| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by shray88 95 days ago

> Why GDPR. Didn't you say you're from Russia?

GitHub is a US company that processes data of EU residents. They're subject to GDPR. I've been in cybersecurity since I was 14 — data protection laws aren't new to me.

Additionally, California BPC § 17200 applies since GitHub is California-based.

> GDPR allows companies 30 days to answer

Correct. I filed the DPO request on March 17. The 30-day window hasn't expired. I'm sharing this now because the permanent ban came 70 minutes after my legal appeal with no review of the actual arguments.

> Why FTC. Didn't you say you're from Russia?

FTC accepts complaints from anyone regarding US companies. GitHub is US-based. Their business practices affect international users.

> I'm guessing the pages were largely AI generated?

I used AI to help with English phrasing — it's not my first language. The legal framework and arguments are mine. I've been interested in cybersecurity, privacy, and cryptography since I was 14. I considered getting into cypherpunk circles at one point. GDPR Article 20 isn't exactly obscure knowledge for someone in this field.

> theft of intellectual property

Fair point on the wording. More accurately: GitHub is refusing to provide data portability as required by GDPR Article 20. I retain copyright but am being denied access without due process.

> Having no backups is hardly the provider's fault

You're right I should have had backups. But GDPR Article 20 grants an unconditional right to data portability. "You should have backed up" doesn't exempt a company from legal obligations.

> That sounds like you have the code at least

I had a local copy of the VPN client (rsquad) from March 2. I lost: - Other repositories (hpp, node-filter, loshad-scoc, zhopa-bobra) - All issues and pull requests - Wiki content - Release packages - Account settings, SSH keys, GPG keys

1 comments

KomoD 94 days ago

> GitHub is a US company that processes data of EU residents. They're subject to GDPR.

You aren't located in the union in any way.

> I've been in cybersecurity since I was 14 — data protection laws aren't new to me.

Great, then you should be familiar with Article 3 of the GDPR:

> This Regulation applies to the processing of personal data of data subjects who are in the Union [...]

> This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union [...]

And Article 20 does actually have several conditions, it's not unconditional.

...

> Additionally, California BPC § 17200 applies since GitHub is California-based.

What does this have to do with "unfair competition"?

link