Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.
Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.
The GDPR is a directive implemented by 27 countries, so I guess you could call it “international law”?
With treaties such as the
Safe Harbour Privacy PrinciplesEU–US Privacy ShieldEU–US Data Privacy Framework, GDPR restrictions may also start affecting American busineses, so the “international law” monniker would actually make sense.It’s not really as simple as that. Businesses in countries outside the EU have to follow the gdpr rules if they have or want customers from the EU because the EU can hit them financially in their EU operations.
Normal people offering a free service that are not based in the EU probably cannot be pursued at all. I doubt the EU considered people that might not be some business wanting to profit from EU citizens.
India? China? Japan? Vanuatu? …
Know what? I think I’ll just link instead of list because I can’t be arsed to type out all the names.
So it’s “international” as a technicality, but the context he was using it in implied he meant “universal”. And it barely qualifies even as international against the sheer weight of non-EU, non-US states.
In theory an EU institution could fine a non-EU company, the same way the Chinese government can fine a European company. It’d be tough to do business with outstanding legal action.
There’s another way to take the “international law” definition: many countries (China, Russia, the EEA, probably more) have laws defining where user information is stored. A Russian company can’t just store their user data in an American data centre. Most countries do have some kind of privacy law, and I’m sure ActivityPub violates more than just the GDPR.
It’d be silly to think you could enforce the GDPR against some guy running a server from his basement in Brazil, but for the larger instances, which take donations, things can become more problematic. Servers run by the Lemmy devs could be operating safely from the communist depths of Cuba, but if they get fined, I doubt those EU sponsor funds would keep flowing towards Lemmy development.
Also interesting to note: a LOT of big Fediverse instances operate from Europe. Mastodon.social, Lemmy.world, Lemmy.ml, Kbin.org, just to name a few. Based on the map on Fediverse.observer, most of the world’s Fediverse servers are either in Europe or in the USA (with twice as many in Europe as in the USA). When it comes to server count, Fediverse law may as well be about EU-USA relations, maybe with Japan as a third large host.
I have a ridiculous judgement against me in Germany. (Complicated shenanigans around an inheritance where the authorities’ legal representatives did shady shit specifically to unload an estate that would have cost them.) Technically I owe the city of Frankfurt something like 50,000€ in fines.
I’m comfortable with this.
Why?
Because good fucking luck enforcing a European fine on a Canadian citizen resident in China. Even if they catch me out when I visit Germany (which I have done a couple of times without incident since the judgement was levied against me), watch the judge make grumpy-faces at attorneys who sent legal documents in German to a Canadian in China whose repeated requests for translated versions was denied. Their case will vanish in a puff of legal sanctions and I’ll make fucking sure on top of it that it becomes a press circus.
EU types are almost as bad as American types for thinking their laws are extraterritorial. I love rubbing the fact that they aren’t in their faces.
Good for you!