Subj : fsxNet Feedback ("Privacy")
To   : apam
From : Oli
Date : Fri May 14 2021 10:20 am

apam wrote (2021-05-14):

 >> There are several aspects where the current practice in fsxNet and the
 >> BBSs connected to it are not compatible with the GDPR in the EU
 >> (General Data Protection Regulation) (I guess there are other
 >> countries with strict privacy laws that might apply too).

 a> I don't really understand how european laws are enforcable in
 a> non-european nations? If the BBS was in europe, sure, they must comply to
 a> european laws, but if a BBS is in another country.. do we have
 a> international agreements to honour GDPR laws? Am I going to get
 a> extradited from Australia if a European user logs into my BBS?

You are free to give a shit, I also don't see that it is enforceable (in the case of a BBS operating outside of the EU). It also will get more confusing, when other countries will introduce similar, but slightly different regulations and laws. I'm not sure how individuals and small organizations will be able to handle it (it's already a problem).

 a> I don't see any need to block europeans from fsxnet / BBSing, it's up to
 a> them to comply with their own laws. What's to stop a european from
 a> logging into a BBS via a proxy even if we did block them all out?

You still violating the GDPR, if you don't comply (without any consequences for you). But for sysops / nodes / hubs / bbs who are operating in the EU, it might me a problem.

 a> Ok, now say we care about the GDPR, how do we comply? is it simply a
 a> matter of having a privacy policy?

 a> Personally, I don't care. I'm not in europe, I'm never going to europe,
 a> and I'm kind of offended that europeans think they can enforce their
 a> moronic laws on the entire world?

So you don't know the GDPR, but you know it is a moronic law? I wonder how a non-moronic law would look like and work.


The basic rules are:

- don't store and process personal data that are not technical essential
- get informed consent for the storage and processing of personal data in advance
- don't make optional (non-essential) personal data a condition (as in non-optional) for using the service
- don't leak / transmit personal data to third parties (without informed consent)

or something like this.

I privacy policy that says: agree to everything or leave is most likely not sufficient (and harmful to the idea of data protection). On the other hand I would find it acceptable to read the message: this is a private BBS. I'm unable to become an expert in every fucking data protection law in every country in my limited free time. If your not from Australia, disconnect or live with the consequences ... ;).

---
 * Origin: . (21:3/102)

.