From the article:
“Today’s court’s decision shows that the consent system used by Google, Amazon, X, Microsoft, deceives hundreds of millions of Europeans. The tech industry has sought to hide its vast data breach behind sham consent popups. Tech companies turned the GDPR into a daily nuisance rather than a shield for people.” [Dr Johnny Ryan, Director of Enforce at the Irish Council for Civil Liberties]
Today’s judgement confirms the Belgian Data Protection Authority’s 2022 decision. It applies immediately across Europe.
Tech companies turned the GDPR into a daily nuisance rather than a shield for people
This is just how US companies do business but it is nice to to see at least somebody in position with that acknowledgement
The CA Prop 65 warning is a perfect example of this. Most people just ignore it because it’s on everything (which probably isn’t inaccurate, especially when most products contain some type of plastic).
So what exactly would this mean? Not that cookie banners will vanish completely, right? Will “Legitimate Interest” stuff just have to be unchecked by default?
2025 is a banger year for open source and internet freedom.
2025 is certainly a year. What kind of year it is depends on which country you live in.
Sounds like the US is nuking theirs, which certainly makes a bang.
I don’t really see how this ruling is helpful. The reasoning seems to confirm the view that the Fediverse is legally very problematic.
How? I just read the full text of that website, and I couldn’t find any language in there that would harm the fediverse.
Federation means that personal data is sent to anyone who spins up an instance. What legal basis is there for that? These guys and their lawyers weren’t able to figure one out.
What is legally defined as personal data in this case? Public usernames, public posts, or private messages to another instance, which states clearly that messages aren’t private and to use Matrix instead? Or is there something else?
For the purposes of this Regulation:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Anything connected to your username is personal data. Your votes, posts, comments, settings subscriptions, and so on, but only as long as they are or can be actually connected to that username. Arguably, the posts and comments that you reply to also become part of your personal data in that they are necessary context. Any data that can be connected to an email address, or an IP address, is also personal data. When you log IPs for spam protection, you’re collecting personal data.
It helps to understand the GDPR if you think about data protection rights as a kind of intellectual property. In EU law, the right to data protection is regarded as a fundamental right of its own, separate from the right to privacy. The US doesn’t have anything like it.
no, that’s wrong.
hi, i work in the EU, and the GDPR and related legislation is a big thing we regularly have to consider in our work.
“personal data” is NOT “anything connected to your username”.
“personal data” (more correctly, and usually, called PID; Personally Identifiable Data) is data that can be used to identify you, the natural person, not your online persona.
that means: your Social Security Number, your Passport Info, your Drivers License, your Date of Birth in combination with your Birth-Name/Real Name, your Home Address, your religious affiliation, your gender, your sex, your fingerprints, your DNA, etc.
anything that can be used to clearly identify you in real life.
so, for example, if a company requires your phone number and passport to register, they are not allowed to give that to any third party, without the users explicit consent. “Mr. Karl Marx, born 05. May, 1818 in Trier is our customer and here is his passport, phone number, home address, and all the associated data we have on him” <-- this is NOT ok under the GDPR.
on the other hand “OGcommunist1818 posted {seize the means of production today, comrades!}, at 10:30 am, CET, on server 127.0.0.1, which was sent to 10.0.0.1, 10.0.0.2, and 10.0.0.3, into their respective local storage” <-- this is perfectly fine under the GDPR, because none of that is clearly tied to the natural person: “Karl Marx, born 05. May in Trier”, even if it really was Karl that posted that, and even if we can guess from the username that it was probably Karl that posted that comment.
sending comments you make, your votes, your posts, etc., to another server is completely fine by the EUs data protection laws for 2 reasons:
- 1: it’s not personally identifying data in the first place
- 2: you agreed to this information being sent {wherever} when you made your account, so you gave your consent to your data being used in this way.
Our data protection/privacy laws are mostly concerned with data being sent WITHOUT user consent (through sale to third parties, data dumps, data leaks, hacks, etc.), they do not protect you from sharing your personal info with strangers of your own volition.
so, no, the EU does not forbid the fediverse and there certainly are no laws to support that notion.
Well kind of. If it is possible to connect something easily to your person, than that is private information too. For example your license plate or vin would be personal info too. Your advertiser id is seen as private info too.
Some information that is not directly linked to you is also private information. This includes stuff like healthcare or banking information
IP addresses could be used to identify someone
All this, plus the well-established legal notion of “informed consent”. If I rent a megaphone from a shop it would be utterly unreasonable for that shop to tell everyone I’d bought a megaphone - I wasn’t informed and wouldn’t reasonably assume that’s what they would do, so I couldn’t consent - but if I walk around using that megaphone to shout at people it would similarly be utterly unreasonable to argue that the shop is responsible for keeping my bellowings private.
Removed by mod
Excellent result. Let’s see if the EU capitulates once the pressure’s on.
“Pressure” aka bribes
Narrator voice: it did
It sounds like it would be relatively easy to fix, but I worry it will strengthen monopolistic tendencies.
