Jonas Oberg jonas at
Thu Aug 10 07:01:45 UTC 2017

Hi Mat,

> Specifically, it seems to suggest to me that a fair number of
> proprietary platforms - facebook for example might contravene the 'Data
> protection by Design and by Default (Article 25)' that requires privacy
> settings to be set at a high level by default.

I would posit you're right in this. But I would think the same problem
might exist with distributed platforms. I just checked Diaspora* for
instance, and it seems to have the same level of default privacy as
Facebook for new users and posts ("Friends only" on Facebook and
"All aspects" on Diaspora*).

So it seems to me that if we agree that the right to privacy is important,
supporting Free Software, and supporting the GDPR, are both important aspects
of privacy, but the two are largely on parallel tracks and don't overlap

There's one case I can see though: it would be possible to make the claim
that given the high requirements of GPDR, it's impossible for anyone to
meet those requirements in a believeable way without publishing the software
used as Free Software, and without using Open Standards (which is also
roughly the requirement for Data Portability in Article 20).

Happy if anyone would like to work on this with us. I'm looping in our
policy analyst, Polina Malaja, who would also be involved in this.

Jonas Ă–berg, Executive Director
Free Software Foundation Europe | jonas at
Your support enables our work (

More information about the Discussion mailing list