Hacker News new | ask | show | jobs
by wrldos 1221 days ago
This is an incorrect assertion.

We have to ask for permission on our SaaS products to collect this data as it's not necessary to collect it for the product to function. The EU GDPR mandates this.

Russ Cox is suggesting that there is no permission step and that the data is collected by default.

That is the issue.
2 comments
mbnull 1221 days ago
From my reading focused on this specific issue of the GDPR and the national laws of member states, this is not the case. Opt-in is specifically required for personal information. The telemetry data outlined in the proposal would not fall under this requirement. You can even retain time-limited IP logs with some special caveats. The GDPR is actually quite reasonable and fair.

Russ Cox is a very intelligent and effective engineer. He has a history of projects where he first analyses the problem space, then arrives at great solutions. He puts a lot of effort into discussing the problems and proposal with the community, especially after the widely criticized go mod decision by the go team (which is now mostly accepted as unfortunate, but in the end, the correct decision, I would think).

My point is: We all suspect Google and telemetry to be bad. But can we be charitable enough to separate the Go project, that is run by individual humans, and telemetry from our superficial cliches to actually read the proposal?

link
wrldos 1221 days ago
Google or Russ Cox's reputation is irrelevant. The idea stands alone. I'm merely crediting him with the idea.

I read the proposal. There is no discussion of the legality of this at all. I'd expect anyone with any level of supposed technical competence to consider this in relation to global data protection. I suspect there has been no legal review as mentioned in the thread because I know how slow the lawyers in this space work and the timeline between publishing this and now is too short to have had a conclusive answer.

As for your point about GDPR, I think if you apply your right to withdraw from opt out data collection and what that entails and then ask how this glaring defect is missing from RSC's paper, then you'll see exactly how much privacy consideration really went into this.

link
badrequest 1220 days ago
Can you articulate how this telemetry collection would violate the GDPR explicitly?
link
Thaxll 1220 days ago
GDPR only cover PI data so your comment is irrelevant.

https://gdpr.eu/eu-gdpr-personal-data/

link
kasabali 1220 days ago
Everything is PI when you connect enough dots
link