Skrrp :bisexual_flag: on Nostr: npub198t8k…5hasj OK. I've been active here and on _that_ github issue yesterday and ...
npub198t8kgwqas59rvmnghzcdn6krzhxhpkyt2mt53e4g9sdnj74sszss5hasj (npub198t…hasj)
OK. I've been active here and on _that_ github issue yesterday and I have a much better understanding of the situation.
As far as I understand it, the bridge allows users on either side of it to 'follow' ones on the other side. A follow request is generated and the person on the other side of the bridge is welcome to decline. Smells like consent? Read on.
Apparently the bridge will also send delete requests from the Fedi side to BSky. No-one has answered whether BSky will honour those requests. No-one has said what is done with the data BSky side either, but I expect their horrendous American data grabbing/selling ToS to apply. People on the Fedi side will never have a chance to accept or reject this ToS.
That's how it works, now on to my interpretation of the law.
In order for someone to follow someone else across the bridge, discovery is needed. They need a way to view, or search, or whatever, profiles. Without an opt-in, these profiles are automatically passed across the bridge before a follow request can be sent.
Are profiles personal data? Yes. Personal data is anything that can be resolved to an individual. This includes my email address, my IP and definitely npub1l476yffmrar4yqk8jsg0jv67n4glmfena0zmvycwnrrc8ehl6gesux434w (npub1l47…434w).
Is it targeting users in the EU? Yes. While there is no office in the EU the bridge will indiscriminately slurp EU profiles and personal data. I believe the GDPR does apply.
OK. I've been active here and on _that_ github issue yesterday and I have a much better understanding of the situation.
As far as I understand it, the bridge allows users on either side of it to 'follow' ones on the other side. A follow request is generated and the person on the other side of the bridge is welcome to decline. Smells like consent? Read on.
Apparently the bridge will also send delete requests from the Fedi side to BSky. No-one has answered whether BSky will honour those requests. No-one has said what is done with the data BSky side either, but I expect their horrendous American data grabbing/selling ToS to apply. People on the Fedi side will never have a chance to accept or reject this ToS.
That's how it works, now on to my interpretation of the law.
In order for someone to follow someone else across the bridge, discovery is needed. They need a way to view, or search, or whatever, profiles. Without an opt-in, these profiles are automatically passed across the bridge before a follow request can be sent.
Are profiles personal data? Yes. Personal data is anything that can be resolved to an individual. This includes my email address, my IP and definitely npub1l476yffmrar4yqk8jsg0jv67n4glmfena0zmvycwnrrc8ehl6gesux434w (npub1l47…434w).
Is it targeting users in the EU? Yes. While there is no office in the EU the bridge will indiscriminately slurp EU profiles and personal data. I believe the GDPR does apply.