[danjoc]

>Docker Hub is also blatantly in breach of the GDPR.

Truth is, no one cares. GDPR is an overreach designed to shake down American mega-corps. Docker has no money so the EU isn't going to do anything to them.

>I’d report them to the Information Commissioner‘s Office myself if I didn’t think they were about to fold anyway

I'm sure they're inundated with complaints from unsuccessful companies trying to shoot down their biggest competitors already. Adding one more to the pile is only going to waste your time and that of EU regulators.

[8bitsrule]

"overreach"

You mean, like Google continuing to compile Location statistics while assuring users they're not?

"designed to shake down American..."

Or, it's not just a scam after all ... for whatever reason, some places in the world feel a need to protect themselves from US ...

... and they're actually trying to protect their citizens. Unlike 'our representatives' (hah!) in the US Congress.

[GenericsMotors]

> Truth is, no one cares.

You will, if you have EU customers.

> GDPR is an overreach designed to shake down American mega-corps.

The GDPR is the result of mega-corps (American ones in particular) not giving two shits about how their users' personal data is handled. Cry all you want now that the milk's spilled, it won't change the fact that this legislation was not conjured in a vacuum, but as a response to the way corporations behave when not obliged to care about personally identifiable information.

> Docker has no money so the EU isn't going to do anything to them.

A formal reprimand might suffice. Contrary to the naive american view I see here on HN, EU data regulators don't immediately try to shut you down by barging into your company's office with a SWAT team.

> I'm sure they're inundated with complaints from unsuccessful companies trying to shoot down their biggest competitors already.

How sure? 100%? 50%? Less? What are you basing your assertion on?

> Adding one more to the pile is only going to waste your time and that of EU regulators.

There's a characteristic nearly all government departments share: they may be slow, but they're steamrollers. They'll get to you eventually.

[thayne]

> Truth is, no one cares. GDPR is an overreach designed to shake down American mega-corps

And yet it hurts small startups that don't have the resources to become fully GDPR compliant more.

[jonbronson]

This is just inaccurate. GDPR is derived from warranted concern over rampant data abuse. And it's actually much easier to make a startup GDPR compliant than it is to overhaul a large company with rigid systems already in place. If anything, GDPR favors startups.

[pluma]

It hurts small startups trying to perpetuate the same blatant disregard for human rights as American startups have done in the past. It doesn't hurt small startups that are privacy-aware and treat their users with respect.

Not giving users a way to delete their accounts was never okay. Tracking user behavior without consent was never okay. Holding users' data hostage was never okay. Not giving people a way to correct the data you keep about them was never okay.

US startups have been playing on easy mode by getting to ignore human rights and just follow the local letter of the law even when going international.

If anything you'd think HN "classical liberals" would love this as it evens the playing field, allowing for fairer competition between already privacy-aware EU companies and the previously unfairly advantaged US companies entering the EU market. Of course this assumes you think privacy and data ownership should be protected as human rights in the first place.

[thayne]

> Not giving users a way to delete their accounts was never okay. Tracking user behavior without consent was never okay. Holding users' data hostage was never okay. Not giving people a way to correct the data you keep about them was never okay.

Sure. If being GDPR compliant just meant you just don't have to do those things, it wouldn't be a problem. But with GDPR you now have to spend time (=money) understanding what GDPR means (probably with a lawyer's help) and ensuring that you are in fact compliant. "I try to protect user's privacy" isn't good enough when the EU could effectively put you out of business if you aren't. You'll have to deal with Data Access Requests, most of which are from trolls. You may need a DPO, which might require hiring someone. I'm all for protecting privacy, but the GDPR adds quite a bit of burden, which large corporations will be able to eat, but will set back smaller corporations. Really medium size companies are in the best position, since they have the resources to meet GDPR obligations, but don't have to do massive overhauls like the big corps do.