My 27 year old sister got CAR-T for leukemia earlier this year after a failed stem cell transplant. She's in remission. It's incredible, literally curing cancer.
If you don't mind me asking, how was her pain for the 30-days after period? Another poster said they were extremely lucky to only have suffered a few fevers but some people were in a coma.
We (Aptible) are distributed-first. Many of our team members really appreciate the flexibility the remote culture brings and use it to spend more time with their families.
Totally OT, but I'm see a lot of companies use lever.co for job applications. When you look at one of their application forms, there's nothing about privacy or what they will do with applicants data. Granted, many applicants' will not provide information beyond what they have posted publicly on sites like Linkedin, but it's a bit disconcerting not to see any explanation of what they will and won't do with applicants' data. I skimmed their privacy and TOS pages but they seemed to be focused on their direct customers.
The problem being described is that becoming a clinical psychologist often requires doing social psychology research to get a graduate degree.
There are Doctor of Psychology (PsyD rather than PhD) programs that focus on clinical psychology training rather than doing research, but the majority of clinical psychologists still do a traditional research-oriented graduate program and there are far more schools offering them.
Premise:
> In North America (perhaps elsewhere) you are required to have at least a Master's degree to practise Psychology and you should have a doctorate if you want any mobility with your practise.
Conclusion:
> This leads people who have no interest in academia having to find a way to convince people they've discovered something new and novel so that they can go apply what has already been discovered.
I'm not rejecting the premise, I'm saying the conclusion is not supported by this article. None of the figures mentioned in the article (Daryl Bem, John Bargh, Susan Fiske, Brian Wansink, Amy Cuddy, Simine Vazire, etc) are clinical psychologists. None of the research described in the article is clinical psychology, or even appears to have been performed for clinical psychology.
Maybe clinical psychology has a replication crisis, I don't know, but there is no evidence here for the idea that clinical psychology degree candidates are causing the replication crisis in social psychology.
Er... is that meant to be funny? That website is asking for my email without saying what it's used for :) Also, I can't refuse to provide it and still get access to the functionality.
Literally the only thing the landing page says is the purpose and what your email is used for: "Join the Slack workspace Aptible Gridiron GDPR Slack", and "Verify your email"
The answer is "probably not" because HN is neither established in the EU nor do they target the EU specifically. Maybe there are facts I don't know, but YC itself is also probably out of scope (read more here: https://gdpr-info.eu/art-3-gdpr/)
I'm also CEO of Aptible. We make a SaaS platform (Gridiron) that a bunch of YC companies are using for GDPR prep.
It seems that it didn’t have to be targeting specifically.... given what I’ve read I still think that insofar as they’re investing in European companies and have European LPs, then they’d be exposed.
It really depend on your reasons for retaining the backups in the first place.
GDPR forces you to be able to articulate why you collect or process regulated personal data.
If you provide a service that collects or processes data for fair and transparent purposes, you'll be ok.
Under Article 17, the right of erasure, you're only obligated to delete upon request of the data subject, and only in certain circumstances, the most common being:
- If the data are no longer necessary for the purposes for which they were collected
- If the legal basis for the processing was based solely on consent and no other legal basis exists
- If the processing was based on the balancing test of your "legitimate interests" outweighing the data subject's interests or fundamental rights and freedoms (such as for security or availability), the data subject objects, and your interests don't override theirs
- If you are processing for direct marketing and the data subjects at all
If you're a SaaS provider and they are necessary to meet your availability commitments to your customers, and you can document that necessity, then you're probably going to be able to retain them even if the data subject objects. Data subjects rights are not absolute.
If you're retaining the data for marketing, or based on consent alone, you're going to have to delete them or have a very good excuse for not doing so. If you don't have a great reason, you should probably delete them anyways, or better yet avoid collecting the data in the first place ('data minimization,' Article 5(1)(c)).
Not in your personal capacity, no. As mentioned in the other comments to this parent, HIPAA only applies to "covered entities" like doctors that take insurance and insurance companies, and their "business associates" that process PHI on their behalf.
HN probably doesn't fall within the material scope of GDPR, unless they perform business activity that falls within the scope of EU law that I'm not aware of.
That would be different if they marketed/promoted/sold in the EU, offered European language or currency support, or somehow otherwise took action to position themselves for the EU.
As a thought experiment, if HN was regulated by GDPR:
1. Yes, all kinds of user generated content can contain GDPR Art. 9's special categories of personal data. HN would probably rely on the exemption in Art. 9(2)(e), which permits processing "personal data which are manifestly made public by the data subject." The purpose of HN is to let you share your own data on the Internet, that's the entire point. That's fine under GDPR.
2. HN would still need a lawful basis for processing under Art. 6. For a paid service, a Terms of Service would normally be fine. I don't think HN has or wants one of those, and they don't track users at all before registration, so they could collect an explicit consent from users on registration. If they did track prior, a cookie popup could collect the consent. Also, under Art. 8, the default minimum age of consent is 16, so we'd want to consider age confirmation too.
3. Archiving posts on the Internet forever is not a problem, if that's the intended use of the site, which it is. My guess is that deleting a user and their posts is feasible at the application/database layer. The problem would be deleting personal data from backups of the site if the user withdraws their consent and requests Art. 17 erasure. In that case, only retaining the backups as long as necessary and documenting that justification internally is probably sufficient.
4. Article 22 restricts "automated processing, including profiling, which produces legal effects concerning [the data subject] or similarly significantly affects" the data subject. Ranking, voting, and anti-spam probably don't qualify as weighty enough subjects to be restricted. Recital 71 ("Profiling" https://gdpr-info.eu/recitals/no-71/) sheds some light on what the EU is trying to prevent.
5. They'd have to get a data protection agreement or other Art. 46 agreement with hosting vendors. Cloudflare is on top of this: https://www.cloudflare.com/gdpr/introduction/ Not sure what other subprocessors are involved.
6. Being able to see most of your own data on HN means you have Art. 15 access, which is nice. I think they'd have to also give you any hidden metadata as well. Not sure what that might be (vote weight score?).
6. There's a bunch of other stuff they'd probably do, like appoint a data protection officer, publish a privacy policy, add the ability to delete your account, etc.
