top | item 37509805

(no title)

GlickWick | 2 years ago

You disagree with what exactly?

In the case of being a small business, it’s not even about being shady. Imagine you were building a simple step tracking database for a pedometer app. All it does is store a user id and some daily steps. You have zero intent to market or share it in any way, no ad personalization, no third parties, etc. Before GDPR you’d just spin this up and be fine. Now you need to deal with data consent policies, data deletion tools, potential exfiltration policies if your DB isn’t in the EU, etc. Enjoy the engineering and legal costs there.

Mega corp can just ignore most of this and pay later. It’s a massive difference.

discuss

dylan604|2 years ago

there's no need to transmit the collected data away from the device. boom! nobody is storing data. it's all local to the device. that's an easy decision to make. you don't even need to collect an ID of any type. this app on this device counted steps. nobody outside of the app on that device needs to know.

transmitting that information to the company servers is a decision that can easily be not made to do, and when it is, you're already at risk. so, why do it?

GlickWick|2 years ago

There's far too many use cases where you need persistent data stores that are not on the device. Feels like deliberate ignorance here.