this post was submitted on 24 Aug 2024
395 points (98.5% liked)
Technology
59607 readers
3088 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Didn't Meta try the same argument? I very much doubt this will work in court.
Under the GDPR, you need informed consent. That consent may only be for specific, limited purposes. A blanket permission for any broad purpose is not going to work. People know that their comments and posts will be read, so that's fine. One should probably tell people that their posts will also be crawled and stored in various databases. That federation means that their personal data is actively sent to other instances and processed there, is not something your average person knows. To be legally above board, this should happen only under contract, with instances under the GDPR or equivalent, and only by informed consent.
Every once in a while, there are debates around federating with or blocking certain instances. In particular, federating with Meta's Threads is a hot button issue. Clearly, a number of people explicitly do not consent to having their data sent to just anyone. I think they have the law on their side.
I'm not complaining. I'm explaining the law. You asked, remember?
I originally posted this with regard to embedding images. But it also shows you something else: Saying that something is simply the way the internet works just doesn't hold up in court. In that case, the plaintiff could have configured their browser to not connect to google. But they explicitly don't have to.
Good question. Why should it matter if the data is sent to other people, if those people could scrape the data just as easily. Common sense may be that it doesn't matter. But you could equally well say: Why does it matter if I share copyrighted media, if people can already get pirated copies with ease?
Under what conditions, scraping is legal is mostly unanswered right now. But the legality of scraping does not directly affect the legality of data sharing for federation.
Oh, I see. These terms are always a bit fuzzy.
Suppose we regulated food on the same principles. Manufacturers would have to print exactly what ingredients went into the food and what was done with them. Maybe they are also required to assess the impact of some ingredients or steps in the recipe. Then people can form their opinions on whether that is healthy or not; causes cancer or whatever. Nothing is banned outright, it's just a matter of informed consent whether you eat something or not. To me, this is a neoliberal or libertarian approach.
The GDPR goes a step further by giving you rights over certain data, turning it into something similar to intellectual property. The dogma that we should turn everything into private property and leave it to the individual, and then a miracle happens, is to me libertarian or neoliberal. Suggest a better word if you have one.
They shared, and processed, much more than post data. When you click on "reply" on your next post you're consenting to publishing what you wrote, you're not consenting to lemmy.world sending metrics about how long you seem to have looked at an ad to the yanks. You're not consenting to having your typing patterns analysed to build a psychological profile. All that is data that your instance's web UI could collect, but doesn't, and also doesn't share with anyone. Meta does.
They are free to use platforms which share information less freely. But that's kinda pointless: As long as he information is publicly accessible, and you very much agree to the information being publicly accessible when posting it in a public forum and pretending you don't understand that won't fly in court, it is necessarily available world-wide in one way or another.
There's some wibbles about details here, e.g. votes are aggregate in the public-facing view, while on the instance level you can see who voted how. That's, in my understanding, why the devs proposed making them public also on the web interface: So that it's clear that it's public information.
Scraping is perfectly legal in the EU. It's like making a copy of a newspaper: You can get in trouble for distributing that copy, but not for making it for your own archival or whatever purposes.
lemm.ee actually proxies images. I'd say that it'd be good practice to proxy anything that needs to get loaded by browsers to display the page.
It's you who introduces the term "property", there. The European legal tradition considers the whole topic as part of the right to informational self-determination, if you want to call that a "property" then only in so far as honour or glory or bodily integrity are also property.
The neolib position, I think, could be better described as private data being a) a commodity and b) the identified person does not actually have any inherent rights to it. They don't want to pay you, lowly peasant, for collecting data about you, they are always and everywhere in favour of their own privilege of owning all the things without equitable exchange. Less insane liberals may still formulate things it terms of property, but then have the basic common fucking decency to assign property of your own data to you. They may even limit some of the commodity aspects.
That does make a difference, but probably not enough of one. The GDPR defines sensitive data: Religious beliefs, trade union membership, sexual orientation, and more. The sensitive data is in the posts. That other data was probably not a big deal.
The counterargument was that the processing wasn't strictly necessary for the contract. It is not strictly necessary either to store lemmy posts on other servers outside the reach of the GDPR.
No. You misunderstand. Scraping, as such, is legal in the abstract. But where personal data is concerned, the GDPR applies. How and for what purposes the GDPR allows scraping is contested, to put it mildly.
You're probably allowed to make copies of a newspaper for your private, non-professional, non-business purposes throughout Europe, but the states have somewhat different laws for that sort of thing. It's not necessarily legal under all circumstances in all member states.
I said similar to intellectual property. Property is something that may not be used or taken without consent. When someone else has it, the owner can demand to know about its whereabouts or condition, or take it back. That seems quite similar to the requirements of the GDPR. Neither honor nor bodily integrity are like that. The main difference to property is that you cannot irrevocably transfer it to someone else.
Continental European copyright is also like that. Maybe the PR work of the copyright industry laid the groundwork for the GDPR. Note how people talk: Tracking cookies are "stealing your data". It's not spying on you - not invading your privacy - it's an act of theft; a property crime.
Maybe you think the dissimilarities weigh more heavily. Even so, it is still neolib or libertarian to me. That's the point of the food analogy.
You're right that they want it to be even more property like. I expect eventually we'll get some data trustee or PIMS scheme or something along those lines. Some brain-dead ordoliberal fever dream born out of dogma rather than reason. That seems to be the track we're on. The left is dead.