|
|
|
|
|
|
by agotterer
3013 days ago
|
|
|
I'm not a lawyer either, but have been going through the GDPR process at my job. It doesn't matter if you operate or are established in the EU. If you have EU visitors/users they gain the protections of the GDPR and you have to comply. GDPR affects any org/site that collects personal or sensitive data. Amongst many others IP address and email address are considered PII under GDPR. We use IP address for some high level geolocation data and decided to drop the last octet so it's not tied directly to an individual visitor. The specialists we spoke with had concerns about free form input fields because anyone can write anything they want in them. In the case of hackernews it seems like email address, ip, profiles, and comments could contain personally identifiable data. I'm also curious how HN similar sites are supposed to comply with GDPR removal requests when it can destroy the usability and functionality of the site. |
|
|
You aren't required to put anything in the profile. If you choose to put information in the profile, you can remove it yourself at any time you so choose.