- cross-posted to:
- reddit@lemmy.ml
- technology@lemmy.world
- news@kbin.social
- cross-posted to:
- reddit@lemmy.ml
- technology@lemmy.world
- news@kbin.social
Huffman has said, “We are not in the business of giving that [Reddit’s content] away for free.” That stance makes sense. But it also ignores the reality that all of Reddit’s content has been given to it for free by its millions of users. Further, it leaves aside the fact that the content has been orchestrated by its thousands of volunteer moderators.
touché
I wonder who owns the content posted on Lemmy. I haven’t seen it explicitly called out as Creative Commons or any other license.
Massively underrated comment. I know legalese isn’t going to be super popular around here, but we can still clarify & enshrine some fundamenatl values here to shore off corporate interests, in the same spirit as copy left. Just because creative Commons are common, and GDPR protects things implicitly (albeit completely untested–perhaps even problematic), that doesn’t mean they don’t warrant mention and protection.
I will grab my popcorn the first time someone seriously tries to pursue a GDPR erasure request for their fediverse content. I don’t think it’s even possible to honor such a request in theory, let alone in practice, given that nodes can come and go from the network and when they go, they could easily keep their local copies of everything.
In theory you’d have to send a GDPR request to every instance.
Technically every instance should have it’s own T&C. I believe over on feddit.de they had a disclaimer somewhere.
Speaking of, how are regulators / governments going to deal with Lemmy? Virtually all existing legislation is intended to deal with centralized stuff run by companies, not federalized. By some regards, there may be actual legal issues with the current setup.
Lemmy by its nature is unlikely to ever face the scrutiny that corporate-owned platforms do, but that doesn’t mean we should be unprepared.
Edit: …virtually all existing legislation…
Well, Lemmy is, when you get down to the technical level, centralized.
Each instance is a centralized unit, with a server owned and run by an individual or a group of people. Each instance replicates and hosts content. Since each instance provides the content directly, they are responsible for the content, same as Twitter is responsible for the content on Twitter, even if the content is a screenshot/copy of a Reddit post.
So I, as a feddit.de user am subject of feddit.de’s TOS, since I am legally their customer. feddit.de is responsible to clean illegal content from their instance and from all replications from other instances that they are hosting.
Regular social-media-related law totally applies to Lemmy, with two caveats. Many of these laws have a triviality limit, meaning they won’t apply to networks below a certain user count/yearly revenue.
Federation means that each instance is technically a separate social network, so their user count is not added together. And since all Lemmy instances I know are non-profit/non-commercial, there is also no meaningful revenue.
But for laws without these limits (e.g. GDPR) there is no salvation for Lemmy, and once Lemmy becomes big enough for anyone to notice, there will be lawsuits.
GDPR doesn’t create avenues for lawsuits. GDPR is managed by local Information Commissioners Offices, who levy fines.
European commission begs to differ: https://commission.europa.eu/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en
That doesn’t really say that you have any specific action just from having your rights breached. It’s not like in the US where you can sue for hurt feelings and get punitive damages - you have to have actual, costed damages to claim for.
The trouble with actual damages is that it’s near impossible to prove that the breach of your rights directly caused the damages, if you can even put a monetary value to it. The potential for it to happen is not enough for a claim to succeed. So, in practice, in almost every circumstance the only avenue is a report to the DPA and hope they levy a fine.
That’s from the link.
I said, you can be sued for GDPR violations. “Take legal action” = “sue someone”.
Also, yes, you can very much sue for emotional damages and real damages due to GDPR violations. The difference between US and EU is that emotional damages in the EU are a few €100 and not a few 1000 or even 10000.
But if you do really leak data (e.g. passwords) and these are then abused for something else, then you are talking about serious costs.
Here you got a link about how the European Court of Justice confirms that emotional damages for GDPR violations is a thing: https://noyb.eu/en/court-justice-confirmed-there-no-threshold-gdpr-damages
True. But the thing is, a few £100 doesn’t really make up for the filing and legal costs. Particularly when there is a chance you won’t be successful.
Again, proving that the specific breach led to the abuse and cost is the issue.
There is no limit, but that doesn’t mean every claim has a potential for massive damages.
In practice, in the EU, it’s just not worth pursuing. Being successful is challenging, and when you are successful in the vast majority of cases the payout just isn’t worth it.
Meanwhile, a report to the local DPA or ICO or whatever is free of charge. Literally just sending an email or two. Also, if you did have a claim with any reasonable chance of success, action with the DPA would only strengthen your claim.
I would imagine the same laws that apply to email servers or voip services or any other existing federated service like usenet…