- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
You must log in or register to comment.
this reads as both unfeasible or contradictory to existing laws (eg section 230).
this feels like another example of law makers making law w/o understanding what they’re proscribing
contradictory to existing laws (eg section 230).
Section 230 is US law; this article is about the EU and GDPR.
Operating in multiple countries often requires dealing with contradictory laws.
But yeah, in this case it also seems unfeasible. As the article says:
There is simply no way to comply with the law under this ruling.
In such a world, the only options are to ignore it, shut down EU operations, or geoblock the EU entirely. I assume most platforms will simply ignore it—and hope that enforcement will be selective enough that they won’t face the full force of this ruling. But that’s a hell of a way to run the internet, where companies just cross their fingers and hope they don’t get picked for an enforcement action that could destroy them.
Not really. The decision only states that a service that allows to publish advertisements with personal information must review these and make sure it’s they have the consent. Something all “gone wild” subreddits do with volunteers. A company that runs advertisements should be able to.
A company that publishes ads for sexual services without getting confirmation of consent is a risk for the society and this business model should not be allowed.
Not really. The decision only states that a service that allows to publish advertisements with personal information must review these
Did you post this after reading only the beginning of the article? Because, around the middle of it, the author foresees and responds to your comment:
Some people have said that this ruling isn’t so bad, because the ruling is about advertisements and because it’s talking about “sensitive personal data.” But it’s difficult to see how either of those things limit this ruling at all.
There’s nothing inherently in the law or the ruling that limits its conclusions to “advertisements.” The same underlying factors would apply to any third party content on any website that is subject to the GDPR.
As for the “sensitive personal data” part, that makes little difference because sites will have to scan all content before anything is posted to guarantee no “sensitive personal data” is included and then accurately determine what a court might later deem to be such sensitive personal data. That means it’s highly likely that any website that tries to comply under this ruling will block a ton of content on the off chance that maybe that content will be deemed sensitive.
Here are some relevant parts of what the court actually wrote:
67 In the present case, it is apparent from the order for reference that Russmedia publishes advertisements on its online marketplace for its own commercial purposes. In that regard, the general terms and conditions of use of that marketplace give Russmedia considerable freedom to exploit the information published on that marketplace. In particular, according to the information provided by the referring court, Russmedia reserves the right to use published content, distribute it, transmit it, reproduce it, modify it, translate it, transfer it to partners and remove it at any time, without the need for any ‘valid’ reason for so doing. Russmedia therefore publishes the personal data contained in the advertisements not on behalf of the user advertisers, or not solely on their behalf, but processes and can exploit those data for its own advertising and commercial purposes.
68 Consequently, it must be held that Russmedia exerted influence, for its own purposes, over the publication on the internet of the personal data of the applicant in the main proceedings and therefore participated in the determination of the purposes of that publication and thus of the processing at issue.
It seems to me that the fact that the nature of the content was itself advertising is not the relevant thing here, but rather the fact that the website had a commercial purpose is. So, maybe this will only apply to websites operated for commercial purposes? 🤔
(I am not a lawyer…)
A company that publishes ads for sexual services without getting confirmation of consent is a risk for the society and this business model should not be allowed.
Is there something I missed which indicates that the sexual nature of the advertisement was a factor in the court’s decision?
What is relevant: “for its own commercial purposes. In that regard, the general terms and conditions of use of that marketplace give Russmedia considerable freedom to exploit the information published on that marketplace.”
This turns the marketplace in a business that must have responsibilities and duty to care because they not only host the content, but process it.
Hosting is defined on paragraph 6. It does not involve processing of information. You user hit publish, it is published without any processing and and you don’t claim right to “use published content, distribute it, transmit it, reproduce it, modify it, translate it, transfer it to partners and remove it at any time, without the need for any ‘valid’ reason for so doing.”.
The GDPR don’t claim you are responsible for merely hosting personal information, but you become responsible by processing it. “The processing of personal data should be designed to serve mankind.”
The point is: you can run a lemmy instance, have people publishing shitposts all day in a hands off moderation policy. One day someone posts a doxxing. As soon you are told, you delete and it’s OK. But you can’t run a business where you invite people to post doxxing information, you claim rights to distribute this information, and them say you are only hosting it, and not processing it.
The problem is the site want the cake (free harbour immunity) and eat it (gain rights to profit from the published content).
