[gkgicccj]

Are there thinkpads with AMD?

PS: how does one delete old HN comments? Seems like a major privacy issue to me.

[floatboth]

A series are basically X/T series (exact same chassis) with AMD. The Ryzen versions aren't out yet, but everyone is expecting them "soon"…

[kuschku]

> PS: how does one delete old HN comments? Seems like a major privacy issue to me.

There's no option in the interface, the best option right now is asking nicely per email.

Of course, you can just wait until May and then use the rights the GDPR grants you to force them to delete your comments.

[e12e]

Assuming the poster has rights under GDPR, and hn will adjust to follow GDPR. Does seem likely they will (have to).

[kuschku]

The GDPR applies to (basically) any business on the planet that stores data of EU citizen. So it's quite easy to make that assumption.

[e12e]

Yes, but the GDPR doesn't apply if the poster is eg a US citizen, as ycombinator isn't based in the EU.

It will/would apply to my posts - or my relationship with ycombinator, for example.

And then it would depend if/how yc would comply; by refusing access from the EU, or aiming for compliance.

[kevin_thibedeau]

How is social media commentary willingly handed over for public exposure a form of personal data? If GDPR is allowed to have such wide applicability there's going to be a lot of shakedown scams from bad actors.

[e12e]

> there's going to be a lot of shakedown scams from bad actors.

I'm not sure how that would work.

Any compliant service is likely to allow self-service (eg: a button to delete a comment; a link to list out all data; an edit function to correct wrong data).

If you're storing personal information and don't comply with the law, you risk a fine. Just as you risk a fine for mismanaging health data, or risk prosecution for storing data that is illegal, like child pornography.

[e12e]

You might also want to look at GDPR chapter 3, article 12, point(?) 5:

"Information provided under Articles 13 and 14 and any communication and any actions taken under Articles 15 to 22 and 34 shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either:

charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or

refuse to act on the request.

The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request."

https://gdpr-info.eu/art-12-gdpr/

[kuschku]

Basically, for any data you give a company, you have to be able to later on have them remove it, or at least remove the association with you. For stuff like personal messages or posts, just anonymizing won't even be enough to comply.

This is grossly oversimplified to the point of almost being wrong, but is the general idea of what applies here.

[jwineinger]

Wouldn't it only matter if the company is within EU jurisdiction?

[kuschku]

Not really. For example, if the company has assets within EU jurisdiction, those can be seized to pay the fine, or if the company has assets outside of the EU, but with EU companies (e.g. banks), they can be forced to help seizing the assets.

There is countless precedent of the US using these tactics to enforce IP law, and EU countries using them to enforce consumer laws.

It is expected that the EU would do exactly this.

For example, if YCombinator refuses to adhere to the law, but holds shares in an EU startup (and they do in several), then those shares could be seized and auctioned off to enforce the law.