this post was submitted on 06 Mar 2024
303 points (88.9% liked)
Fediverse
28480 readers
851 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There are dozens of cases of fines issued to municipalities, and government offices that don't do business. France fined a parliamentary candidate. Italy has fined the Italian Archery Federation, an NGO. Germany fined a bunch of individual police officers and an employee of a Covid testing centre.
Please either start backing up your claim of some supposed nonprofit exception, or go sealioning somewhere else.
Cool, so no forum owners of foss...got it.
Nice moving the goalposts there. You said "not selling anything". I think police officers or the "Association for the prevention and study of crimes, abuses and negligence in information technology and advanced communications" don't sell stuff, they were fined nevertheless.
If I put a link to for example this case where a small social media provider got fined for nothing more than not handling data well, you could move the goalposts even further.
Or you could look at the countless cases brought against private individuals where they of course are not selling things. Austria fined a guy under GDPR for having a dashcam!
So again, you made a claim that there is an exception under GDPR for "forum owners of foss". Let's see evidence for that claim.
Let's see, in the EU and was a company that sold and processed data.
All you have done is provided that companies that hold pii in the EU have been fined before.
I'll ask again, please provide a instance of a person who holds no pii operating a forum or instance that is free, sells no data and makes no profit off the instance being fined.
I was going to write a long ass answer to this, but tbh I'm tired of you asking and me answering the same question over and over again while not providing any source for your claims.
Lemmy holds PII. Usernames and other online identifiers are PII according to GDPR Art 4/1 and legal practice as well. Photos people upload of themselves, people claiming to be Jews or from some country in comments are all PII. You have just said "oh but they are not" without backing up your claims. If nothing else, the fact that Reddit, the site which this is a clone of, holds PII should convince you if the relatively plain words of the law don't.
Lemmy processes data. According to GDPR Art 4/1 data processing does not involve sales of data, just "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction". Again, you have not found anything to back up your claim that "it actually doesn't and selling and processing is the same".
GDPR applies to nonprofits, even non-commercial entities, private individuals, government institutions as evidenced by fines. You claim an exception for "forum owners for free instances" without even trying to back it up, and are asking me to prove a negative, again without providing any evidence of your own.
So the real question is, let's say you're an admin of some instance that grows to some noticeable size. Would you trust your gut feeling of "I hate EU regulations, and they shouldn't apply to me either" before some random country you probably never heard of sends you a letter that you pay them some large amount of money? Or would you implement basic delete functionalities on your website and sleep easy?