Hacker News new | past | comments | ask | show | jobs | submit login

why would that be? I don't think I have ever seen a site that disclosed they are using GA?

FWIW: I also prefer Plausible, and have all GA traffic blocked in my hosts file




Since it collects personally identifiable information (at least IP addresses, but it's not clear where it stops) this requires special treatment under GDPR: https://en.wikipedia.org/wiki/Google_Analytics#Privacy


Why does an unmonetized website about US court cases, presumably targeted towards Americans, need to care about GDPR?


Who says this website is unmonetized? The search query stream alone is very valuable.


There's no way to make an account, and there isn't any functionality for payment. There aren't even any Paypal/Patreon accounts or donation links. The info page on the site literally says "judyrecords is a 100% free nationwide search engine".

How do you think this website is monetized in the absence of those things?


Because the website is accessed by Europeans, meaning it is collecting Europeans data (via google analytics). But also because California has CCPA which is more or less equivalent to GDPR (as far as I understand at least. I might be incorrect).


Got it. In that case, whatever European commission is in charge of GDPR fines can charge them a % of their $0/year income like other GDPR violators.


I'm not sure that you understand GDPR fines, the annual revenue is only used as an upper limit for companies with massive revenue.

The service being free doesn't protect you.

> The less severe infringements could result in a fine of _up to €10 million, or 2% of the firm’s worldwide annual revenue_ from the preceding financial year, _whichever amount is higher_.

> The more serious infringements go against the very principles of the right to privacy and the right to be forgotten that are at the heart of the GDPR. These types of infringements could result in a fine of _up to €20 million, or 4% of the firm’s worldwide annual revenue_ from the preceding financial year, _whichever amount is higher_.

Source: https://gdpr.eu/fines/


Good to know. Hope the author of the site is aware of this if they ever go to Europe.

They should just block European IPs like other sites do, though. It'd be safer for them and also less work.


Yep. But as I said, California CCPA is more or less equivalent to GDPR, so even this might not be enough.


It was just an example; similar issues occur under the CCPA and other legislation. (Assuming no user is covered by GDPR, which is likely not the case.)


This is why services simply block European IP addresses. If your options are:

1. do extra work to make your service comply with laws in areas you don't live or have any customers

2. put a blanket IP ban in place for these places where you don't live or have customers

3. do nothing

Bigger companies will do number 2, and individuals/small business/small and unmonetized projects will do number 3.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: