Comment by roenxi
7 months ago
I suppose this is a serious question - does this mean that in theory HN should ban UK users? Or is HN likely compliant with this law? It is hard to pierce through the Orwellian language in the article (does "safeguarding children’s personal information" mean retaining or deleting the data?).
It looks like this law (which is unrelated to the Online Safety Act) is concerned with children being subjected to ad-tech tracking and similar indiscriminate data harvesting, so a site like this which doesn't feel the need to share your habits with 2,541 partners is probably out of scope.
https://ico.org.uk/for-the-public/the-children-s-code-what-i...
> a site like this which doesn't feel the need to share your habits with 2,541 partners
How many might there be in this case, one wonders? https://www.ycombinator.com/legal/
I like how it's always "oh just safeguard people's data", oh "just" don't do anything bad with people's data.
Then you look up what the actual regulation says and it's hundreds of pages of pure legaleese (over 100 pages for GDPR, over 300 for Online Safety Act), that you'd need to hire a team of lawyers to parse and interpret to make sure you're not breaking any of the regulations therein.
> over 100 pages for GDPR
The first 33 pages are reasons why the law needs to exist. 23 pages are instructions for EU member countries and the EU itself.
The remaining legal text itself is spaced out more than any high school teacher would ever allow, and IMO it's also quite light on the legalese. Not enough that I'd feel confident to skip the legal department in my multinational, but it's far from the unreadable mess people make it out to be.
The OSA on the other hand... I'm glad I don't personally serve the UK.
The US tax code is over 2.5k pages, with an additional 10k pages of regulations. And I manage to file my taxes fine every year without having read all that because most of it doesn't apply to me. Following the GDPR is easy if you aren't trying to maximize tracking with minimal concessions to the law.
2 replies →
> Then you look up what the actual regulation says and it's hundreds of pages of pure legaleese
sigh
There is a difference between guidance and regulation.
GDPR isn't that hard to comply with, I know because I helped take a very large Financial News company from 0 compliance to full compliance. the guidance is quite easy to understand: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...
but, why are the regulations 100 pages of legalese? because rich companies, and unscrupulous shits pay money to to lawyers to avoid having to pay fines for breaking the law. You also have to carve out exceptions for things like charities, small organisations, have specific rules for things like health care, and define exceptions based on what are reasonable exceptions when detecting criminality
Say you take "the right to be forgotten", ie, I as someone who banks with Natwest want to close my account, withdraw my money, and get them to forget everything about me (ie stop sending me fucking emails you shits)
Thats simple right? the law says I have the right to have my details deleted.
But what if I committed fraud in that time? what if I am opening and closing, asking for deletion to get round money laundering laws?
And thats why the regulations for data protections are long.
Also GDPR regulations aren't that unreadable. You're most likely a programmer, legal texts are highly structured instructions (ie just like any high level programming language)
However, do not take this as endorsement of the unrelated law that is the online saftey act, which is badly drafted, gives too much power to an under resourced semi independent body, and is too loosely defined to be practically managed in any meaningful way by OFCOM.
I will however stick up for GDPR, because it stops the fucking nasty trade in in personal data that is so rife in the USA.
The GDPR is incredibly easy to read, what are you on about?
In theory, HackerNews should be concerned. There is no prevention of children using the site, and potentially "harmful content" could be access either on or through the site. Being an aggregator doesn't seem to be a get-out.
This has nothing to do with harmful content it’s about managing children’s data you collect.
So if I (not really) a 13 year old of the UK provide my email address to HN, how is that managed?
1 reply →
Wrong law.
This is GDPR. So long as they conform to the 13 principles then HN will be fine. Its nothing to do with the online safety act.
For the OSA (which I think is very badly drafted, and poorly enforced by OFCOM) so long as there is decent moderation (which there is), a way to report posts (there is) and the site doesn't persistently host actual abuse, then you're mostly fine.
It doesn't help that OFCOM are unwilling to change the scope of guidance to match the size and type of community.
HN is already non-compliant with several data privacy laws
In what way?
You cannot delete your comments.
4 replies →
Good
HN has moderation, won't track you without telling you, and will delete your content if you ask. That's literally all it takes, it's really not that Orwellian
Will HN really delete all your content if you ask?
Like, all your posts just disappear?
No they will not. You can change your username at the most.
1 reply →
HN will restrict how fast you can comment without telling you (unless you figure it out and ask). There's no indicator that your account has this restriction besides being prevented from commenting, there's no indicator what the limit is, and the appeals process involves a subjective judgement by HN leadership
There is no law against shadowbanning users