GDPR and the upcoming online safety bill and the EU's digital economy regulations makes it nearly impossible for almost anyone to run a forum. That is now only possible by big tech.
GDPR is harder than that, there is a bunch of legal stuff and having to have someone legally responsible to follow the more vague parts of the GDPR.
GDPR is not just "not exploiting their personal data for commercial gain" but a lot of busy work with massive fines if you make any mistakes. How is most community forums going to work with that?
If I don't collect any PII, even to the point of not bothering with analytics, and the only cookies I use are for auth or other absolutely necessary functionality, are there GDPR rules I need to worry about?
No. Various 'consultancies' will tell you otherwise, but the only thing you really need to provide is a chance for users to delete their data. Ideally also an option to extract/download it, but I don't think anyone has ever really been hassled for that.
Contrary to all the BS the tech lobby says, you don't even have to have a cookie banner today I'd you don't collect datat beyond what is technically needed.
Fines are proportional to turnover, and you don't get fined if you don't have any turnover. People are very scared of GDPR in a way that doesn't reflect the actual enforcement!
You do have to avoid leaking, though; it's effectively a requirement to do information security.
I don't understand why that would be the case. GDPR is mostly about personal data (that you don't really need for a forum). The online safety bill would at worst get your forum get blocked in the UK, but I haven't been able to find clear expectations for a forum outside of what I would call "regular moderation". I also didn't find much about the EU's digital economy regulations. Would you mind expanding on why it's nearly impossible for almost anyone to run a forum now?
People can post a lot of personal information to an internet forum without asking the owner and even email addresses count as personal information.
Labour and the Tories are trying to extend The online safety bill to put forum owner in prison if found to be causing harm (whatever that means) and you would have to pay for staff to monitor the forums 24/7 (no one is going to help out if they risk going to prison). All with a fuck ton of vagueness that can millions of pounds of fines.
That will make it impossible for anyone but big tech to run online forums.
Even if that UK bill passes, why can’t Americans and third world residents simply ignore it? If the UK requires ISPs to block the domain, that’s one thing, but how can they realistically enforce prison time on a foreign forum owner? A country that honors such an extradition request is one that is in need to violent replacement with a legitimate government.
Thank you for the explanation. From what you said, blocking the UK looks like the most sane thing to do if you run a forum, though I'm not even sure if that would be enough for them.
People posting their PI on their own in public is however not something the GDPR really covers and so would not affect a forum operator. Leaking users email addresses is another thing of course, but was undesirable before there was GDPR. (Though it might be totally possible to run a forum without requiring email if one is really worried)
You are not wrong though that running forums or any website with user generated content is becoming increasingly difficult for individuals, though the real culprits here on EU level are the recent copyright reform which requires you to remove infringing content quickly and the upcoming Anti-Terror regulation which requires removing content in one hour. Though it might be true, that many of these laws might be toothless against individuals or non-profits, even though they do not specially exclude them. But it really seems lawmakers don't think much of the internet beyond facebook, twitter and google.
If you’re a private American with no EU-based assets, why should you care about GDPR? A US Congress that would enforce an EU fine is a Congress that no longer has legitimately to govern the US.
I have no idea of the status of potential treaties that cover these matters. If I start getting harassed, it’s much easier and safer to block them, rather than escalating things in a direction that could end up in extradition. I would not trust the US government to protect me.