top | item 29605987

(no title)

m-s | 4 years ago

Without getting into the question of whether this study involved human subject research, I find a lot of the anxiety and paranoia unwarranted.

Companies to which these laws apply should already have a process in place to deal with subject access requests. Complying with relevant laws is just part of doing business.

All the other site owners could have figured out with a bit of googling that the laws don't apply to them—there is plenty of guidance available.

I can only speak for the GDPR here, but had the requests been real and valid, the worst outcome would have been a regulator telling you to comply with it. Data protection authorities are more interested in helping companies get into compliance than punishing small businesses for minor infractions. If you look at past decisions, it usually takes serious and/or systematic violations to get fined.

discuss

tjalfi|4 years ago

> I can only speak for the GDPR here, but had the requests been real and valid, the worst outcome would have been a regulator telling you to comply with it. Data protection authorities are more interested in helping companies get into compliance than punishing small businesses for minor infractions. If you look at past decisions, it usually takes serious and/or systematic violations to get fined.

The US legal system is quite different; litigants are responsible for their own legal fees[0] and frivolous lawsuits[1] are common.

[0] https://en.wikipedia.org/wiki/American_rule_(attorney's_fees)

[1] https://www.azag.gov/press-release/serial-litigant-permanent...