Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The question is not whether one is compelled to provide their content, the question is what is required for the content to be provided.

It probably wouldn't surprise you that it is unlawful to require visitors to sacrifice a kitten to access a site, would it?



Sure, but killing a kitten is illegal, and accepting cookies isn't. They aren't asking for someone to commit a crime.

I assume it would be legal to charge money for reading the content... could they require that you create an account?


The whole point of the article (and of GDPR) is that accepting non-essential tracking cookies without user consent is illegal.


Determining whether a user has "consented" is impossible, as evidenced by this thread, so the law is folly.


In a highly technical sense, it is maybe not. In a legal sense, which applies human common sense when necessary, it absolutely is.


it is easy to determine if a user has consented. but if you go out of your way to mix in “i consented” and “i want this box to stop annoying me as quickly as possible” into one bucket, the fact that you have trouble separating them is a problem you created


Yeah, some other comments made that point more clearly. I think I understand better (it seems to be similar to anti-prostitution laws, where it is illegal to trade something you can give for free)

It does seem to lead to some strange loopholes though, like requiring an account for access.


> It does seem to lead to some strange loopholes though, like requiring an account for access.

That's false.

Requiring an account or even payment for access does not replace or imply consent of any kind, and all rules still apply even if the user is still logged in or paying.

In fact, it's probably more complicated for logged-in users since you have to comply to requirements of data-scrubbing, removing/anonymising logins/emails/passwords from your database upon request, etc.


How could you anonymize an email address for an account? You are going to need it to reset passwords


You have to do it upon request.

Meaning: more code that you have to write and time you have to spend.


Let's say I have a club, you have to do certain things to gain membership to my club if you don't do those things you can't get in. How is that any different? The club should be able to set the rules as it deems fit.


> The club should be able to set the rules as it deems fit.

That's only true under ideological assumptions that are far from universal. I think most people would be OK with society putting reasonably-justified restrictions on the kinds of rules the club can set.


Sure, I'm not a psychopath, I understand the usefulness of laws. I just don't think the restriction in question is reasonable. To me, it seems like a choice an individual should make for themselves: access or data?


That would create perverse incentives and make the web a worse place.

The point of the law is quite clear: allowing people to use the web without having anyone force them into giving away personal information.

Sure, some companies won't be able to be creepy to users, but that was an acceptable tradeoff to the law.


In theory, in practice users consent and move on. You’ve just added an annoying extra step on every site. Victory?


Or users decline and move on, since decline is supposed to be just as easy as consent.


They could, I just don't personally see that as a clear cut win for the web.


If UX is important, then don't track users. There's no consent required if you're not tracking.


Collecting data and being annoying are entirely optional and a choice made by companies. The law is a still a partial victory for privacy.


It may be optional but it seems to be the standard rather than the exception.

I just don't see people really caring about their privacy. When given the choice between convenience and privacy people generally choose convenience. As someone who doesn't have a dog in this fight, I just end up annoyed.


Just because something is a standard doesn't mean it's right. It also doesn't mean the law shouldn't discourage it.

And just because people don't care doesn't mean a company is automatically allowed to track people.

If the law were followed by the letter and companies weren't using dark patterns or ambiguous marketing-speak to convince people to allow cookies, only people with pro-tracking stances would allow it.


Only if they're _legal_ rules. Otherwise you get into unconscionable contract land.


The club still has to follow the law. You can't have a "murder club" and you can't have a "I don't follow the GDPR club".


My point was about meeting requirements to gain access. Not about following the law. However, would it be against the law to have a club that is only open to ex-cons?

I understand that the GDPR makes it illegal to make it necessary to consent to give up your data before gaining entry. I was just questioning that portion of the law. It would be a pointless conversation to question points of a law and have someone respond back "but that is the law".


> However, would it be against the law to have a club that is only open to ex-cons?

Actually, in some countries, outside narrow restricted cases like support groups, yes; criminal record is a protected class in some cases.

However, being an ex-con isn't illegal. Having a club where you required members to consent to a crime being committed against them, which is more analogous here, wouldn't be legal.


It's only analogous because this law makes that act illegal if you change the law then it's magically legal again.


... Well, yes. If you legalise murder, murder is legal. I’m not really sure what your point is.


The law in question is the GPDR. I’m not sure what your point is. If you change the law to allow people to choose to consent or not see content then it is no longer illegal. If we can’t have that discussion because it is currently illegal then I guess it’s pointless.


I mean, that change _could_ be made, but why on earth _would_ it be made? It would largely defeat this portion of the GDPR. Who actually wants that change beyond advertising companies?


Why would it not be made? Each person has agency in the decision to share their data. If it is indeed _my_ data then _I_ should be able to choose to sell it or move on. Forcing a companies hand, I predict, will just move more content behind a paywall, decrease access to legitimate information and further fringe conspiracies.


You can sell your data for cash.

But this thing where big sites say "data or else" isn't a proper negotiation. It's a contract of adhesion, and those get regulated for good reason.

If things get moved behind expensive paywalls, that's a shame. But if there is more truely free access, or content behind paywalls that charge as much as an ad is worth, that can be a net benefit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: