ever get completely stamped out.

0 comments

endisneigh4y ago

I'm asking what kind of evidence can exist that proves a negative? Without knowing what was collected how can they prove it was deleted? Doesn't make any sense.

JenssonOP4y ago

> Without knowing what was collected how can they prove it was deleted?

They don't need to know what data was collected. GDPR requires you to track all data and mark where you got it from, so the companies are legally required to track this for you, they should already have a switch where they can delete this data at the notice of the user, so they should have no problems honouring such a request from the government.

The government don't know if the data was deleted, but a user will know if a company has data the user didn't agree to give to the company, in which case that company is violating GDPR regardless how they got that data. That wont always come up, but if it does the government will go after those companies.

endisneigh4y ago

What you're saying is literally illogical in the case of IAB acting as an intermediary... Not sure you know what you're talking about in this case. The entire point of the original article is that the user's data is being fed through via IAB to tracking companies. This isn't a normal GDPR situation where the user's data directly is being stored in a way that's accessible to the user as well. Obviously in that scenario the user themselves could just request their data be deleted as that's what GDPR allows. IAB in this case has been acting as an intermediary, allowing tracking companies to collect metadata on users through them. Even if IAB deletes their data, the question is how will the Council know if the end-tracking companies deleted their data?

3 more replies

vurpo4y ago

Nothing can prove the negative. But if any shred of evidence comes out that they didn't comply, there will be severe consequences for them, which makes it at least reasonably safe to assume they will comply. It's hard to keep a secret like that.

j / k navigate · click thread line to collapse

0 comments

endisneigh4y ago

I'm asking what kind of evidence can exist that proves a negative? Without knowing what was collected how can they prove it was deleted? Doesn't make any sense.

JenssonOP4y ago

> Without knowing what was collected how can they prove it was deleted?

endisneigh4y ago

3 more replies

vurpo4y ago

j / k navigate · click thread line to collapse