Hacker News new | past | comments | ask | show | jobs | submit login

Sorry to be that person, but I think this is probably a good example of something which is covered by the GDPR. OP has built profiles and is storing information about people, which makes them a data controller under the GDPR, and subject to its extraterritoriality provisions, as some of these users will be EU/UK citizens. I don't believe the exemption for personal use applies, as the data is being published.

If I remember correctly, they're now supposed to contact each person individually, explain why they're storing their data, and obtain their consent.

In practice, the chances of someone making a complaint and the issue being enforced are extremely low.




Personal data manifestly made public by the data subject should be OK per GDPR Article 9, aye?


I'd not seen that part of it before. I think the trick word here is "manifestly", and some sources seem to indicate that this means that the people would have to have expressly given consent for onward processing.

For example: https://iapp.org/news/a/publicly-available-data-under-gdpr-m...

Also Article 9 seems to be restricted to non-processable data about sensitive matters.

Anyhow, it's definitely a good example of how convoluted the language around GDPR can get, and how much of a minefield it is to try to follow it.

The usual caveat applies, I'm not a lawyer.


You don’t seem all that sorry.


Well my comment above is kind of pedantic and tangential, but I do think it's an interesting point.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: