On Hacker News, the issue is that frontpage space is the scarcest resource that HN has (only 30 slots at a time). Since the site exists for intellectual curiosity, and curiosity withers under repetition, it's important not to have those slots taken up by stories that have had a significant recent discussion. (For example, the OP had a major thread yesterday.)
Reposts are allowed in the other cases. That is, if a story hasn't had significant attention yet, we don't treat a repost as a dupe. Similarly, if it has had a significant discussion but not recently, it's ok to resubmit it. That's because once enough time has gone by, the topic can gratify curiosity again. The cutoff is a year or so. This is in the FAQ: https://news.ycombinator.com/newsfaq.html.
The optics of this might look bad, but I cannot really fault Google for this move (and I frequently fault Google).
They're facing a dilemma of regulatory uncertainty, and this move resolves this dilemma for them (at least, they seem to believe that).
Anyone who has ever dealt with powerful regulatory agencies will probably agree that this resolution is the right move for the company, a move important enough that eating some bad PR is probably totally worth it.
(The point about powerful regulatory agencies is not that it's hard to stay compliant; it's that the costs, overhead, bureaucracy etc. of demonstrating this compliance is immense, even if you are doing everything 100% right.)
Pro-Brexiteers have often cited stronger bilateral ties, such as those with the US, as an advantage of Brexit. And of course, post-Brexit, Britain will be ever more reliant on the willingness of countries such as the US to cut deals with them. As an independent negotiator in these new deals, Britain will have less power to push back over silly things like data privacy; and as a member of Five Eyes anyway, they're all too happy to have the US do their spying on their behalf, just like the US likes Britain spying on US citizens to the US Government's benefit.
The recent Huawei 5G drama does seem to go against the grain of this. After all, if the UK had less power to push back, then clearly nobody has told them.
Although if you look at the actual text on the UKUSA agreement document HW 80/2 [1], rather than the short synopsis from Wikipedia, it says very clearly that the UKUSA agreement covers only sharing of "foreign communications" where footnote 3 on page explicitly excludes communications of both the UK and the USA.
Optic Nerve was one of these things. Basically, GCHQ or NSA hacked Yahoo!, GCHQ used that to collect stills for every single webcam feed on the platform (this! was! back! when! Yahoo! was! still! relevant!), including a lot of intimate photos, so on. Lots of fun stuff there!
But that's a modern example. There are some pretty interesting ones. Here's a fun list of some celebrities that were the targets of a Five Eyes country and were spied on by multiple agencies as a result:
It's not good for the users. Having less control over your privacy and your data is extremely unlikely to be better for the users. Probably less control and regulation is going to be better for Google.
Actually it does play a factor, GDPR had it so the data on EU citizens had to be located within the EU. Now they have alternative options for the UK - then that aspect does as I initially outlined becomes key.
Hence the question of actual costs to Google in hosting in say Ireland (staffing, taxes, rates, utility costs, cooling....) compared with another location outside the EU that may very well have cheaper running costs due to many factors.
I hope that clears up why location is a factor now as it related to running costs and if they can save some money, well, they will.
More so if they suddenly free up capacity in a datacenter which has higher costs than some other locations outside the EU. All these details do very much, however small, stack up at the scale of users Google operates with and for the UK, several million is a large chunk of potential savings.
It is real. I just got an email about this from Google about my gmail account:
- Your service provider and data controller is now Google LLC: Because the UK
is leaving the EU, we’ve updated our Terms so that a United States-based
company, Google LLC, is now your service provider instead of Google Ireland
Limited. Google LLC will also become the data controller responsible for your
information and complying with applicable privacy laws. We’re making similar
changes to the Terms of Service for YouTube, YouTube Paid Services and Google
Play. These changes to our Terms and privacy policy don’t affect your privacy
settings or the way that we treat your information (see the privacy policy [link redacted]
for details). As a reminder, you can always visit your Google Account
< https://myaccount.google.com > to review your privacy settings and manage how
your data is used.
It seems very early to be making changes like this.
Google must really benefit somehow from the change, otherwise they could leave it until much later in the year, and see what (if any) changes Parliament makes to privacy and data protection law in the UK.
In what way is it early? UK left the European Union late last year. Since then there only is a temporary agreement in place, with a deadline later this year. Given the seemingly strength of the Prime Minister (see recent cabinet reshuffling) and his unwillingness to extend companies doing business in Britain have to prepare.
It's a bit of a red-herring because the only thing that changed on Febuary 1st was that we're no longer having representation in the EU parliament, until the end of the year we're still following all the same laws and regulations.
And that assumes that the transition period is not extended. (Which it doesn't seem likely to be, frankly).
That certainly has been how I've seen it play out. Which makes sense as easier to have one rule to fit all and if that rule is based upon the worst case of every countries data laws then you are somewhat more future proofed. After all, not many countries do laws than are demanding their citizens have less privacy - at least in the public sector remit of laws.
Pardon my cynicism if I think it's likely Apple and Netflix.
And they probably do that for everyone only because it doesn't eat into the main profit generators in their business models. Not many marketers paying Netflix to advertise their new natural soap line to targeted prospects I'd imagine.
I agree about the buzzword part, but the parent did specify two FAANGs. I'd think it would be interesting to hear which two since it's obviously not Google (as the article hints that they want to move data out of the EU).
Also, the FAANG expression didn't start around scale, if that was the case netflix wouldn't have been included as early as the expression was coined. The expression was about developer compensation. That seems to have changed recently(-ish) though and now the expression is more like "unicorn" instead of just the specific companies that make up the acronym.
Britain already adopted GDPR-based data protection law. If anything, Brexit will tighten the situation by requiring the data of British to stay in Britain.
That certainly is an outcome. Equally does add more credence to the Google move as if the data was in the EU, then the potential to kick up a fuss and roll out laws to insist it is in the UK would play out faster than say that data in the USA.
Equally - I'd say costs may well play out more and what is the cost to host in Ireland compared to hosting in the USA?
Even when we are talking pennies/cents in difference - at the scale of Google - that soon adds up and if they can, they will.
Goals. I like our role models. I would have never independently perceived most of these opportunities and possibilities. Thank you Google and other multinationals, and the media for dissecting their expensive legal strategies.
I would imagine N.Irish users might end up being covered by GDPR -- British law also N.Irish people to declare themselves Irish under the GFA. N.Ireland could well end up with a special status post-Brexit where it's both in and out of the EU and in and out of the UK.
Given European data protection is much stronger than either British or American DP it would make sense to group N.Irish people this way rather than trying to deal with the exceptions.
> British law also N.Irish people to declare themselves Irish under the GFA
This by itself doesn't mean anything for GDPR—GDPR applies to EU residents (whether or not they are EU citizens), not EU citizens. Declaring yourself Irish doesn't make you fall under GDPR protection if you live outside the EU.
In fact, it's not even legal residency that matters. You must simply be present in the territory that the regulations apply to (EU+EEA). If you're not, then the protections don't apply to you, regardless of your citizenship.
GDPR applies to EU citizens globally. It's just not enforced globally. The company will have to be large enough to have a presense (or future presense) in the EU for there to be an tangible impact.
>Declaring yourself Irish doesn't make you fall under GDPR protection if you live outside the EU.
They are very clear - the GDPR protections apply to those that are "in the Union", and the guidelines clarify that citizenship (and, in fact, legal residency) are irrelevant. One must simply be present in the territory that the regulation applies to (which is EU+EEA). Being a citizen of a EU country and being outside the union, the GDPR protections would not apply to you. Being a citizen of a third country and being inside the union, they would.
There's a big difference whether the company is in EU or not.
If your company is in EU, then according to Article 3.1 the GDPR applies to all your procesing of personal data, period - with no exceptions depending on citizenship. So if you're a DPO in a EU company, then that's what's true for you, you definitely have to apply GDPR protections to EU citizens (and also noncitizens) wherever they are.
If your company is not in EU, then according to Article 3.2. the GDPR applies only to people located in the EU - "This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union"; no qualification on citizenship, but a qualification based on location.
American tax laws (like the FACTA) do apply to Americans in Europe, for example. A sovereign entity has jurisdiction over anything it wants. The question is whether it can enforce it, but there are many tools for that, from simple treaties to sanctions to full-blown military invasions.
In any case, parent is in fact incorrect since the GDPR claims no such jurisdiction. It only applies to people in the EU, or to people whose personal data is processed by EU companies.
I agree, like the California effect in the US. California is both the strictest and biggest car market and all the car manufactuers use California as the standard because it covers everyone else.
Because unless the UK and the EU reach a trade agreement by the end of the year, the provisions of the Withdrawal Agreement kick in and Northern Ireland becomes bound to EU regulation.
This is a long and complicated story, but essentially Brexit created the following problem: the UK now desires to have full control over its borders, and this means a hard border between the UK and the EU. But then there is also the Good Friday Agreement (GFA), which achieved peace between the unionists (Protestants who want NI to be part of the UK) and the nationalists (Catholics who want NI to be part of Ireland). Simplistically, the GFA guarantees a sort of double affiliation of NI, both to the UK and to Ireland. This means, among other things, no physical borders.
Not sure why you are being down voted for this - we ratified GDPR under UK law, the UK Data Protection act of 2018 - until that law is repealed GPDR still applies under my understanding.
They might be simply preparing for that eventuality, and when the law changes they can quickly react. Apparently in the e-mail that the users got, they are claiming that nothing privacy wise will change, and that might indeed be true for now.
I think that also breaking the law might be easier. EU might not bother anymore penalizing them for a member that's already leaving, and UK alone will have very little force imposing penalties on an US corporation.
The UK is planning to leave the EU, so Google is planning to treat UK accounts as not part of the EU. I don't see what is difficult to understand about this.
The UK is following EU rules and regulations at least until the end of the year. After that point, it can pick and choose, based on negotiations for trade agreements or whatever other reason pleases it.
