HN Violates the GDPR

Citizens don&#x27;t have an absolute right to have all data erased on request.<p>The comments are still needed and being used for the purpose they were gathered for, so this fails the first point in your link<p>&gt; the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;<p>If there is identifying data in the comment you can email the mods and they will (I think) redact it for you.<p>Most usernames do not identify a natural person, so that means most accounts fall outside GDPR. If they do identify a natural person I think you could email the mods and they&#x27;d change the name. (Obviously I have nothing to do with HN so I can&#x27;t tell you what they will or won&#x27;t do).<p>tl;dr most accounts aren&#x27;t covered by GDPR and the mods will do stuff with the ones that are.

If you write to the moderators at hn@ycombinator.com they&#x27;ll answer and comply quickly.

IANAL<p>My armchair argument would be that when you sign up to post on a public forum, you should have every expectation that your posts will remain visible. Expecting otherwise would be rather like publishing a book before invoking GDPR to &#x27;un-publish&#x27; it and demanding to have all the sold copies destroyed several months after release simply because your name is on the cover.<p>The expectation of content remaining public is also explicitly stated in HN&#x27;s terms, along with a pretty broad-ranging agreement to allow them to use the content you upload. Thus arguably HN has a contractual right to continue publishing the content, as allowed for under art 6.1(b).<p>GDPR Article 6: &quot;Processing shall be legal if and only if to the extent that at least one of the following applies ... (b) processing is necessary for the performance of a contract to which the data subject is party ...&quot;

Are you saying you want EU users blocked from HN? Lots of sites have done that, but I think EU users find the blocks annoying.

I&#x27;m sure we could find a North Korean law HN doesn&#x27;t comply with, if we looked hard enough.

Last year&#x27;s discussion &quot;Ask HN: Does HN respect the GDPR?&quot; <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=16661323" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=16661323</a>

Why do you think Article 17 applies to Hacker News?<p>I don&#x27;t mean the GDPR, I mean having read the article, which of the grounds do you believe applies?<p>The only one that&#x27;s plausible is 1.b), and I&#x27;m not convinced that Hacker News is storing your data using Article 6 1(a).<p>The Right to Erasure applies to some pretty specific situations, mainly where the data is being held using consent only. I&#x27;m fairly sure that Hacker News stores your user content either under &quot;Legitimate interest&quot; or &quot;Contract&quot;.

Why would HN care about some EU directive? They also don&#x27;t have that obnoxious cookie warning.

I care about GDPR because my employer has a physical presence in multiple EU countries. However, a US based company with no physical presence wouldn&#x27;t really care. Wouldn&#x27;t it be nice if they had to.<p>There are a lot of things in GDPR that I agree with and anyone who follows it in spirit is going to get my business over someone who does not, and that is something all of us can do. But beyond that, I&#x27;d recommend that OP remember the classic saying &quot;You catch more flies with honey than you do with vinegar&quot; and maybe ask the moderators nicely to remove whatever past comments are irking him.

HN is a small scrappy upstart that has only invested in $80B of tech companies. It can&#x27;t possibly be expected to comply with the GDPR.<p>&lt;sarcasm&gt;