TikTok, AliExpress and WeChat ignore your GDPR rights(noyb.eu)
41 pointsby robin_reala2 days ago6 comments
  • titaniumrain2 days ago
    This is hardly news TBH. Check this paper out

    https://www.ndss-symposium.org/ndss-paper/understanding-worl...

  • ReptileMan2 days ago
    We got hooked on cheap Chinese and US stuff. And guess what, drug dealers don't respect their customers.
    • Gud2 days ago
      That’s not been my experience with drug dealers.
      • WhatsName2 days ago
        Except for Aliexpress you are not a customer. Just like Facebook, Insta,... they are selling your attention to the highest bidder.
  • 0manrho2 days ago
    Responding to the article: Yeah, no shit. Glad to see someone is at least trying to do something about it, and I wish them luck.

    Relevant, from their about page:

    > noyb is a donation-funded NGO based in Vienna, Austria working to enforce data protection laws, in particular the GDPR and the ePrivacy Directive. At the present, a team of more than 20 legal and IT experts from all over Europe is working to ensure that the fundamental right to privacy is respected by the private sector. More than 5,000 supporting members support our work

  • hnaccountmea day ago
    I always wondered how the EU was going to enforce GDPR outside of the EU. I guess they really can't
  • aurareturn2 days ago
    [flagged]
    • Fethbita2 days ago
      How does this show EU tech regulation being out of touch and not these companies operating in countries and not following the laws in those companies? Requesting user data is a good way to make sure there’s not more data than is required and it’s a feature most tech companies have already implemented.
    • Quarrel2 days ago
      That may be, but meanwhile, these companies make a lot of money operating in Europe, so they need to follow the law.

      I think some of it is out of touch (omg, the cookie alerts!), but being able to understand what data a company retains about its users, and making that available to individuals if they ask, is probably one I agree with. Most of us don't need to know, most of the time, but the fact that people will occasionally audit this information is good for both users and the companies.

      • akie2 days ago
        We have cookie alerts because the world's largest browser, which is created and run by the world's largest advertising agency, has no incentive to make it easier for you to stop the flow of data you're sending them that's making them so much money.
        • Quarrel2 days ago
          That is not the reason at all.

          Google was very new when the EU proposed these laws in 2000. It certainly didn't have a browser.

          I think the privacy provisions and disclosures required under GDPR give users more useful information (ie they now actually need a privacy policy), and Cookie popups are just a silly distraction that offer no further value. We open so many web pages, so quickly these days, most users are not making informed rational decisions about the popup - they're just clicking it to make it go away. They both annoy users and give them a false sense of improved privacy protection.

          The blocking of third party cookies by browsers, and proper privacy disclosures are a much better solution.

          • akiea day ago
            > The blocking of third party cookies by browsers (is) a much better solution.

            Exactly! And why is that not being implemented? Because Chrome is top dog and they're earning a lot of money with your data, so WHY would they want to stop that data flow? Everything that would make it easier for you to protect your data would lose them money, so they have no incentive to do that.

            Instead, we are stuck with these annoying cookie banners, which are easily and wrongfully blamed on the EU instead of on the website owners and the browser vendors.

        • giingyui2 days ago
          Multiple official websites such as https://gdpr.eu/ have cookie banners.
          • latexr2 days ago
            Those have banners because they have to by law, regardless if the cookies they set would otherwise require a banner.

            https://commission.europa.eu/resources/europa-web-guide/desi...

            > Use of the cookie consent kit is mandatory on each page of the DGs and executive agencies-owned websites, regardless of the cookies used.

          • Kim_Bruning2 days ago
            Odd. I tried it in (what I thought) was a clean browser I use for testing, and didn't get a banner. Is it just me?
      • theLiminator2 days ago
        I'm curious what the implications are if I host a free web-app that EU users might end up using.

        As far as I understand, you're still subject to GDPR even if you're not making money off it. Seems like to me there's massive overreach where the lowest liability way forward is to just ban EU users from using anything you make (which still takes engineering/time to do).

        • piva002 days ago
          If you don't run a business in the EU there's no liability, you are only liable if you have users from the EU and a business entity in any EU country.

          Blanket bans for EU users is quite common, I see it all the time with local US news outlets, they simply block me from accessing it.

        • orwin2 days ago
          Obviously? I mean, half of the GDPR is 'if you have to store users data, make sure it's encrypted and don't sell it unless the agree to it', doesn't matter if you make money or not. But just following industry standards is enough.

          Like if you want to build a bridge at your own cost because the state doesn't want to do it. Even if you don't install a toll booth, you still have to follow safety regulations before people other than you can cross it, right?

          • theLiminator2 days ago
            Not only, you also must be able to delete user data. If you have anything that could be considered PII (including IP addresses) you're responsible for potentially needing to delete that.

            It completely makes certain engineering patterns like event sourcing/soft deletion almost infeasible, as you cannot have immutable records.

            The way it's described is very fuzzy and it's 200 pages long. Certainly it's long enough that I'd rather ban EU residents than open myself up to liability even if I generally want to do the right thing with user data.

            • latexr2 days ago
              The GDPR isn’t hard and its application isn’t unreasonable. Just don’t be an asshole collecting unnecessary user data and you’re fine. No one’s going to ask you to delete specific IP addresses, and you don’t need to keep those forever anyway. The only people who need to fear that law are those who have no respect for user data.
    • lousken2 days ago
      aren't you the one out of touch?
  • timonoko2 days ago
    Please shutup. Last time this kind of EU-whining produced only "If you dont accept cookies, you can piss off"-type checkboxes, whose effect to security is less than zero.
    • piva002 days ago
      The Cookie Law is different to the GDPR, I don't understand how HN of all places keep getting this wrong after 9+ years of GDPR, it's just a meme and I wish people here would be more well informed.
      • mnmalst2 days ago
        It's almost as if the least informed people are the ones screaming the loudest.
      • egorfine2 days ago
        People are confusing the two because both come from the same basket and both have a similar smell.
      • glimshe2 days ago
        From the perspective of many non-EU citizens, it's just one more piece of EU legislation that hurts and annoys. Being technically part of the GDPR or not isn't terribly relevant for most people.

        Note: I'm not defending or criticizing the law, just talking about how many people perceive it outside the EU.