Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is probably illegal in Europe. They have 72h to notify their users after noticing a breach according to GDPR's article 33: https://gdpr-info.eu/art-33-gdpr/

Edit: My bad, only notify the authorities.



Except they're not claiming 'breach' they're claiming 'scraping'. Not sure semantic acrobatics is going to fly with the regulator however.


They claim “scraping” in contexts where it benefits them to use that term (requirement to notify users) and “exploited vulnerability” when it benefits them in other contexts (answering to why private personal info was found online). Sometimes they even claim both in the same sentence:

> A Facebook spokesperson told Insider that the data had been scraped because of a vulnerability that the company patched in 2019

They absolutely can’t have this both ways.


> Notification of a personal data breach to the supervisory authority.

Not users. FB had probably done that already.


Notification to users is required by article 34, not 33: https://gdpr-info.eu/art-34-gdpr/

There is no 72h requirement, but "the controller shall communicate the personal data breach to the data subject without undue delay"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: