|
Top-level
 Is data protection law enough? In the EU and UK, possibly, but what about elsewhere? Given that Meta has been the subject of almost constant DP enforcement action for years, quite possibly not. Is it the case that non-compliance with an instance’s terms is computer misuse or the like? Potential criminal sanctions for admins which don’t read and comply with every other instance’s divergent and potentially regularly changing terms? 8 comments
I also wonder if this is the topic in the fediverse which most needs legal attention. For example: - agreements between sites (admins / legal entities, where relevant) and moderators, setting our roles, responsibilities, and remuneration? - basic data protection support? And perhaps other stuff? I have given legal advice relating to the Fediverse, but linked to companies wanting a presence here, or looking to operate servers (managed hosting, or public), so slightly different. Is it worth putting any time or effort into legal stuff, if it will just be walked over / ignored, especially without the money to enforce? Are we more dependent on community norms than enforcement action and, if so, does that mean that formal terms are worthless? I’m thinking about FOSS licensing, where there is a strong legal underpinning, and very little litigation - the licences tend to be self-policing, aside from v occasional court cases. But the legal complexity is high. And perhaps this ship has sailed, but do we really want an overly-lawyered Fediverse? A fediverse of terms and conditions and contracts and risks / threats of legal action? I am *massively* unsure that that is desirable, or sustainable. Users asserting licensing terms (eg CC) or data protection objection etc info in bios, or in post metadata? The former is easy, so even if of questionable value, perhaps worth considering? The latter requires changes and ongoing support in fedi servers and clients, so harder. Would it achieve the goal? I guess that’s the key question: what is the goal of this? What does success look like, and at what cost? I wonder how much of this is rendered moot by enabling authorized_fetch (https://docs.joinmastodon.org/admin/config/#authorized_fetch) or the fedi service equivalent? Or more use of locked accounts and follower-only posts? (For those who are most concerned.) I enabled authorized_fetch here a couple of months back, and haven’t noticed any issues.  @neil #AuthorizedFetch does nothing to protect from the dissemination of personal data in at least two very common cases: @neil I’m left thinking that the only way of making legally enforceable terms and conditions work in a federation context (beyond an allowlist or defederating known bad actors) would involve some form of machine-readable terms of use format. Which sounds like something that must’ve been tried so often before with little success (along the lines of P3P for example) and very fragile with so many AP servers running different software and software versions… |
Gregory's Server
This needs careful, considered, multi-jurisdictional analysis. Or, at the very least, specific analysis for the territories in which either or both the most concerned instances operate and in which Facebook / Meta operates.
I also wonder if this is an instance-level thing, or a user-level thing (for example, such as each use putting in their bio that they object to processing of their personal data for direct marketing purposes, and other purposes)?
#lawfedi