Hacker News new | past | comments | ask | show | jobs | submit login

Given that any default opt-out is a clear violation of GDPR when it comes to data gathering, I wonder how it ever passed compliance/legal. Given the size of the company (valued ~ $3b) they should have some 'data protection officer' position.

I recall they setup some blog page with explanations, so obviously they expected push back. Part of my work is making sure policies, code, etc. are compliant. Notifying compliance for such changes should be a standard procedure as well. In this regard I can't understand how the entire process went through, as GDPR challenge should have been expected.




There is a comment on the issue tracker alleging that the CFO overrode concerns by the Director of Global Risk and Compliance.


wow, do you have a link for?

pushing through legal recommendation is quite reckless. GDPR is quite a hot topic and the regulation has real teeth (aside the public backlash)


It's a comment by @rfc1459 on https://gitlab.com/gitlab-com/www-gitlab-com/issues/5672 "The CFO trying to overrule issues raised by the Director of Global Risk and Compliance. \n\n Just... wow." relating to https://gitlab.com/gitlab-org/gitlab/merge_requests/14182#no... - which on closer reading refers to snowplow, not Pendo.

The original comment from Paul Machle is "I don’t understand. This should not be an opt in or an opt out. It is a condition of using our product. There is an acceptance of terms and the use of this data should be included in that."

I am not a lawyer, but that does contradict pretty much everything I've been taught about GDPR.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: