Recent searches
Search options
Bluesky is a broad network with lots of worthwhile people and conversations! I hope you’ll give it a chance. Only fully public content is bridged, not followers-only, unlisted, or otherwise private posts or profiles. Still, if you want to opt out, I understand. Feel free to DM me at @snarfed@indieweb.social (different account than this one), email me, file a GitHub issue, or put #nobridge in your profile bio.
(Admins, if you decide beforehand that you don’t want your instance to federate with Bluesky over the bridge, the domain to limit or block is bsky.brid.gy.)
A number of us have thought about this for a while now, we’re committed to making it work well for everyone, and we’re very open to feedback. Thanks for listening. Feel free to share broadly.
Thank you all for the feedback, both good and bad. I knew I’d hear some pushback that this should be opt in instead of opt out, and I obviously did. I’ve also had some useful conversations and ideas on how to bridge (ahem 
) that gap and make opt in more realistically usable, along with a few interesting compromise points between opt in and opt out. I’m grateful to everyone today who engaged and talked constructively and offered those new techniques. It’s very possible that this will land somewhere along that spectrum other than fully opt out.
I had plenty of work to do already before launch, and now I have a number of other important ideas to explore too. That’s great! I really do appreciate it. I’ll definitely check back in well before this launches.
@snarfed.org The GDPR applies to US-based companies that offer services to people in EU Member States. It applies to not-for-profit organisations. It will apply to you. Figure this out before launch.
Besides, consent matters even if you don't get fined for ignoring it.
Yeah. GDPR definitely applies. It's likely he wouldn't operate for long enough to get legally penalised, in the same way that copyright applies even if you take down the web site without getting prosecuted first.
There are ways to avoid the problem by just not storing data, of course.
Does GDPR apply? The data's public, and in any case federating it falls under one or more of the other Article 6 (1) uses in addition to consent.
Don't get me wrong, I think it should be opt-in, but I'm not convinced it's a GDPR violation if it's not.
@jdp23 @akareilly @snarfed.org
If the data is public but personal, yes, the person whose data it is can make requests about it under GDPR. And I don't see anything about whether it's public data under 6 (1).
So even if published somewhere, you can say "hey, give me a copy of all my data" and/or "delete my data", for instance.
In this case it's public, but not public domain or anything. It's still *your* data. A bit like a book, published but still clearly under copyright.
Thanks, I'm used to US laws exempting public data. Agreed that requests need to be processed. my 6 (1) comment was about the sharing via federation. eupolicy's privacy policy says "Note that updating subscribers and posting profile data (including profile mentions) requires disclosure of personal data to the service of the recipients" and bases it on Article 6 (1) (b) (‘necessary for the performance of a contract’)
@jdp23 @codefolio @snarfed.org
In short, you need consent, or another lawful basis like legitimate interest. Performance of a contract doesn't mean a contract with any random third party. The contract is with the data subject.
Processing always needs to take into account the human rights impact. Making someone's posts available on another social network with different moderation is a significant change
You can't just hand over data without doing an impact assessment and/or getting consent.