Hacker News new | ask | show | jobs
by mtmail 90 days ago
> Under GDPR Article 20

Why GDPR. Didn't you say you're from Russia?

> DPO request unanswered beyond automated ticket

GDPR allows companies 30 days to answer, or telling you they need more time to answer.

> FTC complaint filed

Why FTC. Didn't you say you're from Russia?

> Filed formal legal appeal (7 pages)

I'm guessing the pages were largely AI generated?

> This is, de facto, theft of intellectual property.

At this point I'm laughing and wonder which AI lawyer gave the confidence to suggest that.

> No export. No backup.

Having no backups is hardly the provider's fault.

> Project migrated to GitLab

That sounds like you have the code at least and can recreate the data.
1 comments
shray88 90 days ago
> Why GDPR. Didn't you say you're from Russia?

GitHub is a US company that processes data of EU residents. They're subject to GDPR. I've been in cybersecurity since I was 14 — data protection laws aren't new to me.

Additionally, California BPC § 17200 applies since GitHub is California-based.

> GDPR allows companies 30 days to answer

Correct. I filed the DPO request on March 17. The 30-day window hasn't expired. I'm sharing this now because the permanent ban came 70 minutes after my legal appeal with no review of the actual arguments.

> Why FTC. Didn't you say you're from Russia?

FTC accepts complaints from anyone regarding US companies. GitHub is US-based. Their business practices affect international users.

> I'm guessing the pages were largely AI generated?

I used AI to help with English phrasing — it's not my first language. The legal framework and arguments are mine. I've been interested in cybersecurity, privacy, and cryptography since I was 14. I considered getting into cypherpunk circles at one point. GDPR Article 20 isn't exactly obscure knowledge for someone in this field.

> theft of intellectual property

Fair point on the wording. More accurately: GitHub is refusing to provide data portability as required by GDPR Article 20. I retain copyright but am being denied access without due process.

> Having no backups is hardly the provider's fault

You're right I should have had backups. But GDPR Article 20 grants an unconditional right to data portability. "You should have backed up" doesn't exempt a company from legal obligations.

> That sounds like you have the code at least

I had a local copy of the VPN client (rsquad) from March 2. I lost: - Other repositories (hpp, node-filter, loshad-scoc, zhopa-bobra) - All issues and pull requests - Wiki content - Release packages - Account settings, SSH keys, GPG keys

link
KomoD 89 days ago
> GitHub is a US company that processes data of EU residents. They're subject to GDPR.

You aren't located in the union in any way.

> I've been in cybersecurity since I was 14 — data protection laws aren't new to me.

Great, then you should be familiar with Article 3 of the GDPR:

> This Regulation applies to the processing of personal data of data subjects who are in the Union [...]

> This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union [...]

And Article 20 does actually have several conditions, it's not unconditional.

...

> Additionally, California BPC § 17200 applies since GitHub is California-based.

What does this have to do with "unfair competition"?

link