[gdpr-discuss] impact on volunteer services
Luis Villa
luis at lu.is
Sat Apr 14 23:59:39 BST 2018
On Fri, Apr 13, 2018, 10:28 AM Peter Saint-Andre <stpeter at mozilla.com>
wrote:
> On 4/13/18 5:26 AM, Moritz Bartl wrote:
> > On 12.04.2018 20:31, Peter Saint-Andre wrote:
> >> Has anyone here looked into the impact of GDPR on volunteer services
> >> like the Chaos Computer Club or small teams (not legal organizations)
> >> running decentralized communication instances?
> >
> > It doesn't matter if people get paid or not.
>
> Well, that's not very friendly from a civil-society perspective, is it?
>
> In the Jabber community we've had many people running small, volunteer
> messaging services for years. If those people now have a lot more work
> to do and are taking on potentially significant personal liability, why
> continue?
>
I think the EU answer is "if those people can't respect *fundamental* human
rights like privacy, then that outweighs the other good those people are
doing and they should not continue."
I am not sure this is the right balancing of harms and benefits. But it
also isn't obviously *wrong*, and it is going to be very hard to convince
regulators and the general public that it is wrong.
So (and forgive me if this discussion has already been had on the list) as
software developers who care for freedom and independent services, the best
thing we can do for those independent, small services is to build and
release software that makes it reasonably possible to provide
GDPR-compliant services. (e.g., one-click download of all data tracked by
the service; deletion; minimal tracking by default; etc.)
Good example of a community trying to do the right thing:
https://wordpress.org/news/2018/04/gdpr-compliance-tools-in-wordpress/
I'd been under the impression Discourse was also doing something along
these lines, though I'm not finding any evidence in a quick search.
That's obviously not easy, and of course the closer you get to a
micro-services world with diverse logging, the harder it gets. But lots of
the basics we tend to get wrong; here's a good post on the subject:
https://www.ctrl.blog/entry/gdpr-web-server-logs
[Tangentially, that post addresses a concern from another email to this
list, about DOS-by-download.]
FWIW-
Luis
(IAAL, but IANYL and I am not an EU privacy law expert)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.earth.li/pipermail/gdpr-discuss/attachments/20180414/7ca36978/attachment.html>
More information about the gdpr-discuss
mailing list