I see a lot of discussion around GDPR being onerous to implement, but after diving deeper I think it is good, common-sense regulation. Prevents a lot of dark UX patterns (bad privacy defaults, no way to delete account, etc.).
The biggest issue is the transitiveness. If someone asks us to delete their data, we need to delete it from external services. It's also hard to figure out whether we're required to purge IP address-correlated info from services, and I don't even know if that's possible for us.
-
-
I feel frustrated that the big companies seem to be taking an attitude of "wink wink we can probably evade this with enough tricks" while I'm sitting here paying expensive lawyers to figure out what the rules even are.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.