The article doesn’t go into detail, but looks like US and UK will get the same version… one that can’t be “safely” deployed in the EU (without risking huge fines again).
So I’m guessing we’re getting a version that makes - or at least tries to make them look like they’re compliant with their “privacy efforts”. Assuming they need EU-only datacenters and infra etc.
I guess we’re getting it “later”.
This is good, but I wonder how they’re going to handle ActivityPub federation in the meanwhile? Defed all EU instances?
But I am a citizen that is covered by the GDPR in the UK. I have an account on allthingstech.social which a US server, so they would be breaching GDPR by ingesting my data. They can’t know where any user comes from just by the server that user is attached to - which is going to a lovely fun headache for them to deal with 😂
so they would be breaching GDPR by ingesting my data
If they were processing your data without consent, yes, but I think in this case you’ve given them your consent (I hope) and they’re allowed to process whatever data they need for their service (but not more than that). The question is what they do with my data (the federated copy, which now lives on their servers, since I’m talking to you), since I’ve not given them my consent, and I’m EU citizen.
It’s murky waters and I’m (thankfully!) not an layer or Data Protection Officer, so I’ve no idea how that works legally. But I think the fediverse and ActivityPub will at some point have to think about solutions for better data privacy - or maybe the U.S actually regulates something that is compatible with GDPR and then we get same protections across the board (the big problem at the moment is Schrems II)
Because the GDPR requires explicit consent, you need to informed what data Meta will collect about you, and how they will use it, and then you have to click something saying that you are OK with that. The GDPR specifically rules out implicit consent, which is what Meta would be claiming “Well they are posting to the fediverse, so it is fair game”
On a more serious note:
The article doesn’t go into detail, but looks like US and UK will get the same version… one that can’t be “safely” deployed in the EU (without risking huge fines again).
So I’m guessing we’re getting a version that makes - or at least tries to make them look like they’re compliant with their “privacy efforts”. Assuming they need EU-only datacenters and infra etc.
I guess we’re getting it “later”.
This is good, but I wonder how they’re going to handle ActivityPub federation in the meanwhile? Defed all EU instances?
But I am a citizen that is covered by the GDPR in the UK. I have an account on allthingstech.social which a US server, so they would be breaching GDPR by ingesting my data. They can’t know where any user comes from just by the server that user is attached to - which is going to a lovely fun headache for them to deal with 😂
If they were processing your data without consent, yes, but I think in this case you’ve given them your consent (I hope) and they’re allowed to process whatever data they need for their service (but not more than that). The question is what they do with my data (the federated copy, which now lives on their servers, since I’m talking to you), since I’ve not given them my consent, and I’m EU citizen.
It’s murky waters and I’m (thankfully!) not an layer or Data Protection Officer, so I’ve no idea how that works legally. But I think the fediverse and ActivityPub will at some point have to think about solutions for better data privacy - or maybe the U.S actually regulates something that is compatible with GDPR and then we get same protections across the board (the big problem at the moment is Schrems II)
Because the GDPR requires explicit consent, you need to informed what data Meta will collect about you, and how they will use it, and then you have to click something saying that you are OK with that. The GDPR specifically rules out implicit consent, which is what Meta would be claiming “Well they are posting to the fediverse, so it is fair game”
Well…is it CCPA compliant?