[sakabaro]

I think in the opposit we should urge US companies to fight against GDPR. Local foreign laws shouldn’t dictate how our companies should behave. Why not respecting speech laws in China or in Russia if we follow this precedent?

[PunchTornado]

"our companies"?

Facebook isn't only a US company. Facebook Ltd is a UK company and they have many more companies around the world.

If you want to operate in UK and generate revenues there then Facebook Ltd must follow UK laws.

[sakabaro]

GDPR is more overeaching than that. You don’t need physical presence in EU to be subject to it. In theory, just having a webserver storing access logs (default of Apache and Nginx) makes you infringing it as EU IPs are now considered personal data.

[teamhappy]

> just having a webserver storing access logs (default of Apache and Nginx) makes you infringing it as EU IPs are now considered personal data.

That's not true. Read the 23rd point right at the top: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...

Here's the part of it that covers your webserver: "Whereas the mere accessibility of the controller's, processor's or an intermediary's website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, [...]".

[sakabaro]

From the french version, same (23):

> envisage d'offrir des services à des personnes concernées dans un ou plusieurs États membres de l'Union

They just have to prove you are considering EU in your app. It can be anything. Like Having EU timezones, or a country input with EU countries is enough to prove intent to server EU residents. If you collect IPs via your web sever, you are infringing.

[teamhappy]

> is enough to prove intent to server EU residents

Given that it's still April, there's literally no way for you to know that. Also, the sentence you're quoting starts with "may make it apparent" not "does make it apparent".

Having said that, if you're building a service that let's people select EU timezones, countries, currencies and so on you're probably going to have a hard time proving that you're not providing goods or services to Europeans (because you probably are). If you're providing goods or services to Europeans GDPR applies.

[pluma]

Yeah and unless you don't business in the EU as an EU entity, you can pay just as much attention to that as EU companies who don't do business in the US as a US company pay to the trainwreck that are American software patents.

[RussianCow]

Are you really comparing GDPR to Chinese speech laws?

[ggregoire]

Sadly I've seen this comparison so many times this last week on HN. Seems like common sense leaves some people when we talk about their country.

[sakabaro]

You are making the wrong assumptions. I am a EU citizen, but live in the US. I will vote in an heartbeat for a 1st amendment like in an Europe law. You just don’t see how Europe speech is reatricted, and how laws like GDPR contributes to it.

[pluma]

I'm an EU citizen and I disagree, so I guess that's just, like, your opinion, man.

[sakabaro]

You won't vote to protect free speech?

[pluma]

You're moving the goalposts. Your statement suggested you want a US-style "1st amendment" in Europe. I don't. That has nothing to do with "free speech" as a concept.

Under the US interpretation of free speech political donations are protected as "speech" and politicians can go on TV and say they want someone to be murdered and not face any consequences.

I'm German so you can imagine why I fundamentally disagree with that notion, even if our laws are sometimes a bit too strict (though that often has more to do with post-WW2 denazification than free speech in particular -- e.g. not being allowed to put nazi symbology in video games, not even as enemies).

UK libel laws and their advertising code are another example of European laws being a bit too strict. But even that is something I'd prefer over the "law of the strongest" in the US.

EDIT: Free speech is obviously a great idea and an important right, but the problem with freedoms and rights is that they can't be absolutes when you live in a society with other people you want to share those rights and freedoms ("your liberty to swing your fist ends where my nose begins"). Additionally some of those freedoms and rights are mutually exclusive so you need to define an order of precedence. Even free speech absolutists generally draw the line somewhere (e.g. generally violence isn't considered speech even if it is a form of expression and few people would defend the right to shout "fire" in a crowded building and not facing the consequences of the resulting mayhem).

In other words "being willing to defend free speech" is a meaningless platitude unless you first define what you consider the acceptable limits of that freedom.

[cocacola1]

free speech*

*Terms and conditions may apply.

[sakabaro]

Yes, both are infringing 1st amendment. It’s not because GDPR seems more acceptable than it’s not built on bad premises.

[JumpCrisscross]

> both are infringing 1st amendment

The First Amendment protects you from the government. Facebook censoring you is not prohibited by the First Amendment. More broadly, I don’t see how GDPR interferes with one’s right to lawful political speech.

[methodover]

He means that both China and the EU (with the GDPR) infringe on freedom of speech.

[isostatic]

How does the GDPR interfere with one’s right to lawful political speech?

[sakabaro]

First amendment is protecting all speeches except direct threats of violence. Right to be forgoten is by essence incompatible with the first.

[M_Bakhtiari]

I'm curious. Can you give an example of where this would infringe on the 1st amendment?

[sakabaro]

Blockchains storing social data is good example. It's infringing by nature GDPR. A decentralised facebook-like social network on the blockchain is not possible anymore. Each node can be sue. It had happened with TOR exit nodes.

[M_Bakhtiari]

IANAL, but crypto-shredding seems to be a viable way to meet GDPR deletion requirements, making it possible to implement compliant blockchains. Of course you'd have to make the nodes comply, but that has nothing to do with blockchains.

But I still don't see the connection with the first amendment.

[sakabaro]

The first protects the nodes to store whatever social data they want. GDPR with particulary the right to be forgotten is a direct attack to this.

[kevinmchugh]

in what sense do european and chinese laws impinge on the (USAmerican) 1st amendment?

[sakabaro]

If you want to run a social media platform, GDPR is infringing your freemdom of speech. You can argue that it’s worth it, for the illusion of more privacy. I just don’t think it is.

[RussianCow]

You still haven't stated how exactly it's infringing on our right to freedom of speech.

[sakabaro]

If on your social network someone wants his posts to be removed, you have to comply under GDPR, or else. HN for example doesn’t allow to remove your comments after some time.

[teamhappy]

And how is me deleting my content your service violating your right to free speech exactly?

[M_Bakhtiari]

It's obviously not suggesting using the GDPR whatever that may turn into in the future, but the contents of the GDPR.

Though I think you're right that they would fight it. It's one thing to have your competitors voluntarily adopt a privacy policy that makes them less profitable, but it's another matter if users flock to them and end up eroding the profit margins of the whole privacy violation industry.

[Hamcha]

Does that mean that a Chinese/Russian company should be free to disregard US laws as well?

[sakabaro]

They already do, don’t they?