Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: How are you dealing with GDPR?
5 points by pier25 on Sept 1, 2021 | hide | past | favorite | 4 comments
We're dealing with two major issues.

1) Data transfers outside the EU

We're using Fauna which is a distributed database, and it seems we won't be able to use the distributed features. To be able to transfer EU data outside the EU, the US would need to have deemed adequate in terms of data protection by the EU and this hasn't happened.

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

So far, it seems the most sensible option for us having users worldwide is to just store everything in the EU and be done with it.

The alternative is of course having 2 databases, with the complexity that this brings.

2) Analytics data

We initially wanted to offer visitor analytics to our users which included the country. To do this we planned to get the location using the IPs from the NginX logs, but under the GDPR IPs can be considered personal information.

Also, retrieving the country for a particular IP is also considered personal information.

Under the GDPR law, users have to opt in for this collection which results in a terrible UX for our users' visitors and, again, complicates everything.

This is all very confusing to be honest. I've seen some sources that say IPs can only be considered personal information if you're an ISP and can tie an IP with a person. But then I've also seen sources claiming it doesn't matter.



> which results in a terrible UX for our users' visitors and, again, complicates everything

In all seriousness: have you considered not tracking users then if you already know they would dislike it?


We're not tracking users but yeah of course we've considered removing the feature completely.


GDPR is not the only data regulatory regime in the world. If you store all of your data in the EU you may run afoul of Indian data locality requirements for instance.

One of the killer features of cockroachdb is the ability to key data to a location.


> If you store all of your data in the EU you may run afoul of Indian data locality requirements for instance.

Oh god this never ends, does it?

> One of the killer features of cockroachdb is the ability to key data to a location.

Yeah this is something Fauna definitely needs.

Right now you can only create databases in a particular region but the killer feature would be to restrict documents to regions instead of whole databases.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: