this post was submitted on 18 Jul 2024
90 points (93.3% liked)
Open Source
31359 readers
92 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How do you feel about privacy/GDPR in relation to federated services like this? Seems a bit of a minefield and probably most all of those services are not technically legal.
Why exactly would it not be ok with the gdpr? I can't think of anything right now. Having a few diverse isn't really a new idea, it's basically the www all over again and mastodon and lemmy &Co exist already.
Or are you referring to registering CI workers? That might be a bit of a problem, yeah, as you're basically giving the git hoster remote code execution (on a docker container). Not really a problem if you host your own of course.
For one there's no incentive for individuals running an instance to care about compliance in the first place, regardless of the actual issues at play. One obvious issue that comes to mind is the right to be forgotten. FOSS software can be easily modified and if servers don't comply with such requests properly then your rights are being violated and good luck doing anything useful about it.
It does. It applies to any service that has a single EU user. And that doesn’t mean someone in the EU. It means an EU citizen, even if they are living abroad.
Anyone who ever hopes to actually move or operate in the EU will be forced to comply. So an instance owner in the fediverse might operate their instance out of the US. Then the US enacts some law to force handing over user data. The server owner wants to move (themselves or the server) to the EU. Well, they’re now fucked.
Or if an instance owner wants to sell something on the site, guess you’re not selling to 50% of your users.
@tyler @AustralianSimon
GDPR applies only to people (even non-EU citizens) who "live" on the territory of EU. EU citizens who leave, don't have the GDPR protection anymore. There was an affair last year when google started notifying people about transferring their account data to non-EU datacenters after it detected them connecting from a foreign IP when they went for a holiday to Thailand for a month. So clearly you have some misunderstandings of GDPR. Also GDPR prevents selling stuff??
That is incorrect. I implemented GDPR for a finance company whose lawyers are contracted to companies like Google to fix their legal mistakes so I trust the lawyers at that company far more than I trust Google’s. That affair you’re describing could easily be taken to court as they are failing to uphold gdpr.
And you can easily go look up the law yourself. https://www.compliancejunction.com/gdpr-frequently-asked-questions/
@tyler Well, they are doing it: https://piunikaweb.com/2021/04/24/google-emails-about-change-of-country-of-association-issue-escalated/ When I followed the steps and wanted to set my country back to Europe, they responded "After reviewing your account, we think your current country association is accurate and we didn't change anything." (keeping the wrong one, non-EU country). Note Google LLC is in USA, Google Ireland Limited is in EU https://policies.google.com/faq#associated-country
contact your local Data Protection Authority. https://commission.europa.eu/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en
I'm gonna go ahead and say that the lawyers I implemented it for understand it a lot better than you (and yes even Google's lawyers).
it does if you ever will operate there though. Many many companies eventually need to do business in the EU. So not following GDPR is just asking to never be allowed to operate there ever. Fine for local newspapers, not fine for a finance company that eventually needs to do business across national boundaries.
Most people aren’t companies. I’m guessing you’ve never run a company. You want to keep options open, for so many reasons.