On 4/13/18 5:26 AM, Moritz Bartl wrote:
> On 12.04.2018 20:31, Peter Saint-Andre wrote:
>> Has anyone here looked into the impact of GDPR on volunteer services
>> like the Chaos Computer Club or small teams (not legal organizations)
>> running decentralized communication instances?
>
> It doesn't matter if people get paid or not.
Well, that's not very friendly from a civil-society perspective, is it?
In the Jabber community we've had many people running small, volunteer
messaging services for years. If those people now have a lot more work
to do and are taking on potentially significant personal liability, why
continue?
I think the EU answer is "if those people can't respect *fundamental* human rights like privacy, then that outweighs the other good those people are doing and they should not continue."
I am not sure this is the right balancing of harms and benefits. But it also isn't obviously *wrong*, and it is going to be very hard to convince regulators and the general public that it is wrong.
So (and forgive me if this discussion has already been had on the list) as software developers who care for freedom and independent services, the best thing we can do for those independent, small services is to build and release software that makes it reasonably possible to provide GDPR-compliant services. (e.g., one-click download of all data tracked by the service; deletion; minimal tracking by default; etc.)
Good example of a community trying to do the right thing:
I'd been under the impression Discourse was also doing something along these lines, though I'm not finding any evidence in a quick search.
That's obviously not easy, and of course the closer you get to a micro-services world with diverse logging, the harder it gets. But lots of the basics we tend to get wrong; here's a good post on the subject:
https://www.ctrl.blog/entry/gdpr-web-server-logs
[Tangentially, that post addresses a concern from another email to this list, about DOS-by-download.]
FWIW-
Luis
(IAAL, but IANYL and I am not an EU privacy law expert)