Hacker News new | past | comments | ask | show | jobs | submit login

Those aren't the same though.

GDPR is basically "you are liable if you are actively exploited and data is stolen". You're saying that a company is liable if they ship bugs, which the GDPR absolutely doesn't care about.




> you are actively exploited and data is stolen

Not even close, you are liable for keeping the data you collect as a data processor or controller safe.


And "encrypt data at rest" is most of what you need to do to comply with the GDPRs data security stuff.

Which again, is nothing like "write bug free code or you're liable".


> encrypt data at rest

What? No, you have to have a DPO, provide clear language on what you do with data, who it's shared with and no intrusive prompts having opt-in by default just to have a few.


None of those things have to do with the actual security of your code/data storage. They're procedural.

The GDPR focuses on procedural liabilities. You're asking for application level liabilities, which like I've said 3 times now, are a whole different ballgame.

Since you're so deadset on this, I'll just ask again: Who is liable for Heartbleed or for Meltdown? Who gets sued, and for how much, and why?


> Heartbleed

Anyone who doesn't make an effort to update. If your hardware is still Heartbleed fucked and you're selling it, you deserve to lose money.

> Meltdown

Intel and AMD.

> Who gets sued

Noone. Here's your product back, it's defective, please cut me a check, that's all.


Ah, so since android and ios are already provided for free, nothing changes for consumers?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: