|
|
|
|
|
|
by idrios
2822 days ago
|
|
|
Just a few hours ago there was an article on the front page about yet another tech giant getting hacked and losing contact info on hundreds of millions of users [1]. A GDPR in the US should have the power to audit companies and ensure compliance, just like the FDA does with health-tech companies. On the user side you might only see the effects of GDPR in the form of cookies that were added as a quick-and-dirty solution for companies that have built an infrastructure whose revenue model requires collecting user information. On the other side, law also gives a vector for the government to step in and demand changes to companies that are fast and loose with user data. If we'd had an effective GDPR in the US, the Equifax breach that lost everyone's social security number may have been prevented and they might have faced some kind of real repercussion when it did happen. Instead, data companies still get to privatize gains and externalize losses. [1] https://news.ycombinator.com/item?id=18117322 |
|
|
This is wanton overregulation. All we need is strict liability for data loss. After a few years of watching cases play out in the courts, we can revisit to see if more onerous regulation is required.