GDPR

Thu Aug 10 09:24:21 UTC 2017

Good morning,

I am very pleased to see that you bring up this issue. GDPR offers a 
great opportunity to promote FOSS.

FOSS is definitely far more "GDPR-ready" than proprietary or 
closed-code. *But, what an irony! *Who shouts the most about GDPR these 
days? Delivers free seminars with free food & drinks(!), invites 
prominent professors on stage, to give speeches about data privacy under 
their auspices?

*T**he ones who hardly comply with the GDPR, invest heavily on promoting 
it! *Otherwise, they will gradually extinct. It seems they have no 
choice. They also have the budget required, to do so, unlike FOSS. And I 
am afraid that, at the end of the day, they manage to gain the 
impressions of the majority...

Can we blame consumers or companies for choosing closed code over FOSS? 
They are brain-washed, after all.

To close, I would like to work with you, to help create relevant 
publicity about the true values of FOSS, including its *inherent 
*GDPR-readiness.

I am -kind of- speaking by experience, because we have recently gone 
through an audit for GDPR compliance as a company (email providers). We 
actually changed our business model in order to better comply: we moved 
all of our customers, from a unified multi-tenant environment to 
separated, privately hosted servers. All on FOSS.

At your disposal,
KR
Ioli

On 10/8/2017 10:01 πμ, Jonas Oberg wrote:
> Hi Mat,
>
>> Specifically, it seems to suggest to me that a fair number of
>> proprietary platforms - facebook for example might contravene the 'Data
>> protection by Design and by Default (Article 25)' that requires privacy
>> settings to be set at a high level by default.
> I would posit you're right in this. But I would think the same problem
> might exist with distributed platforms. I just checked Diaspora* for
> instance, and it seems to have the same level of default privacy as
> Facebook for new users and posts ("Friends only" on Facebook and
> "All aspects" on Diaspora*).
>
> So it seems to me that if we agree that the right to privacy is important,
> supporting Free Software, and supporting the GDPR, are both important aspects
> of privacy, but the two are largely on parallel tracks and don't overlap
> much.
>
> There's one case I can see though: it would be possible to make the claim
> that given the high requirements of GPDR, it's impossible for anyone to
> meet those requirements in a believeable way without publishing the software
> used as Free Software, and without using Open Standards (which is also
> roughly the requirement for Data Portability in Article 20).
>
> Happy if anyone would like to work on this with us. I'm looping in our
> policy analyst, Polina Malaja, who would also be involved in this.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20170810/01946de2/attachment.html>