top | item 44891594

(no title)

legohead | 6 months ago

We didn't set out to hide our GDPR requests, we put them behind our Support/Legal button. But we got sued anyway, and we lost.

Now we have to have the "delete my data" and "request my data" as part of our main settings list. Result: flooded with requests. People are clicking the buttons just because they are there. For me it's not a big deal, I automate all the requests. But, I still feel like this went too far.

discuss

inetknght|6 months ago

> People are clicking the buttons just because they are there.

I think this isn't a very charitable opinion of why people click buttons.

> But, I still feel like this went too far.

Why?

unknown|6 months ago

[deleted]

user_7832|6 months ago

Yeah, as long as there's eg a confirmation to prevent misclicks "Are you sure you want to delete", I don't really see what's the problem.

Slow_Hand|6 months ago

I don’t know what business you work for, but what makes you sure users aren’t clicking the buttons because it’s what they want AND it’s convenient?

jFriedensreich|6 months ago

Its our human right to have realtime machine readable data copies of everything we do, its no companies business to question or interfere. Unless it crashes your servers because trolls are trying to DOS, it is really hard to not be angry at a statement as "this is going too far".

matheusmoreira|6 months ago

> People are clicking the buttons just because they are there.

The reasons why they click the buttons are utterly irrelevant to anyone except them.

Let them click the buttons. It's their right.

> But, I still feel like this went too far.

Not far enough. I think data should be a massive liability. It should actively cost you lots of money to know any fact at all about any person anywhere on the planet.

In other words, in an ideal world you would be scrambling to press that button on their behalf the second your business with them was concluded. "Can we please forget everything we know about you please?" and only their explicit affirmative consent would allow you to not delete their data.

mnw21cam|6 months ago

At the moment, holding data about someone is not a significant recurrent cost, but it is a liability in the form of a risk that could get you in serious trouble if you get something wrong. However, that particular business risk doesn't tend to be recognised by many many organisations. It should be.

unknown|6 months ago

[deleted]

const_cast|6 months ago

Users have basic bare bones functionality that all applications should support is "too far"?

If the user can create and account, they should be able to delete one. One is not harder or further than the other.

We just don't view it that way because we're all parasites who feed off the current status quo.

Dylan16807|6 months ago

> Users have basic bare bones functionality that all applications should support is "too far"?

They were objecting to the idea that putting it behind the "support" button is a violation. If true, that's excessive in terms of mandating accessibility.

dns_snek|6 months ago

Can we get the full story? I don't believe that's what happened because GDPR does not prescribe any specific avenue of requesting data. You're not required to have a button on your website at all, it's completely valid to accept and respond to requests by mail, but it's obviously much cheaper to offer automated data export.