Hacker News new | past | comments | ask | show | jobs | submit login

I mean, GDPR is a step in the direction. Many websites, and by extension, people seem to think that you comply by 'gdpr' by putting up a stupid cookie banner.

But the real compliance is not storing PII, then you don't even need a cookie bar!




Asking companies not to retain PII is like asking a crack addict to please ignore the crack pipe and torch while you step out for an hour. The only solution is to make PII radioactive. Tax it. Burn companies that abuse it or leak it to the ground. HIPAA is a fucking nightmare but companies still figure it out:


GDPR is mostly that; the penalties for data breaches are essentially a tax on PII. GDPR also restricts how you can process data and the user should always be informed and has the right to object.

The problem is that the GDPR is not being enforced seriously.


When the law defines 32 but numbers (IP addresses) as PII, it’s not terribly surprising to me that “real compliance” is not eagerly adopted.


GDPR doesn't define IPs as PII, unless you use them as such. If you have a legitimate use for IPs, then you're fine.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: