XMPP Service Operators - 2020-11-05

I don't think the GDPR is a bad thing, in many ways I think it doesn't go far enough. However I also am not a fan of the reaching beyond borders aspect of it

I think that's just one facet of globalisation. It's the same with antitrust law. It wouldn't work if you'd only apply the law of the country where a company registered itself ("race to the bottom" in regulatory laxity). You have to apply that law as soon as someone / something enters a regulated market and that might be a little abstract if it comes to digitised services.

Well hopefully the US gets more privacy laws and not just state ones but federal ones

Antitrust laws, by their nature, generally apply to large companies (which usually have a physical presence in multiple jurisdictions). I'm more concerned about individuals and small organizations; if they're expected to know and comply with all the relevant laws from even a handful of jurisdictions, just to run a federated XMPP server with public MUCs, then they just won't get started. This will protect the giants from new competition, thus achieving precisely the opposite of the intention of antitrust laws.

The US hasn't enforced antitrust laws in decades. What makes you so worried now?

I think you see it a little too narrow, if that's the right expression. There are many laws that in theory also apply to individuals but are not enforced against them (probably since this might easily run counter the principle of proportionality). For instance, many jurisdictions oblige web admins to provide a legal note that fulfills certain requirements. Nonetheless, the web is still full of pages undoubtely subject to those jurisdictions that do not or not completely fulfill this requirement.

...which encourages general disrespect for the law.

Proportionality is nothing new, so… nope. That's not what happens.

Moving slightly back towards the topic: unless the privacy regulations of multiple jurisdictions are going to apply _only_ to the giants, then they'll give those giants an advantage over their smaller competitors, who have to put more work per user into satisfying the regulations. Mark Zuckerberg knows this, which is why he asks for more regulation of the internet, instead of just unilaterally implementing the regulations he wants. I think he even admitted in testimony somewhere that more regulations would act as a barrier to competition, but I can't find it now.

millesimus: the problem is rather selective enforcement. If a government targets somebody specific, like that guy locked up in the UK for over a decade now, they'll all of use those "usually not enforced" laws against that person

TMakarios: yes, that's well known. When the GDPR was designed, there was a preliminary clause about not applying it to small companies - but that got dropped

I'm not sure if it got dropped because small companies can also collect huge troves of information, or if it was some push by a BigCorp, or just that privacy rights are too important to have exceptions

Either way I don't disagree with that. As I said, it was a multi-day effort to write the GDPR privacy policy for my server, but it was well worth it in the end.

And are you doing anything to ensure that you also satisfy the privacy laws of any other jurisdictions?

TMakarios: given that the EU has one of the strongest privacy legislations in the world, no.

TMakarios: BTW, the results of the XSF's GDPR efforts are here: https://wiki.xmpp.org/web/GDPR/Privacy_Policy_Template

> millesimus: the problem is rather selective enforcement. If a government targets somebody specific, like that guy locked up in the UK for over a decade now, they'll all of use those "usually not enforced" laws against that person Ge0rG: If you are talking Assange that's a totally different kind of law.

> Ge0rG wrote: > TMakarios: given that the EU has one of the strongest privacy legislations in the world, no. Ok, but recall that your argument relied on privacy being a "fundamental human right". You say it's recognized as such by German law, but it seems New Zealand law doesn't do the same. So who's to decide which jurisdiction is correct about that?

> I'm not sure if it got dropped because small companies can also collect huge troves of information, or if it was some push by a BigCorp, or just that privacy rights are too important to have exceptions Ge0rG: Fines are proportioniate to your profits, anyway.

TMakarios: that's really a tough question. The EU has decided that they are the correct jurisdiction for EU citizens and people who are located in the EU, regardless of who processes their data and where it is processed

> BTW, the results of the XSF's GDPR efforts are here: https://wiki.xmpp.org/web/GDPR/Privacy_Policy_Template Ge0rG: Thanks for sharing. I will have a look at it. At first glance, it's still a little too long and too "legal" for my taste.

TMakarios: I suppose that New Zealand could bring out a similar act, trying to enforce it outside

Ge0rG: I hope not. I really don't like the idea that anyone running a server (or a node in a peer-to-peer network?) could be considered subject to the laws of countless foreign jurisdictions (some of which may be authoritarian), and I don't want to see it further normalized.

TMakarios: well, you won't be able to prevent that

I think the Megaupload case against Kim Dotcom is still ongoing in New Zealand

Yes, and I think our extradition treaty with the US only applies to crimes where New Zealand law recognizes a similar crime, or something like that, so the copyright claims themselves weren't grounds for extradition (according to at least one court at one stage, I think), since copyright infringement is (or was) a civil (not a criminal) offence here. But I haven't followed the case closely, or recently, so I could be quite wrong.

Idk that whole thing was super shady

US agents stormed Kim's NZ property

Bugged in internet

Ironically, among the charges made by the US Declaration of Independence against the British King were: > He has combined with others to subject us to a Jurisdiction foreign to our Constitution, and unacknowledged by our Laws; giving his Assent to their Acts of pretended Legislation: > ... > For transporting us beyond Seas to be tried for pretended Offences

I'm not sure if you really can equal kimble with the British King

"kimble"?

TMakarios: https://en.wikipedia.org/wiki/Kim_Dotcom

> I'm not sure if you really can equal kimble with the British King _You wouldn't steal a kingdom_

I was thinking about the US government doing just what they accused their former oppressors of doing, in this case asserting extraterritorial jurisdiction and extraditing people for supposed violations of it.