undefined | Better HN

0 pointsakie1y ago0 comments

That's a nonsensical load of hyperbole, pardon my French. It's not particularly difficult to be careful with personal data, it's just inconvenient and prevents all kinds of uses that can make you money - which is why US corporations would prefer to not implement it. But if you want to do business in the EU, you need to play by their rules. Simple.

0 comments

JoshuaRogers1y ago

At my company, we do business in the EU. It's a wide market with many opportunities. We're extremely careful with personal data: we do not intentionally collect user data, we do not share data with any third-party (and certainly never sell it)!

Importantly though, the law does not suffice with "careful". We *think* we have our bases covered and are careful to try to ensure they are but we're not sure how to *know* our bases are covered. There's the fear that some logs that we believe are anonymous might be considered identifying by some data scientist armed with techniques we've never heard of. There's the concern that some third-party library might dynamically pull in a font-set that comes from a US-based CDN based on some user configuration that we don't foresee. There's the anxiety of asking "Did we forget something? Is the DNS server in us-east-1?" when trying to roll out new features.

These are all strawmen, but they represent the kind of anxiety we feel. Having done our best to respect the requirements and the spirit in which they were written, there's the fear that we were imperfect in our awareness and that that something could cost us a fine that would have gone to someone's salary.

I would very much condemn the indiscriminate collecting, reuse, and selling of personal data, but I would also caution that those of us wanting to play by the rules find them lacking in precision.

troupo1y ago

> These are all strawmen, but they represent the kind of anxiety we feel.

No idea why you would feel the anxiety. If you're found lacking, you will forest get s notification from the DPA asking you to remedy the situation. You wont even be fined

pembrook1y ago

I have soberly explained the actual situation to you. I know it’s impossible to have a rational conversation about privacy on HN and my comments go against the narrative everyone has stuck in their heads here, but I urge you to look further into this issue.

This is an ongoing geopolitical spat and compliance in good faith is currently impossible.

I have spoken to many lawyers about this. Any US company operating in the EU is at risk of constant fines no matter what you do, due to this geopolitical issue.

troupo1y ago

> Any US company operating in the EU is at risk of constant fines no matter what you do, due to this geopolitical issue.

So why don't the poor trillion-dollar supranational corporations do anything about it?

I can tell you why: they are happy about this. And you can often find they sign their support for these laws in the US.

--- start quote ---

The CLOUD Act primarily amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil.

The CLOUD Act received support from Department of Justice and of major technology companies like Microsoft, AWS, Apple, and Google.

https://en.wikipedia.org/wiki/CLOUD_Act?wprov=sfti1#

--- end quote ---

Boohoo cry me a river about the plight of these poor hapless companies.

j / k navigate · click thread line to collapse

0 comments

JoshuaRogers1y ago

I would very much condemn the indiscriminate collecting, reuse, and selling of personal data, but I would also caution that those of us wanting to play by the rules find them lacking in precision.

troupo1y ago

> These are all strawmen, but they represent the kind of anxiety we feel.

No idea why you would feel the anxiety. If you're found lacking, you will forest get s notification from the DPA asking you to remedy the situation. You wont even be fined

pembrook1y ago

This is an ongoing geopolitical spat and compliance in good faith is currently impossible.

I have spoken to many lawyers about this. Any US company operating in the EU is at risk of constant fines no matter what you do, due to this geopolitical issue.

troupo1y ago

> Any US company operating in the EU is at risk of constant fines no matter what you do, due to this geopolitical issue.

So why don't the poor trillion-dollar supranational corporations do anything about it?

I can tell you why: they are happy about this. And you can often find they sign their support for these laws in the US.

--- start quote ---

The CLOUD Act received support from Department of Justice and of major technology companies like Microsoft, AWS, Apple, and Google.

https://en.wikipedia.org/wiki/CLOUD_Act?wprov=sfti1#

--- end quote ---

Boohoo cry me a river about the plight of these poor hapless companies.

j / k navigate · click thread line to collapse