But I am a citizen that is covered by the GDPR in the UK. I have an account on allthingstech.social which a US server, so they would be breaching GDPR by ingesting my data. They can’t know where any user comes from just by the server that user is attached to - which is going to a lovely fun headache for them to deal with 😂
so they would be breaching GDPR by ingesting my data
If they were processing your data without consent, yes, but I think in this case you’ve given them your consent (I hope) and they’re allowed to process whatever data they need for their service (but not more than that). The question is what they do with my data (the federated copy, which now lives on their servers, since I’m talking to you), since I’ve not given them my consent, and I’m EU citizen.
It’s murky waters and I’m (thankfully!) not an layer or Data Protection Officer, so I’ve no idea how that works legally. But I think the fediverse and ActivityPub will at some point have to think about solutions for better data privacy - or maybe the U.S actually regulates something that is compatible with GDPR and then we get same protections across the board (the big problem at the moment is Schrems II)
Because the GDPR requires explicit consent, you need to informed what data Meta will collect about you, and how they will use it, and then you have to click something saying that you are OK with that. The GDPR specifically rules out implicit consent, which is what Meta would be claiming “Well they are posting to the fediverse, so it is fair game”
But I am a citizen that is covered by the GDPR in the UK. I have an account on allthingstech.social which a US server, so they would be breaching GDPR by ingesting my data. They can’t know where any user comes from just by the server that user is attached to - which is going to a lovely fun headache for them to deal with 😂
If they were processing your data without consent, yes, but I think in this case you’ve given them your consent (I hope) and they’re allowed to process whatever data they need for their service (but not more than that). The question is what they do with my data (the federated copy, which now lives on their servers, since I’m talking to you), since I’ve not given them my consent, and I’m EU citizen.
It’s murky waters and I’m (thankfully!) not an layer or Data Protection Officer, so I’ve no idea how that works legally. But I think the fediverse and ActivityPub will at some point have to think about solutions for better data privacy - or maybe the U.S actually regulates something that is compatible with GDPR and then we get same protections across the board (the big problem at the moment is Schrems II)
Because the GDPR requires explicit consent, you need to informed what data Meta will collect about you, and how they will use it, and then you have to click something saying that you are OK with that. The GDPR specifically rules out implicit consent, which is what Meta would be claiming “Well they are posting to the fediverse, so it is fair game”