Hacker News new | ask | show | jobs
by apexalpha 2824 days ago
>If a new regulation insisted that on entering a hotel room, a member of the hotel staff had to use a blacklight and you needed to explicitly approve every illuminated mark larger than a quarter, then you would be annoyed at that regulation.

How about this. For the past 25 years every hotel that you checked into has kept a record of:

- How often did you visit?

- How much money did you spend?

- What type of CC do you have?

- Did you watch porn?

- If so, what is your favorite type?

- Did you pass on dietary restrictions to the chef?

- Were you alone?

- Did someone other than the person listed as your wife on FB join you for the night?

- etc... etc... etc...

And then, without your consent, without even notifying you they sold this information to credit score companies, to advertising companies and to whoever the fuck will buy it.

Without. Your. Consent.

THIS is how the internet works today. Everyone grabs as much data as they can and then sells it to whoever wants to buy it. You have no vote in this. It just happens and it says so in weird legal terms on page 373 section 44 subsection 7a of their 700 page Terms of Service.

GDPR gives you this vote.

GDPR says: if you want to resell data you harvest you HAVE to get their consent, in clear and understandable terms. Can't bury it in your TOS.

GDPR says: you cannot make your website / app / service unavailable if people refuse this.

GDPR says: you can ask companies how much and which data they got on you and they have to provide it.

GDPR protects you from an invisible industry many people don't even know exists.
2 comments
anfogoat 2824 days ago
>GDPR gives you this vote.

>GDPR says: if you want to resell data you harvest you HAVE to get their consent, in clear and understandable terms. Can't bury it in your TOS.

>GDPR says: you cannot make your website / app / service unavailable if people refuse this.

>GDPR says: you can ask companies how much and which data they got on you and they have to provide it.

>GDPR protects you from an invisible industry many people don't even know exists.

And it does it by in effect forbidding you from interacting with parties that don't follow EU mandated criteria for what needs to happen for a packet to go from A to B. I don't care about what the EU thinks is good for me, I want to interact with server X whether or not it is GDPR compliant and whether or not it's over a protocol that lends itself to this nonsense; my data is supposedly mine, so fucking let me.

link
apexalpha 2823 days ago
How does not selling your personal information to a third party block you from visiting a website?

GDPR is fine with the selling of information, as long as you have given consent in clear language and not buried in TOS.

link
mrep 2823 days ago
I think he is referring to websites that are now blocking all EU users because of GDPR.

I'm surprised companies aren't just pulling the same move porn/alcohol websites use with age by asking the user if they are an EU citizen/in the EU and if they answer yes, send them to a static "we don't service the EU" page at which point everyone just lies so they can still access the page with the tracking.

link
emteycz 2824 days ago
> And then, without your consent, without even notifying you they sold this information to credit score companies, to advertising companies and to whoever the fuck will buy it.

> Without. Your. Consent.

I'm really sure that every hotel has its terms of services. So does Facebook and every other site. What you described has always been illegal, and it has also never happened. What was sold was composed of data according to the terms of service that every person included agreed with. If agreement isn't consent, what is?

link
TeMPOraL 2824 days ago
Did you read, or was even aware of, a ToS of a hotel on use of personal data? This is entering the "local planning department in Alpha Centauri" territory.

As a regular person, you should not need to be aware of such things. What GDPR tries to do is to restore some sane defaults into the process, just like customer protection laws do.

link
mr_overalls 2824 days ago
This quote seems apropos:

“It is difficult to get a man to understand something, when his salary depends on his not understanding it.” --Upton Sinclair

link
TomMarius 2824 days ago
Yes, I generally check ToS of whatever services I use, including hotels. And no, it's no "local planning department of Alpha Centauri" territory, it's available on their webpage and in paper form at the reception, usually framed and hanging on the wall. I check it to see what happens if I overstay, but skim through the whole thing.

As a regular person, if I want to use a service offered by someone, I should at least look into their terms - even with GDPR in place.

I'm not saying I disagree with you - but that's an opinion; on the other hand you said that consent was not given, which is simply not true - consent has a definition and that definition was fulfilled, the law doesn't treat ignorant people differently. If you want to say "I don't think <something> should be enough expression of consent", that's OK, say it - but don't lie.

link
TeMPOraL 2824 days ago
Fair enough. I do read the regular ToS of the hotel that they frame and hang on the wall; it's usually standard stuff and not once I remember reading anything there about use of my data. It's just the usual "hotel night is from X to Y, please don't do <list of ridiculous stuff that some people apparently do in hotels>". So from your comment I assumed that there must be an extra ToS that covers use of personal data. If there is, I've never noticed it.
link
TomMarius 2824 days ago
I don't think there are many hotels handling your personal data except for legal purposes, so they mostly don't need any data policy. So far I've encountered one that simply said that data might be shared with other branches of their company, which I'm happy about.
link
daveFNbuck 2824 days ago
It sounds like you agree that forcing people to read and agree to individual portions of the ToS is not a downside of GDPR, since we should all be doing that anyway.
link
TomMarius 2823 days ago
I don't agree nor disagree. The comment I replied to was talking about the past, and in the past, the laws were different and consent was given according to them. I deliberately didn't say if I support GDPR or not, it doesn't matter; the comment said "without your consent" which is simply not true.
link
icebraining 2824 days ago
Freely given consent, as per the GDPR, must be explicit and optional (even if you have consent to use the data for the service being performed). A line buried in a ToS does not comply.
link
TomMarius 2824 days ago
That's today, I replied to a comment talking about the GDPR-less past.
link
icebraining 2824 days ago
My point is that you can simply change the previous comment to read:

"And then, without your freely given consent, without even notifying you they sold this information to credit score companies, to advertising companies and to whoever the fuck will buy it."

And the point still applies.

link
TomMarius 2824 days ago
No, the original point doesn't apply. Your edits make it completely different, so of course my reaction would be nonsense. "Consent" is a well defined word, and its meaning was fulfilled in the examples the comment listed - of course that would be different today.
link