Hacker News new | past | comments | ask | show | jobs | submit login

This “one neat trick” means that some high level employee probably had to do it by hand.

Making a request like this is a borderline unethical waste of someone’s time.




It puts companies on the spot to have internal tooling to deal with requests like this; which is not a bad thing. Nothing unethical about that; just the price of doing business.

The mindset change that needs to happen in our industry is that companies should build this into their products by default. "Download my data" should be a feature that is simply planned and built. Just like "permanently delete my data" is not optional either. It's not even that hard to build mostly. It's only hard if it catches you by surprise, which these days is poor planning more than anything else.

In Europe, and Germany especially, you can just expect people to do GDPR requests just because they can. We've had that happen right after GDPR became a thing. And you are legally required to be ready for that and respond in a timely fashion. If you want to do that manually, that's your problem. Small startups get a way with that. At some point it becomes annoying and you just fix it properly. Up to you when you do that.


How much do you expect that “price of doing business” to cost? Probably at least $10k plus opportunity cost which for my small app business would be a serious kick in the nuts.

These regulations just further enable monopolies and make it more difficult for diverse entrepreneurs to get into the game.

I’m just saying to be mindful that you might be costing a small business an enormous amount by making these types of requests.


I'm CTO for a small startup. 10K seems like a wildly high estimate for such a simple feature that you could have known for years that you are required to offer. You do need a certain level of competence on your team to do it. But then perhaps lacking that competence, why should people trust you with their data?


Unethical to use your right to access your data? Interesting take.


It’s your right in Europe. It’s offensive that some would expect a non-European organization to comply.


As long as company services customers from EU they have to comply and support their laws. This whole GDPR drama was caused in majority by huge American companies like Google and Facebook, doing whatever they like.


I mean the company should automate this if this is wasting too much time.


I did an export tool like that for one of my apps and it’s not that complicated. Keeping the exported files secure and authenticated was more work than actually generating them




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: