It's kinda ironic that all the people here are complaining that facebook might not actually really delete literally every single bit of information that you have, while hacker news doesn't allow you to edit your comments, delete them, or delete your profile. This sort of functionality should exist on every platform that even has accounts.
Does anyone know if GDPR (or similar law in the future) will actually force HN and other sites that don't have this feature, to remove accounts, at least EU ones, upon request?
I understand your sentiment but I don't think deleting comments would make sites like these (community driven) appealing. Missing comments creates a big hole to a comment train, look at reddit. Missing/Deleted comments make the whole comment tree below it quite meaningless.
HN would invite a lot of trolls with this an would make it really difficult to create a submission archive that makes sense.
Now I don't know how it handles account deletion but reddit handles that well, a deleted account will retain its comments without a name if the user hasn't deleted all their comments. That makes sense and works well.
Deleted accounts could retain the comments but anonymise the accounts.
Also I don't think having the ability to delete your profile invites trolls. Usually one deletes their account because they post something wrong but which they genuinely believe is true then get downvoted and / or trolled into oblivion. These people we should probably be working to retain because while they might have been wrong, their contribution did improve the content on the site due to the corrections that followed. However sometimes the negative rep and / or harshness of the replies can make the corrections a bitter pill to swallow. So I think there should be a downvote cap for incorrect posts (or even disallowing downvoting for all but rudeness and spam) and working harder on improving forum etiquette.
I left after being hounded by trolls and sock puppets and, a year later, far from being deleted (as requested twice by email) my account was instead shadow banned.
Of course, likely as not this post itself is invisible. Likely as not the GDPR is as uninteresting as user's needs. Likely as not, Hanlon's razor applies. Although I would not brag about the last possibility.
The GDPR does force anyone who stores user data to delete it upon request.
However, IIRC, there is not much of a requirement of having a dedicated form of it. An email is sufficient notification you want this to happen (and you're of course free to ensure the user's identity).
After that they have to delete all data and take note of the deleted datasets so in case of a backup recovery the data will stay deleted.
If you have left a lot of personal information on Facebook, it is kind of the nature of the beast. They require your real name. They ask lots of personal details upon sign up. The profile grills you about your entire life, from where you were born to where you went to school to where you live and work.
HN does none of that. So, to me, it seems like a really different situation.
> Does anyone know if GDPR (or similar law in the future) will actually force HN and other sites that don't have this feature, to remove accounts, at least EU ones, upon request?
As far as I know, the GDPR is more of a clarification (along with some explicit guidelines for fines), than it is new legislation - so hn and similar sites would already be in breach, if they didn't allow the deletion of all profile data. I'm not certain that having to email someone at hn to do it, would be in breach of current data protection regulation. It may be that not clearly stating: "to get a record of all data hn has stored on you, make correction or delete all data - please email (...)" will be in breach of GDPR.
But afaik hn does no business in the EU - so it's not clear what sanctions would be applicable.
It's different for companies that does business in the EU / EEC.
No. EU laws/regulations dont't apply outside its jurisdiction. GPDR will affect Facebook, Google etc. just because they are operating in EU market[0]:
"This won't apply to every U.S. business — just the ones that are knowingly, and actively, conducting business in the EU. In this vein, EU courts have the discretionary ability to determine if a U.S. company was purposely collecting EU resident data and subverting GDPR compliance."
I respectfully disagree. As you can see at [0], quote, "as [the GDPR] applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location [...] Non-Eu businesses processing the data of EU citizens will also have to appoint a representative in the EU."
edit: This means it applies to EU citizens regardless of where the processor is located and to non-EU citizens if they are currently in the EU
Yes, but I'm sure this will only be valid for big enough companies (read serving millions of EU citizens) as it's subjective what "processing the data of EU citizens" actually means. It's not realistic to expect every minor mom&pop eshop or minor online service worldwide to appoint a representative in the EU. Furthermore, enforcing these rules will highly depend on international relations as it's outside of EU jurisdiction and it can only reach non-EU companies by collaboration and signing treaties with other governments, so this means USA and maybe Canada, but I highly doubt to see companies from China or Russia etc. to be held accountable.
Well, only time will tell, I just relayed what I've heard from people much more knowledgeable in this area than me. How I understand this is that if you serve many enough EU citizens, please be kind, open a branch in EU or at least send a representative, because you are de-facto doing business here. Mainly this is to avoid situations where, for example Facebook, closes its EU offices and pretend to have no EU presence (and no need to abide EU regulations) despite hundreds of millions EU citizens use their services.
Sure, it technically applies - but I doubt it will have any effect. Compare it to hacking across border where there is no extradition. At least until some form of GDPR is rolled into international trade treaties.
I very much doubt GDPR penalties will be levied at individuals - even when a business entity is wholly controlled by an individual. Blocking of criminal services does seem probable in extreme cases - but so far most of Europe has been pretty lenient wrt outright censorship as far as I know. Filtering certain child pornografi content being an exception.
On a side note, the cp filter is scary - as the infrastructure implies the existence of censorship infrastructure ready for abuse in the event of a power shift.
Not really. It enforces a quality and rigor when entering comments. I have been to forums where people were altering their posts long after the discussion continues. That makes the threads loose meaning.
> Does anyone know if GDPR (or similar law in the future) will actually force HN and other sites that don't have this feature, to remove accounts, at least EU ones, upon request?
GDPR only covers personal information. So it only covers the IP and username in case of hackernews (unless someone adds their name into some sort of signature)
Why is it ironic, you are user "a254613e" that's literally all anybody on NF knows about you. That's pretty anonymous no? HN has no real name policy or even requirement of a verified email to participate.
That's great if you sign up with the intention of posting anonymously, but if you post here for years using your name or your chosen alias (eg I'm onion2k on everything; it's trivial to find out who I am), and then decide you don't want to be associated with your HN history it's not so helpful. Also forensic tools are clever enough to take someone's comment history and use the little information in there to work out who you are. We leak information all over the place. A user name isn't the only way to find someone.
It's fair for people to change their mind and ask for functionality to delete data that's associated with them. I don't think the internet would be nearly as useful as it is now if everyone had to be anonymous from the start in case they want to stop other people seeing the content they created later.
However, that said, it's also reasonable to suggest people shouldn't be able to say appalling things and just delete their account later with impunity. There's a strong argument that someone's internet history should be available as a record.
That's pretty naive. When you have an account for a while, a lot can be deduced from the comments you make - both from what you say, how you say it, and when.
There's nothing at all naive about self-censoring certain personal information and modulating your behavior. Guess what, the physical world is the same way.
Does anyone know if GDPR (or similar law in the future) will actually force HN and other sites that don't have this feature, to remove accounts, at least EU ones, upon request?