1. Private Browsing, separate sessions in web previews, etc. are all somewhat less privacy protecting than you'd hope (IP tracking[A], browser fingerprinting, etc.) the GDPR mandates that companies ask you about tracking before they do it. Those notices are a sign that they're trying to do that.
2. I do work in the tech, marketing and security arenas and the GDPR was like kicking a beehive. Everyone at least looked around and asked themselves: "Do we really need to keep this data?" and in many/most cases the answer was: "No". So they got rid of it.
The GDPR is a lot like a vaccine, the power is in the prevention. Which won't make splashy headlines, nobody is going to write: "A million records weren't leaked today b/c they were deleted off the server 6 months ago as they weren't needed."
A - every time GDPR comes up on HN, someone complains about IPs (either that it doesn't matter and/or that their Apache log file is full of them, so why bother). GDPR regs focus on what data a company is collecting, how are they using that data and did they get consent for that. In the case of IPs, you can consider implicit consent b/c they're browsing your site. But you did _not_ consent to have your IP tracked as part of a 3rd party marketplace for retargeting ads.
1. Private Browsing, separate sessions in web previews, etc. are all somewhat less privacy protecting than you'd hope (IP tracking[A], browser fingerprinting, etc.) the GDPR mandates that companies ask you about tracking before they do it. Those notices are a sign that they're trying to do that.
2. I do work in the tech, marketing and security arenas and the GDPR was like kicking a beehive. Everyone at least looked around and asked themselves: "Do we really need to keep this data?" and in many/most cases the answer was: "No". So they got rid of it.
The GDPR is a lot like a vaccine, the power is in the prevention. Which won't make splashy headlines, nobody is going to write: "A million records weren't leaked today b/c they were deleted off the server 6 months ago as they weren't needed."
A - every time GDPR comes up on HN, someone complains about IPs (either that it doesn't matter and/or that their Apache log file is full of them, so why bother). GDPR regs focus on what data a company is collecting, how are they using that data and did they get consent for that. In the case of IPs, you can consider implicit consent b/c they're browsing your site. But you did _not_ consent to have your IP tracked as part of a 3rd party marketplace for retargeting ads.