Arc Forumnew | comments | leaders | submitlogin
Arc forum GDPR compliance
1 point by hjek 431 days ago | 8 comments
The Arc forum is clearly not GDPR compliant as all personal data is transferred unencrypted. This includes passwords, and practically makes this forum a live ongoing data breach, which is a little bit embarrassing but now also illegal.

Who would be the data protection officer to contact regarding this? PG?

3 points by i4cu 407 days ago | link

After responding in this thread I ventured a little further into what GDPR would look like within the apps I am building and OMG the ability to comply could be horrendously challenging.

For example, some of my apps use Datomic, which contains both an append only log file for data storage as well as bulk storage data facilities provided by 3rd party db systems. And that doesn't even take into consideration indexes. So deleting user data would be a non-trivial exercise.

Simply put: modern day data system architectures have grown in complexity to the degree that you simply just can not push a button and remove user data anymore.

Here's some further discussion if anyone is interested.

P.S. I realize I'm kinda hijacking this thread, and this has nothing to do with Arc anymore, but thought that hjek might be interested (or maybe not lol).


2 points by i4cu 418 days ago | link

No one is breaking these laws as the rest of the world is not subject to EU law. Unless you can show the US has adopted the law as a member state then you shouldn't go around stating such things.


1 point by hjek 413 days ago | link

To me, it currently reads more like the GDPR applies when you operate to users in EU,

> The GDPR is applicable to the US entities to the extent such entities process personal data in order to provide a service or a good within the EU territories.

> It doesn't matter if you operate or are established in the EU. If you have EU visitors/users they gain the protections of the GDPR and you have to comply.


3 points by i4cu 412 days ago | link

Well practically speaking it only applies if there is something the EU can do about it and if you're doing business in the EU they certainly can do something. Even FB, for example, needs to conform otherwise all that ad revenue from EU companies can vanish if the EU governing bodies sees fit to do so.

But the most the EU could do about the Arc forum would be to block EU users from accessing the site (which would be a political nightmare for them in censorship terms). And, in reality, this site doesn't hold any real data worth worrying about and I somehow doubt PG is sitting around worried about what the EU thinks (regarding this site).

None of this has anything to do with what I think of the laws they are creating. Frankly from the little that I've read I kinda like what I see, but still the world doesn't abide by whatever the EU says, as a parallel example... just look at how much trump cares about nafta right now and that's an agreement they signed. (I'm Canadian btw).


2 points by jsgrahamus 430 days ago | link

I have gotten passwords reset (not sure if it was arc or HN-related) from this e-mail:

Perhaps they could help with this issue, too.



3 points by jsgrahamus 430 days ago | link

You might also try


1 point by hjek 428 days ago | link

That address doesn't work:

    Final-Recipient: rfc822;
    Original-Recipient: rfc822;
    Action: failed
    Status: 5.4.6
    Diagnostic-Code: X-Postfix; mail for loops back to myself


2 points by hjek 430 days ago | link

I'll give that one a try. Thanks.