Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Would someone with access mind saving us a click due to reg/pay wall?


Sure, five companies you can reach out to and ask for your consumer trustworthiness records

- privacy@sift.com

- returnactivityreport@theretailequation.com.

- privacy@riskified.com.

- privacy@kustomer.com.

- https://zetaglobal.com/ is a form.


How do they verify you or how does it work in America? You don't have national ID card to do identification online.


> There are many companies in the business of scoring consumers. The challenge is to identify them. Once you do, the instructions on getting your data will probably be buried in their privacy policies. Ctrl-F “request” is a good way to find it. Most of these companies will also require you to send a photo of your driver’s license to verify your identity. Here are five that say they’ll share the data they have on you.


1. List your new consumer scoring company and an address for requesting your personal records.

2. Collect personal data supplied as verification for personal record requests.

3. Send personal record requests to other companies holding actual consumer data.

4. You are now in business, ready to sell consumer data!


Not a great business plan as yet - "Zeta Global [...] told me that 10 people have requested their data so far" - but maybe you can be a first mover here.


That number might not move if Zeta's form never sends the confirmation email, which, thus far, seems to be the case.


Billing address for credit cards, email address for online accounts, use of rewards programs that have rewards accounts tied to the buyers, and phone numbers which are tied to a single person most times nowadays.


Thank you for the summary.

On another note, those are some shady-sounding business names! privacy@kustomer.com indeed..


> On another note, those are some shady-sounding business names! privacy@kustomer.com indeed..

Trademark law probably deserves some blame here; it's harder to trademark a word than a non-word.


So can Europeans send a GDRP right-to-be-forgotten request to all of these?


That's two different things. And it's GDPR.

https://en.wikipedia.org/wiki/Right_to_be_forgotten

https://en.wikipedia.org/wiki/General_Data_Protection_Regula...

But the GDPR does have the 'right to erasure' which replaces the 'right to be forgotten'.


I don't believe the right to be forgotten here is at all relevant. It only covers the indexing of data. For example if I commit a crime a media organisation will write a story about it, google will index it, after a number of years I have the right to ask google to unlink those stories, however I don't believe it covers removal of the original story.

Certainly it's hard to believe some of this would be completely compatible with the GDPR. Perhaps you could make the argument that there is a legitimate business need to prevent fraud but from what's included in the article the data goes far beyond what anyone would consider minimal.


don't take my word for it, but I believe that you can only if they have opened a subsidiary in EU. The fine is percent of global sales (not profit).


> don't take my word for it

We definitely should not. You are wrong. In that case you are supposed to have to appoint a local representative, see Article 27.


I believe that statement is incorrect :-)


As far as I understand it, if they are processing EU citizens' data then they are liable for GDPR regardless of where they run their business from.

https://www.techrepublic.com/article/the-eu-general-data-pro...


Then I'm curious how do they enforce it. Maybe with US there are some treaties signed, but what about a foreign country that has no treaties with the EU?


To date, the answer to that question appears to be: Sternly worded letters, which will be promptly ignored.

There's no actual enforcement mechanisms against an entity that does not exist in the EU and has no financial exposure to it. That includes with the US, as far as I can tell.


Go for the payment processors - seize any funds destined for the target company, for example.


It's basically a credit score type of deal that companies use to assess your trustworthiness. Due to some new Californian law, companies that aggregate these scores now have to give you the data on you that they have when you ask them for it.


That law is CCPA, but it isn't in effect until Jan 1.


https://archive.is/Xtb7c


PS: https://github.com/iamadamdev/bypass-paywalls-firefox


[flagged]


Journalism is valuable, and it is a publication's decision to decide on how to pay for that journalistic work.

I'm not ok with copying and pasting paywalled news articles verbatim on HN.


Well I am. If you need to paywall your content, paywall it properly, don't just slap a semi-opaque div over the top of it and beg for my email address.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: