“The SCOPE Act takes effect this Sunday, Sept. 1, and will require everyone to verify their age for social media.”
So how does this work with Lemmy? Is anyone in Texas just banned, is there some sort of third party ID service lined up…for every instance, lol.
But seriously, how does Lemmy (or the fediverse as a whole) comply? Is there some way it just doesn’t need to?
Why should it affect LW or any other (non-Texan) instance? Any rogue country with populists at the head can implement any arbitrary legislation. That does not affect Lemmy instances hosted in countries with reasonable governments. If Texas wants to enforce their rules (or punish for non-compliance), it is on them to approach instance admins or block the site in their corner of the global internet.
This is a fair view. I’m not sure anyone has gotten that far, especially outside the country.
Heres an article about a similar bill in Utah, that hasn’t gone into effect yet.
What’s not clear from the Utah bill and others is how the states plan to enforce the new regulations.
I mean if the general consensus is that it doesn’t apply, then, cool.
I live in Texas, and can confidently tell you the people writing these laws have no fundamental concept of what the internet is or how to implement or enforce such a law for consistent adherence.
I can also tell you with confidence this law will be wielded with impunity against specific companies/sites our corrupt, petulant AG decides to go after. Fuck Ken Paxton.
As far as users in Texas, this is nothing a VPN can’t fix.
Is there a way to put a VPN on the router, so that all devices are covered?
I can absolutely see Texas looking at it the other way. “Your website can be accessed by our citizens? On you to comply with our laws.” They then spit out a bunch of criminal charges that make things rather inconvenient for some instance hosts. The US reach into international banking systems is uncomfortably long.
The real problem question is about federation. You can post to an instance from any federated instance. If an account is created in one instance and the user posts to a federated instance are both liable? You have to be able to create accounts AND post to be subject to the law. Can one instance not allow posts but host accounts for participation in other instances to skirt around the law?
That would require jurisdiction to charge them anyways. They do not have such power.
Look where it’s hosted? Sorry, but this approach has been outdated for decades. Laws apply when you address the users inside that legislation. No matter where you are, where your server is, etc.
Do you have examples of that? From what I’ve seen the laws only apply if a business has a physical presence in that state or country.
Everywhere…
Today here: https://sh.itjust.works/post/24478719
Is there any Lemmy hosted in the US? Texas can put on a stunt against any US instance, but don’t see them even trying for anything from the rest of the world. Too much work/money with too little chance of success.
As someone neither living nor hosting my instance in Texas I’ll basically ignore it, and if it came to it I’d block the entirety of Texas if they somehow convince courts to enforce this outside of Texas.
Lemmy isn’t social media. Ignoring that though, the law actually says:
According to the Texas Office of the Attorney General, this new law will primarily “apply to digital services that provide an online platform for social interaction between users that: (1) allow users to create a public or semi-public profile to use the service, and (2) allow users to create or post content that can be viewed by other users of the service. This includes digital services such as message boards, chat rooms, video channels, or a main feed that presents users content created and posted by other users.”
Which literally applies to every single site on the entire planet that has a comment section. This law is incredibly unenforceable.
Nuh uh! I’m a Sovereign Netizen and I’m not driving social engagement, I’m just a traveler on the information superhighway!
They said its not but, I think the argument they were trying to make was that it’s not enforceable.
It’s absolutely not. It has none of the hallmarks of social media (personal relationship, feed of user activity, likes and shares). It’s a forum. Forums existed for decades before social media. If you define forums as social media then you are defining every comment section on every site, including news sites, help sites, things like stack overflow even, as social media which is clearly ridiculous and so broad as to be a useless definition.
Yep. This is another dumbass politicians trying to solve a problem that doesn’t exist with a solution that doesn’t work.
It’s a social news aggregator. I assume the difference is, that this is to follow mainly news, whereas social media is to mainly follow people. In my 10 years of reddit and now Lemmy I never followed any account, I was just there for the niche topics and news aggregation.
I totally disagree on both counts: forums are social media, and Lemmy is not a mere forum. Lemmy is a platform where people can create forums, and many of those forums (communities) exist mainly to socialize.
I’ll give you that some forums (both on Lemmy and otherwise) that have a clear defined topic - such as tech support for a particular thing - are somewhat different from “social media”, but even in those three are often regulars who use the forum to socialize with each other. Any forum with an “off-topic” subforum is social media in my book, in a very real sense (not just technically).
But hey, we can disagree on this and it’s fine.
A forum?? Which have existed for literal decades before social media was a thing? If you define literally anything social as social media then you’re defining the entire internet as social media which is just a useless definition.
The answer? Block Texas
Not joking. If suddenly hundreds or thousands of sites would become unavailable. It wouldn’t last a week
That didn’t work with porn, so it’s not a good idea for less popular websites.
The same way lemmy works with GPDR. Lemmy completely ignores it.
At times like this I wish we had /c/LegalAdvice - would love for someone who says “IAAL” to chime in.
Some of the biggest lemmy instances - lemmy.world, feddit.de - are based in the EU. I don’t understand how EU based instances like these would be able to get away with not following GDPR.
Though, it may be more that GDPR doesn’t apply, as per https://decoded.legal/blog/2022/11/notes-on-operating-fediverse-services-mastodon-pleroma-etc-from-an-english-law-point-of-view/
[The UK GDPR] does not apply to … the processing of personal data by an individual in the course of a purely personal or household activity
But for those spinning up an instance of a fediverse service for them and their friends, for a hobby, I think there’s far more scope for argument.
In any case it seems like asking a fediverse instance to be compliant with the GDPR is possible, see for an example at https://sciences.re/ropa/ and https://mastodon.social/@robin/109331826373808946 for a discussion.
They won’t be able to the second someone reports them and a spotlight is put onto them. It does apply. Devs just don’t give a shit and admins are hosting what’s available.
a purely personal or household activity
No chance. This is what makes it legal to share data within a family and, to a degree, among friends. Running an open social media platform is neither a personal nor a household activity.
The UK is not part of the EU. They kept the GDPR when they left, but it should not be assumed that the UK interpretation is always the same.
The GDPR is not very thoroughly enforced; much to the chagrin of some people. This may or may not change in the future. It would be politically quite unpopular, a bit like thoroughly enforcing no-parking zones.
It’s going to be a big problem when the EU catches wind. Gpdr is a nasty law, hard to comply with properly, and has harsh fines. And no, “we tried to comply” will not fly
hard to comply with properly
Not at all. Don’t collect personal data that’s not technically necessary for the service to work. Tell users what data is collected and for what purposes. Done.
It doesn’t exactly ignore it, but in a sense GDPR doesn’t apply to Lemmy.
Long story short, GDPR is made to protect private information, and EVERYTHING in Lemmy is public so there is no private information to protect. It’s similar to things like pastebin or even public feed in Facebook, companies cannot be penalized for people willingly exposing their information publicly, but private information that is made public is a problem.
That is entirely incorrect. It is general data protection regulation, not privacy regulation.
You are given certain rights over data relating to you. For example: you may have it deleted. Have you googled the name of a person? At the bottom, you will find a notice that “some results may have been removed”. Under the GDPR, you can make search engines delete links relating to you; for example, links to unflattering news stories (once you are out of the public eye).
Sorry, forgot about answering here. Although the name is General data it is about personal data. I was going to reply with point by point why it either doesn’t apply to Lemmy or it follows GDPR, but I think it might be easier to answer directly your point about right to be forgotten.
First of all Lemmy allows you to delete your posts and user so it complies with it, but even if it didn’t GEPR has this to say:
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
Paragraphs 1 and 2 are the right to be forgotten
for exercising the right of freedom of expression and information;
Which one could argue is public forum primary use
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;
Which again one could argue is part of the purpose of Lemmy as well.
