Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Why would any random service request, process or more importantly store these?

So they can identify users for purposes of complying with GDPR? (For example, to handle the data requests highlighted in this post.)



The GDPR recitals do not recommend gathering additional data solely to be able to fulfill these requests.

See https://gdpr-info.eu/recitals/no-64/ and https://gdpr-info.eu/recitals/no-57/ - the key part is "A controller should not retain personal data for the sole purpose of being able to react to potential requests."


> The GDPR recitals do not recommend gathering additional data solely to be able to fulfill these requests

One, these are non-binding recitals.

Two, the conflict between (a) data-furnishing requirements and (b) advice against retaining data that would validate the requestor is exactly the point of this post.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: