Hacker News new | ask | show | jobs
by Privvy 2986 days ago
GDPR is red herring. Current laws already require opt-in when collecting biometric data. From 2011:

> The Hamburg data protection authority on Tuesday ruled that Facebook’s facial recognition feature, which attempts to identify people in photos uploaded to the site, violates German privacy laws.

> Johannes Caspar, the head of the authority, said Facebook should not be collecting users’ biometric data – such as their face shape and the distance between their eyes – without getting their explicit consent. He has demanded that the social networking site change or disable the feature. All data collected so far should be deleted.

> Mr Caspar has given Facebook two weeks to respond. If the company is unable to make changes, Mr Caspar said the Hamburg authority would consider bringing legal action against it.
1 comments
PunchTornado 2986 days ago
???? nobody and nothing has made fb or google move about this like GDPR. Local laws are made to be broken. If a court in Hamburg tells fb to do something then they can easily play it along.

GDPR enforces fines of 4% of their global revenue so that's the only reason for them to respect it.

link
Privvy 2986 days ago
Of course penalties for non-compliance have gone up. But collecting biometric data without explicit and informed opt-in, is already against the laws of many EU member states, and has been for nearly a decade. Facebook is walking on thin ice.

It seems they ask for permission, so the title that users are auto-enrolled may be misleading. But if they do auto-enroll: It is against the privacy laws already, no need to wait for GDPR.

About respecting local laws, I find this a difficult issue. What to do with draconian local laws that forbid ridiculing a president? But if it has to be a yes-no: I'd say, yes, obey local laws when you serve users there. Remove comments from Turkish IPs that slander their president, but keep comments from German IPs that ridicule Turkey's leader.

link