Hacker News new | past | comments | ask | show | jobs | submit login

This is weird. Their privacy policy enforcing them to delete your account. I guess it is just a catch for those who don't know what GDPR us.

4. Right to deletion

a) Obligation to delete

You may request the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete such data without undue delay, if one of the following reasons applies:

- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

- You withdraw your consent on which the processing was based and there is no other legal basis for the processing. You object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing.

- The personal data concerning you have been processed unlawfully.

The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO.




It might be similar to how credit report agencies have to provide the reports for free under GDPR, but not before trying to make you pay twenty different ways.


>but not before trying to make you pay twenty different ways.

This itself is illegal. It must be simple and straightforward. EU laws broadly do not tolerate the rules lawyering popular in the US, companies know what the intent is and playing games will not work out in their favor.


Yet none of this is enforced, otherwise all the (non-compliant) obnoxious cookie consent popups would disappear overnight.

Same with the DMA - Apple is blatantly acting in bad faith and contempt of the regulations and have yet to see a fine.


a practice which was found to illigal in court cases


The question is - will they actually be fined by anyone in EU for this? Because in practice GDPR enforcement is incredibly spotty and slow.


It’s meant to take on the large/multiple offenders; if they get enough complaints about 1 company and after warnings that company doesn’t change, they will fine.


Facebook has probably the most complaints ever and the fines are a rounding error of the profit they made breaching the regulation.


they could fine without warning and IMHO they should start doing so it's the law isn't new isn't complicated to roughly get right for 99% of companies so there is no longer reason to go easy on companies which seem to very knowingly give a shit (independently of weather it actually was knowingly)


That would make it more like the US with over litigation, companies hiring people to find competitors in violation and going by the letter instead of the intent of the law. Also; the gdpr is large and complex but the intent is pretty clear; if we start to go by the letter, very many companies are unknowingly in violation but cannot afford consultants. They don’t abuse the data ; they just store too much for instance. It would be very strange if they get fined immediately; they will have 0 complaints over their existence probably, so a warning would suffice.

The companies that don’t give a shit aka ignore warnings from the overseer in their country, will get fined; small or big. It works fine.


GDPR enforcement happens on a daily basis

the problem is violations are just far to many

the reporting of them spotty

and the processing is far too slow

also too little clarification for "predictable edge cases and ways companies try to circumvent" had been put in law upfront (laws some a form of comment section into which such things can be placed, most times as result of previous court decisions)

and from the resources which are available too many are bound in large companies bullshitting around by trying to delay enforcement by a very obvious misinterpretations of the law and huge legal teams/founds to delay and delay and delay


Does the GDPR prevent the data controller from charging the user reasonable costs for deletion?

There are circumstances where they can charge a 'reasonable fee' for processing a Subject Access Request.


yes it's free of charge and has to be processed in due time

also having a payed deletion and a hidden free GDPR complilant deletion is also not legal




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: