Hacker News new | ask | show | jobs
by lbriner 1226 days ago
GDPR (EU and UK) is much more nuanced than this makes out. For example, there are a number of legal bases that can be used to process someone's personal data.

For example, "Legitimate Interest" can be used if there is a reasonable way that the usage could be foreseen like sending a "How did we do" email after somebody buys something. Unfortaunately, this is not well-defined in the regulations so, for example, one company I came across got my information from Linked In, sold it to other businesses and those directly contacted me to sell something on the basis that the vacuuming company had a "legitimate interest" in selling my data i.e. it's how they made their money.
4 comments
wokkel 1226 days ago
It's pretty well defined for the Netherlands and "making your money" as a legitimate interest could result in a hefty fine. Imho rightfully so.
link
calny 1226 days ago
Additionally, individual US states have started passing laws on data privacy, and these laws sometimes impact email marketers who do business in those states. For instance, California has the CCPA (recently amended by the CPRA), and Colorado, Connecticut, Utah, and Virginia recently passed their own laws. Still, credit to OP for raising awareness of data privacy issues.
link
margorczynski 1226 days ago
Additionally I would say it creates a barrier for entering the market by small companies and startups. The idea is good but the execution is kinda off I would say, but that's usually how it goes with politicians and bureaucrats.
link
legitster 1226 days ago
At our company, we are actually required to timestamp and enumerate the legitimate interest on all new marketing leads.

I think the issue is here that GDPR is a fairly poorly written cudgel of a law, and regulators are really only using it to go after larger foreign tech companies. Smaller, local companies can get away with much more malfeasance because it would be such a pain to enforce.

link
arlort 1226 days ago
> really only using it to go after larger foreign tech companies

The big notable cases are against large tech companies, but most of the fines and procedures involve local entities

link