Is there an overview of social network alternatives to G+ with an emphasis on #GDPR or #PrivacyShield compliance?
Is there an overview of social network alternatives to G+ with an emphasis on #GDPR or #PrivacyShield compliance?
I'd very much like to use decentralized alternatives not connected to (global) companies like #diaspora or #friendica or anything from the #fediverse but as far as I can tell each (EU based) server admin becomes responsible in regards of GDPR. All my querys on that regards to such admins either came to no conclusion or to something on the lines of "if a legal dispute over gdpr comes up I will shut down the server immediately" which makes me wonder why I should register at all.
Has anyone taken a closer look to such topic or can point me to some external resources?
I'd very much like to use decentralized alternatives not connected to (global) companies like #diaspora or #friendica or anything from the #fediverse but as far as I can tell each (EU based) server admin becomes responsible in regards of GDPR. All my querys on that regards to such admins either came to no conclusion or to something on the lines of "if a legal dispute over gdpr comes up I will shut down the server immediately" which makes me wonder why I should register at all.
Has anyone taken a closer look to such topic or can point me to some external resources?
Excellent question.
ReplyDelete#pinme
IIRC did Christian Buggedei some research.
ReplyDeletethe nature of these things is that a private small-scale entity either a) ignores the whole topic, b) think they understand the gist of the topic, but then takes the apparently negligent risk of formal non-compliance, or c) come to the conclusion that things are too complicated to truly ascertain the risk and then decide to simply shut everything down.
ReplyDeleteOften enough folks from column a) and b) migrate to column c) suddenly and without warning when the first lawyer letter arrives.
Generally, GDPR compliance isn't hard if you are small fry (a blog where you cannot register for example, or hosting a forum for a few hundred acquaintances). The problems arise if you scale up, because then you suddenly have an audience that in turn attracts another audience and all of these people can possibly create grievances.
ReplyDeletePersonally, I have come to the conclusion that if you want the reassurance that your social network host of choice doesn't suddenly vanishes, there has to be some sort of legal infrastructure in place that ensures compliance to the various laws and regulations and is capable of dealing with sudden sternly worded letters.
I'd like to see d) let's just try to be compliant, how hard can it be?
ReplyDeleteChristian Buggedei, I have seen you Google Spreadsheat and already commented on some things in there.
I just hope that I am not the first one raising this question and hope that a server admin from the EU already made his way to the bottom of this topic.
I fear most are in "head-in-sand" mode about this, at least that has been the gist of the comments I've seen about this so far.
ReplyDeleteMarkus Sauerbrey the thing is: It's not hard. But it is work, and you need to be able to answer inquiries etc. And no one has yet really put thought into how things like "distribute a message over several pods" apply to GDPR.
ReplyDeleteIf you haven't the compliance workflows covered, you'll basically DDOS yourself eventually.
Interesting topic.
ReplyDeleteChristian Buggedei I am not sure that I understand how information transfer works within a social network and when exactly the provider of the server is in charge and when the user. Regarding the distribution of personel data from server to server (pod/node) it could very well be that you may not forward an information to a server outside the EU due to GDPR Art 44 ff which will render any such decentralized network useless. If on the other hand the user itself is the controller of all his personal data in a social network there are no legal boundaries. But this has to be part of how the network works (regarding diaspora and friendica: does it?) and of course part of the tos and privacy policy.
ReplyDeleteI think this issue is not insurmountable and a legal expert (which I am not) and an expert of how these networks work could probably work this out quickly. There are 99 articles in the GDPR but I think there are less than 20 that relate to this issue.
that's what I meant with: "it's not hard." Sit down, think, document and you're mostly done. But currently, the FAQ for podmins doesn't mention these things at all! (https://wiki.diasporafoundation.org/FAQ_for_pod_maintainers)
ReplyDeletewiki.diasporafoundation.org - FAQ for pod maintainers - diaspora* project wiki
What groups exist to even answer questions on this? I can think of the EFF, EPIC, and C3. There's a UK privacy group who ... may not have to worry about EU regs in another six months. Otherwise .... ?
ReplyDeleteMy desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/pv0siP8wWFCxuj3ZpORAqZa5kThYsPPrg-e2SQXtHZWBTegiURGMUnxl31ekHXklJBBbjbIAnpslWr-zVh18__6ChkHVwgbWPy8=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/D4VHS9wNqgu49l5kIfn87x6FmuQVHUWhey2DF1D63Jrj4WGlqhBpquGnHf9ucr-zi5RKxD0jb8kqPAk4lNFOc9uRQlpwOAz8Uhg=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/s43gIx_W3siXjuUBPzfxz4blY_5SaE9QbjMSfAB6OW0UU2_Ibie5gmPazBI8B_zk3yekjeTlD7GIhgSP80oDfTtEn0P0QcPCoAA=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/gDVHPuKxviPpZXfaQ8_xRORJu3JeKK2mriqrPpImbntVTe64UZYLxOpqPQIJGBPb7DDWn7uTBGxifXT2EoFve2qhsTZav7LEh8Q=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/8EgkDd-qZb_wu-7_gLsOZisXQyu349Dr3xzBs86pBe99AwuHqg80qET8NUQZ50an1uinFih3n462XNMMzWauDfBcMSKt7rcR73c=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/3bYupAreHFfQqef8oZkFLfIENQPifu692IAqzdaAJ3_AbzWCHGI2VvfsTsJfPc0gtd7iQsYzw8iGhB8CU3Z4anwqWelWWYRbSy8=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/WPeSzOBfRN_92j6EBmiSCBu7fkq_uZ4lJg3DuZ3CddcnHWdPzxMuV6sBy2HOizwJdE_9tTq_Y0jQf9h4lW6ainziv5ccv61nGCg=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/kNbO6xyfFdjITwZ8WUOYdSqWqE6igCSLHGENBtJkvFOfjVkvl2aq-m5ItGevO2G-f1ebKeg29ZwP-o9cvcT3NNz4L0EDgEeImPM=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/O7x84jHfiuLNPQW71xfJZpm20thgVUc-WUAeeoJqfeE73TcI9zlIjf3DhxTztwqbRdaLQJZyr4Pzy4KE3p9gw4y23tyboASwfTo=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/qx1uPHLmekrT01Y8OsJBLKwrHI58-8WKA9Xw7cCUdrF8kMyDRXoyyXshzHMM5-rK7Vuq6n333ab6eaUO2_u7Yr-HUihoNqCVu-4=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/ud3oPXCtGrBseQ17xfCMpVcPTIyYaxJOz46l6thxHh5tfYmIoYL9FHI15r7nzBhZv-qkpVFBR6NOaM2Cje6Eocie_i9U1C3uV3o=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/QyJIJUT0lCrF-WbmrW7nNjY_8ZGSnQI9P5RHMgM0KPQ-XQpgoexVdqpOndHabRBkFUnNTqEamXjbmpCVfcPuG4JiwVohxEvPfHs=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/cS6RARYgJfL_qTTZ_8uGynrW6jd4BpAERxpTH2cGG0dlZyxa069JV-Ui6dHh0tp9X6W4BltllBqHan9npHGO2O8HrSau9TKDQjo=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/3pPoyHRWxlzVhfKG2I-MUk1dGuXbrTbUS2BlNd3BKIZ3nWMSkvJtCvOr-IoTuZASMJskxsfbI4v5OyPuruexcogRhlgCvyunOrs=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/QcalAhfVpNsa_tqvhmetr324J_VhKoFxQSRuw1kzVnBfZES7_TvvszTFfhB-ogglIeyIzJG9TBoKfcJcpROnSBV2-PKktuiTwkE=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/NQzfQbacsFcN1luh9T7N1qCoIbsEMJtjIXNueDRRU1onTkTXZakomAb9PCQr9zZrD7P4m-50cp3rpwbTstTolbXhH9YRd1rg2uc=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/uPBYGLgUnVDoObUplg36X9KBi1KE9B79Cyz9AC-_KQ9th9tXaYCNq56FoPK8_eAR5ywA4J3PLJuBFkkNLpCYIXQYXN-5SYR9fcE=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/F0qpd-p50XnfSse9cNqFXxoskW4bNirVeAbRLuaFChe0Dq3WyZ9zJKrh9X3-VxP7lAOZiQv5ki65CStkDMmF5KNfsB1PZNro-qM=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/4YhJ-GqaIBZQA1HpEgbfXFXvfoHkAxwK6-AfC2YaD3lCiPCe_Y6u7xrJHarZ8gbVn3wKx64ac50ropevxUJDqtxqjiU1maNTff8=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/cmn54QVLstm8S37MO1iPfcjuv_72toR8FMGNFO9fShJCdFFI0QinDc1-4PYKoxbPkk7OUlfGsHzUHN-YEvEvjOH242RtWj1nhWs=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/V8iB9FyW_GW5m89vKYV6OP45ERSY57Nk3FvbgDTJOOgB1dyxCoqg3vFLlPcLTHxaVAWBBpKlQcFhH1u0UjuydpSvnzL8ZuC7v8g=s0
My desk these past few months. (for non-germans: DS-GVO is the german term for GDPR)
ReplyDeletehttps://lh3.googleusercontent.com/dZ7Rg4cujspnSfYctR-DjetkqbYE4k8e5EZ9AW0wL8tbSRrce7hfAWwHiUTfDNih6fBdNSBIAz4tbWNVJSenjI0IUrr7HPfl5Sw=s0
Edward Morbius EFF is a good candidate, alas they are US-centric. But they should be concerned about these things. C3... I have my reasons to not have high hopes there. The thing is that the whole Federation protocol is mostly conceived by technical peeps, not by social / political / legal science folks. And that is a problem, for many reasons.
ReplyDeleteChristian Buggedei Ayup. I'll add a "Privacy Organisations" page on the Wiki and we can start filling that in.
ReplyDeleteAfter we define "social networks" ;-)
I just had contact with someone who is - as I understand - part of the coding community of friendica and who fortunately lives in my town. We are planing to meet so we can learn from each other (though I am not a legal expert I am the data protection officer in my company).
ReplyDeleteMarkus Sauerbrey Who / what is your general go-to for more information?
ReplyDeleteI put my request in a friendica forum.
ReplyDeletenerdica.net - Friendica and GDPR
Ah, Michael Vogel ,also present here.
ReplyDeletePeter Gossner you mean - starting my own, for myself ( and maybe a very few trusted friends?) Or - starting my own, with hosting thousands of strangers, and I have the legal liability for all this?
ReplyDeletePeter Gossner it is not about "oh woes, my nasty podmin doesn't do the thing I want".
ReplyDeleteIt is about the fact that the network as a whole needs to think about these things and ideally provide new podmins with information on how to deal with them. I gladly help, there is no expectation that this will magically appear for me, but there needs to be some sort of interest to start with.