I suppose this is a serious question - does this mean that in theory HN should ban UK users? Or is HN likely compliant with this law? It is hard to pierce through the Orwellian language in the article (does "safeguarding children’s personal information" mean retaining or deleting the data?).
It looks like this law (which is unrelated to the Online Safety Act) is concerned with children being subjected to ad-tech tracking and similar indiscriminate data harvesting, so a site like this which doesn't feel the need to share your habits with 2,541 partners is probably out of scope.
I like how it's always "oh just safeguard people's data", oh "just" don't do anything bad with people's data.
Then you look up what the actual regulation says and it's hundreds of pages of pure legaleese (over 100 pages for GDPR, over 300 for Online Safety Act), that you'd need to hire a team of lawyers to parse and interpret to make sure you're not breaking any of the regulations therein.
The first 33 pages are reasons why the law needs to exist. 23 pages are instructions for EU member countries and the EU itself.
The remaining legal text itself is spaced out more than any high school teacher would ever allow, and IMO it's also quite light on the legalese. Not enough that I'd feel confident to skip the legal department in my multinational, but it's far from the unreadable mess people make it out to be.
The OSA on the other hand... I'm glad I don't personally serve the UK.
The US tax code is over 2.5k pages, with an additional 10k pages of regulations. And I manage to file my taxes fine every year without having read all that because most of it doesn't apply to me. Following the GDPR is easy if you aren't trying to maximize tracking with minimal concessions to the law.
Most of this comes down to "Use your brain" and if you try to get around it with an Um Actually, they have the specific page to counter it. You need a legal team when you want to ride as close as physically possible to violating the law without crossing the line.
but, why are the regulations 100 pages of legalese? because rich companies, and unscrupulous shits pay money to to lawyers to avoid having to pay fines for breaking the law. You also have to carve out exceptions for things like charities, small organisations, have specific rules for things like health care, and define exceptions based on what are reasonable exceptions when detecting criminality
Say you take "the right to be forgotten", ie, I as someone who banks with Natwest want to close my account, withdraw my money, and get them to forget everything about me (ie stop sending me fucking emails you shits)
Thats simple right? the law says I have the right to have my details deleted.
But what if I committed fraud in that time? what if I am opening and closing, asking for deletion to get round money laundering laws?
And thats why the regulations for data protections are long.
Also GDPR regulations aren't that unreadable. You're most likely a programmer, legal texts are highly structured instructions (ie just like any high level programming language)
However, do not take this as endorsement of the unrelated law that is the online saftey act, which is badly drafted, gives too much power to an under resourced semi independent body, and is too loosely defined to be practically managed in any meaningful way by OFCOM.
I will however stick up for GDPR, because it stops the fucking nasty trade in in personal data that is so rife in the USA.
In theory, HackerNews should be concerned. There is no prevention of children using the site, and potentially "harmful content" could be access either on or through the site. Being an aggregator doesn't seem to be a get-out.
This is GDPR. So long as they conform to the 13 principles then HN will be fine. Its nothing to do with the online safety act.
For the OSA (which I think is very badly drafted, and poorly enforced by OFCOM) so long as there is decent moderation (which there is), a way to report posts (there is) and the site doesn't persistently host actual abuse, then you're mostly fine.
It doesn't help that OFCOM are unwilling to change the scope of guidance to match the size and type of community.
Remember that GDPR is about storage and processing of personal information, not data created by a user. They are related by not 1:1 linked.
If the username is removed, and there is no reasonable way to link the user to the comment, then its not PII. I would hope that this is logical because its not personally identifiable. (caveats apply here like if you put your home address in every comment. However is it reasonable to expect a user to do that in a public forum? probably not. )
As you can request that your username is deleted here, and assuming they are deleted properly, then HN is reasonably following the user's request. Hence my assertion that HN is GDPR compliant enough to no worry.
HN has moderation, won't track you without telling you, and will delete your content if you ask. That's literally all it takes, it's really not that Orwellian
HN will restrict how fast you can comment without telling you (unless you figure it out and ask). There's no indicator that your account has this restriction besides being prevented from commenting, there's no indicator what the limit is, and the appeals process involves a subjective judgement by HN leadership
