Posted by nicksergeant 1 day ago
It's powered by https://rapidapi.com/letscrape-6bRBa3QguO5/api/jsearch, which is a little pricey, so I'm trying to decide whether to put more effort into the project (I'd have to charge _something_ to offset the costs).
1. Download your entire LinkedIn data.
2. Give us your entire LinkedIn data.
The "larger" data they are asking for includes "... connections, verifications, contacts, account history, and information we infer about you based on your profile and activity ..."
You absolutely do not need to upload all of your data. Just a CSV in the format we need (which is now updated on the homepage as well).
> Download my data > Your LinkedIn data belongs to you, and you can download an archive any time or view the rich media you have uploaded.
What you choose to upload to JobsByReferral.com is entirely up to you - you don't need to upload the entire ZIP. You can upload the Connections.csv-formatted file after you review it. You could also obfuscate person names if you'd like, before uploading.
We also do nothing with your data. You can verify the app does not send your data to any backend endpoints _except_ for company name (so that we can find jobs at that company).
But I guess they won't come to you right away, if you get some traction than you bet they will (even if from legal point of view it's not a clear path for a win)
(The GDPR implications of this service are also significant. Being in the US does not exempt you from observing that if any of your records are from European users.)
The approach we've taken here is that you upload data that you're comfortable uploading. You don't have to upload your entire LinkedIn ZIP archive -- you can just upload the Connections.csv file (which you can review before you upload).
Now if they want to open up shop in the EU, or use a payment processor to charge money that has EU presence, things change.
That's not correct. If they handle EU people's data, they are responsible for it and can still be fined. Obviously this cannot be enforced if they never visit and have no assets in the EU.
That's just how laws, any law, works. The EU can "fine" all they want but it would be entirely symbolic.
That's like if US restaurants had to enforce EU food safety laws when on US soil because a EU citizen is eating there.
Fortunatelly, unlike US laws, GDPR, by virtue of being EU law, is actually readable by normal human beings, so its fairly straightforward:
https://gdpr.eu/article-3-requirements-of-handling-personal-...
As for jurisdiction in general: the US routinely jails people for activities that took place outside the US, as soon as they set foot on US soil - occasionally even when they don't even do that (Kim Dotcom). European convictions for civil matters will not result in an arrest warrant, but can result in financial penalties and confiscations applied to anything that has to go through Europe in one way or the other.
The limits of enforcement, in the internet era, are becoming mostly practical rather than theoretical. Which is interesting and poses a number of new, unanswered questions. Simply speaking, one cannot just wave away any law simply because they don't live in this or that place anymore.
Very very little tie is required (eg: just having one employee in the EU in a 50,000 people org would do it right there), but the law has been fairly consistently interpreted as such.
I get where you're coming from, but this isn't a if or but or theoretical. Its just how GDPR gets applied. I probably confused things by trying to introduce poor analogies, when the law itself is fairly clearly interpreted a specific way.