-
alacer
TMakarios: As a Service Operator can't you mention the applicable law in your TOS and applicable law should be the place you are operating (as a service provider) from n then from where the service is being provided. So a Bhutan user should not enforce Bhutan law on you else you can have Australian, Japanese etc Users.l am not legal expert...
-
TMakarios
alacer: So far, I'm just providing service to close friends and family, so I have no TOS. I'm just curious about what legal principle (if any) the EU believes it can use to impose GDPR on the rest of the world. Hence the reductio ad absurdum with Bhutan.
-
Ellenor Malik
kwak
-
alacer
TMakarios: Well I am not a legal expert but GDPR compliance is complex...May be ask.specifically for.GDPR in this room.. then what about US, Canada like 5 eyes and relevant compliances... as your services are not professional Nature but for GDPR you may need a node in EU... well ask ppl here...
-
millesimus
I don't quite remember the name of the legal principle but it's basically: you offer services in / for customers in the European Union, you must adhere to our rules.
-
tom
Or what
-
tom
Digital hexing over the net to make all breakfasts you touch magically turn into beans on toast until compliance is achieved?
-
millesimus
It starts with a fine and escalates from there, I suppose.
-
millesimus
> I don't quite remember the name of the legal principle but it's basically: you offer services in / for customers in the European Union, you must adhere to our rules. So TMakarios should basically be fine until users start to communicate with European users via federation.
-
Licaon_Kter
millesimus: not federation, until EU users have accounts on that server
-
millesimus
Licaon_Kter: As soon as servers communicate and exchange personal data like JIDs or message contents etc. you are processing that data in the GDPR sense.
-
Licaon_Kter
But other rules apply, iirc
-
TMakarios
> millesimus wrote: > I don't quite remember the name of the legal principle but it's basically: you offer services in / for customers in the European Union, you must adhere to our rules. So could the King of Thailand say the same thing, and prevent anyone on European XMPP servers from criticizing him?
-
TMakarios
(Thailand has a lèse-majesté law.)
-
millesimus
> So could the King of Thailand say the same thing, and prevent anyone on European XMPP servers from criticizing him? What's this about, TMakarios? Do you want answers / advice or do you just want to rant? ;)
-
millesimus
> But other rules apply, iirc There will surely be some special rule sets (like privacy shield, lol). I understood the question to be more about the general applicability of the law and how it could be enforced.
-
Licaon_Kter
TMakarios: in theory that's what the new/old upload filters law they want to push these days in the EU tries to say, if Thailand says "this meme is terrorism" you gotta take it down in one hour, 24/7
-
TMakarios
millesimus: I'm genuinely curious about what reasoning the EU uses to justify its apparently unilateral claim of extraterritorial jurisdiction. I'm willing to discuss this somewhere where it's more on-topic, such as xmpp:politics@chat.disroot.org?join
-
TMakarios
Licaon_Kter: That's...interesting. I guess it shows some bullet-biting consistency, at least.
-
Ge0rG
TMakarios: it's not extraterritorial because it affects European users.
-
Ge0rG
TMakarios: it might be hard to enforce, but it's a valid approach in a globalized world. Also as a citizen of the EU, I'm very much glad about strong privacy protection, even if I had to invest some days into writing a proper privacy policy for xmpp
-
jonas’
remember that privacy is, in the first place, not a law against the service operator, but a fundamental right of the data subject
-
jonas’
hence the jurisdiction of the data subject is what should and does matter, not the jurisdiction of the service provider
-
TMakarios
Ge0rG, jonas’: But it purports to constrain the behaviour of people and servers outside the EU, not the behaviour of their EU users. Seems pretty extraterritorial to me.
-
Ge0rG
TMakarios: well, you are also not allowed to fire intercontinental ballistic missiles onto the EU, as it would affect its citizens.
-
jonas’
yupp
-
jonas’
you’re also not allowed to mail anthrax
-
TMakarios
If it prohibited EU citizens from _using_ services without adequate GDPR policies and practices, and punished those citizens who used the services in violation of the law, I wouldn't think it so strange, at least from the point of view of the claim of jurisdiction.
-
jonas’
so you’d punish those receiving the anthrax letters instead of those sending them?
-
Ge0rG
you are also seeing US companies trying to enforce the DMCA and other useless monopoly laws all over the world.
-
jonas’
that sounds weird
-
Ge0rG
TMakarios: you could prohibit EU users from using your service.
-
Ge0rG
some american news outlets replaced their whole ad-ridden clickbait with a GDPR tombstone page.
-
Ge0rG
I'm not even sad about it
-
TMakarios
As for cross-border acts of murder, I'm pretty sure those would violate my _local_ laws, possibly with some matters determined by treaties that _explicitly_ grant limited extraterritorial jurisdiction.
-
jonas’
I’m also fairly certain that you’re not allowed to sell, for example, $drug prohibited in the EU even if it is allowed to be sold in your country.
-
TMakarios
Yeah, the US is also prone to unilateral claims of extraterritorial jurisdiction, and I'm not a fan of it there, either.
-
TMakarios
Prone to _making_ such claims, I mean.
-
TMakarios
> jonas’ wrote: > remember that privacy is, in the first place, not a law against the service operator, but a fundamental right of the data subject According to Wikipedia, in New Zealand, > Privacy tends to hold the status of a value or an interest, rather than a right.
-
Ge0rG
TMakarios: well, in Germany it's a fundamental human right, so as a German citizen, I can demand its enforcement everywhere my data goes ;)
-
TMakarios
Am I right in thinking this includes the so-called "right to be forgotten"?
-
Ge0rG
TMakarios: it does
-
Ge0rG
OTOH, no, the right to be forgotten is not explicitly worded in that fundamental human right, but the GDPR has a requirement to delete data on demand
-
TMakarios
Has this resulted in people using the law to effectiveky censor criticism of themselves? Or does the law try to prevent such censorship somehow?✎ -
TMakarios
Has this resulted in people using the law to effectively censor criticism of themselves? Or does the law try to prevent such censorship somehow? ✏
-
Ge0rG
TMakarios: there is a trade-off between that right and the right of the public to be informed
-
Ge0rG
generally, the right to be forgotten is applied in very limited ways to politicians and VIPs
-
TMakarios
Doesn't sound like a very "fundamental" right if tradeoffs are involved.
-
Ge0rG
TMakarios: see my correction above
-
Ge0rG
https://en.wikipedia.org/wiki/Right_to_be_forgotten#Germany is some interesting read
-
jonas’
TMakarios, and yes, human rights also have tradeoffs. hence why they are ordered
-
TMakarios
Does GDPR not involve the same tradeoff? I mean, if requires you not to store embarrassing messages people send in public chats like this, you can no longer inform the public about what they said.
-
Ge0rG
TMakarios: I think that by explicitly making your data public in a public forum you will be subject to different rules than just the GDPR
-
TMakarios
I should probably try sleeping now. I've probably got a long afternoon and evening of morbid curiosity about a certain election tomorrow.
-
Ge0rG
just don't go out after election day. The lead concentration in the air might be too high.
-
Ge0rG
TMakarios: https://law.stackexchange.com/a/31028/17202 is a nice explanation of article 17 trade-offs in the context of private messages, but those apply equally for public ones, I'd say.
-
tom
» <tom> Digital hexing over the net to make all breakfasts you touch magically turn into beans on toast until compliance is achieved? » <millesimus> It starts with a fine and escalates from there, I suppose. But if I don't live in the EU, how are they going to collect that fine?
-
millesimus
> But if I don't live in the EU, how are they going to collect that fine? tom: They send you a demand and they either have a contract with your government to mutually collect and enforce such fines or you will have a hard time entering the EU, eventually.