Hacker News new | ask | show | jobs
by mynameisvlad 1101 days ago
> (unless they contain personal info)

Do you think they are going to go through each of your comments individually to determine if it contains personal info or not? That requires actual time and effort, and as an individual user you or your comments are nowhere even remotely in the vicinity of important enough for that.

It’s far easier for them to take the loss and delete wholesale.

Do they do this? I don’t know, I haven’t done it. But it certainly could be argued that by them not doing this, they are not fully complying with the requirements of a GDPR deletion request.
1 comments
cinntaile 1101 days ago
That would destroy their whole value proposition, your user generated content is their goldmine. Of course they don't have to sift through your thousands of posts to find the one that has GDPR info, you'll have to show them the post.
link
mynameisvlad 1101 days ago
You cannot impose requirements like that as part of the deletion process.

It is 100% not the user’s responsibility to keep track of this information. That is explicitly a requirement of the provider and it is fully on them to ensure that a deletion request deletes all the personal data. If they didn’t tag it properly and can’t ensure that, then that is their problem to solve not yours.

Their value proposition is also not a single user’s data. It’s the entirety of the data set. One user’s data is nearly worthless, certainly not worth enough to have a human review it. Which was my point.

link
cinntaile 1101 days ago
I take it you haven't seen how forums deal with GDPR notices? It's exactly how I described. The profile is anonymized/emptied and the posts stay.
link
vonmoltke 1101 days ago
Just because a bunch of forums do it that way doesn't mean it's correct. When I was at Twitter the Compliance team determined that all user-generated content was Personal Data under the scope of GDPR. Those forums may be getting away with it right now, but they're playing with fire. If someone wanted to raise a stink with regulators they could be in trouble. I guarantee you if Reddit or a site of similar scope tried something like that someone would.
link
cinntaile 1101 days ago
I know of two forums in two different EU countries that have also consulted with lawyers and determined that it was sufficient. I am inclined to give higher weight to your opinion simply because Twitter Compliance will have access to a larger team of lawyers, do you know if they were American lawyers or EU lawyers?
link