this post was submitted on 19 Jun 2023
227 points (100.0% liked)

Technology

37724 readers
558 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

I feel like outside the federated system, meta would rely on geographic metadata (eg IP address) to identify if a user was within the scope of the GDPR or not. But they aren't going to have access to any of this information, when they receive the data from another server in the fediverse. There will be zero way for them to identify if a user from any server in the fediverse would be applicable to the GDPR or not, because any user from any country can basically sign up anywhere. It will be difficult for them to argue against that - since it's highly publicised that when Mastodon was struggling under the strain of the massive influx of new users - that people were being advised to find an instance that aligned to their interests rather than just their geographical location. Indeed I am on a Scottish server - where I arrived in 2019, but I have recently started another account on a US server ( allthingstech.social) so I would indeed be a user protected by GDPR on a US server. Because Meta have no way of knowing where a user comes from, the only thing they can definitely legally do - is process data from their own known users - but they are crossing into dangerous territory the second they start trying to process data from users outside their own instance. In my opinion anyway.

And no I don't mind debating at all. There needs to be a lot more debate, and a lot less death threats and screaming matches online - in order for us to start resolving anything.

Edit:
The GDPR applies to data on people. So in your example - it doesn't matter how Meta got the data, the point is that they have data on citizens that are protected by the GDPR, the fact that the data arrived indirectly via a US server, doesn't remove the protection afforded to the EU citizen