this post was submitted on 18 Feb 2026
22 points (100.0% liked)

General Data Protection Regulation (“GDPR”) ⚖

1385 readers
2 users here now

Everything related to the #GDPR is discussed here. This is the first and only community specifically for GDPR topics which is decentralized and outside of walled-gardens. #EDPB recommendations and guidance can and should also be discussed here.

For the moment, chatter on the similar California Consumer Privacy Act (CCPA) could be discussed at least until the volume of messages compels us to split it into a separate community.

founded 2 years ago
MODERATORS
freedomPusher@sopuli.xyz
22
Google criticizes Europe's plan to adopt free software -- this abuses a GDPR hole that FOSS compensates for (sopuli.xyz)
submitted 3 days ago* (last edited 3 days ago) by freedomPusher@sopuli.xyz to c/gdpr@sopuli.xyz
9 comments fedilink hide all child comments
 

GDPR Art.5 and other parts try to guarantee data subjects transparency on how their data is processed. The overlooked problem is when a data subject installs a closed-source app, they have no idea how their personal data is being processed inside that black box. And since the processing is performed by the data subject themself, they have no legal mechanism to become informed on how the data is processed.

FOSS solves this. FOSS is a crutch for a GDPR hole. Google’s advocacy is an assault on data protection. Yet they have the audacity to claim closed-source s/w gives a data protection benefit.

(update) Closed-source licenses → extra perverse

The last license agreement I read for a closed-source phone app prohibited studying the app or reverse-engineering it. So not only are data subjects technologically blocked from transparency on how their data is processed, they are also contractually blocked from even trying.

you are viewing a single comment's thread
view the rest of the comments
[–] freedomPusher@sopuli.xyz 2 points 3 days ago* (last edited 3 days ago)

Wait, are they saying that when hosting services

Is “they” me? Hosting services is not an issue because it’s a service, which means the hosting service has a GDPR obligation to express in plain language how data is processed. Code transparency does not matter in that regard.

When a controller pushes closed-source software onto data subjects who are expected to execute it on their own equipment, then the GDPR hole manifests. The controller has no obligation to tell you how your data is processed by their black box software. And worse, they go as far as to contractually block you from studying the code. In this case, your only hope for transparency is to use FOSS instead. And (as you say) that ad hoc privilege is only useful for those who can read code. But at least reviewers can explain in plain language to others what the code does.

If “they” is Google, Google is claiming closed source benefits data protection:

“Walker suggested that American companies could collaborate with European firms to implement measures ensuring data protection. Local management or servers located in Europe to store information are among the options.”