this post was submitted on 18 Feb 2026
22 points (100.0% liked)

General Data Protection Regulation (“GDPR”) ⚖

1385 readers
2 users here now

Everything related to the #GDPR is discussed here. This is the first and only community specifically for GDPR topics which is decentralized and outside of walled-gardens. #EDPB recommendations and guidance can and should also be discussed here.

For the moment, chatter on the similar California Consumer Privacy Act (CCPA) could be discussed at least until the volume of messages compels us to split it into a separate community.

founded 2 years ago
MODERATORS
freedomPusher@sopuli.xyz
22
Google criticizes Europe's plan to adopt free software -- this abuses a GDPR hole that FOSS compensates for (sopuli.xyz)
submitted 3 days ago* (last edited 3 days ago) by freedomPusher@sopuli.xyz to c/gdpr@sopuli.xyz
9 comments fedilink hide all child comments
 

GDPR Art.5 and other parts try to guarantee data subjects transparency on how their data is processed. The overlooked problem is when a data subject installs a closed-source app, they have no idea how their personal data is being processed inside that black box. And since the processing is performed by the data subject themself, they have no legal mechanism to become informed on how the data is processed.

FOSS solves this. FOSS is a crutch for a GDPR hole. Google’s advocacy is an assault on data protection. Yet they have the audacity to claim closed-source s/w gives a data protection benefit.

(update) Closed-source licenses → extra perverse

The last license agreement I read for a closed-source phone app prohibited studying the app or reverse-engineering it. So not only are data subjects technologically blocked from transparency on how their data is processed, they are also contractually blocked from even trying.

top 9 comments
sorted by: hot top controversial new old
[–] Asfalttikyntaja@sopuli.xyz 3 points 3 days ago

When Google start to complain, we know Europe is making something right.

[–] A_norny_mousse@piefed.zip 3 points 3 days ago* (last edited 3 days ago)

lol.

Google: "This is bad for (our) business."

What more is there to say. It is very obvious why they would react like this.

[–] IAmNorRealTakeYourMeds@lemmy.world 2 points 3 days ago (1 children)

would somebody think of the poor shareholders

[–] freedomPusher@sopuli.xyz 1 points 3 days ago (1 children)

That probably includes anyone with a retirement account. It must require quite some effort to pick funds that exclude Alphabet Inc.

[–] IAmNorRealTakeYourMeds@lemmy.world 1 points 3 days ago (1 children)

bullshit, leaving one failing stock that's about to lose a huge market is just a smart idea.

[–] freedomPusher@sopuli.xyz 1 points 3 days ago* (last edited 3 days ago) (1 children)

A “fund” is not an individual stock. A fund is a huge collection of stocks managed by someone else. I have had retirement accounts where I just get tick boxes like: aggressive, conservative, and moderate. If you look at the docs for a mutual fund, typically only their 10 biggest holdings are disclosed. They don’t bother to list the other 500+ holdings.

I would love to specify corporations who I want to blacklist and require funds to be filtered on that, but I have never seen an investment tool that has such a thing. If you find one, please let me know.

This person has the right idea:

https://sopuli.xyz/post/41286109

Of course to get that level of purity means ditching all mutual funds and other managed funds and just picking unmanaged/specific investments. Which he suggests could be a full-time job.

[–] IAmNorRealTakeYourMeds@lemmy.world 1 points 3 days ago

let's be clear here.

the USA has been threatening a war against Europe.

Getting rid of USA based services is a matter of national safety. not just a discussion of stock values or economy.

And EU using EU based resources just makes sense.

[–] SirHaxalot@nord.pub 1 points 3 days ago (1 children)

Wait, are they saying that when hosting services based on open source you can just refer to the source to explain how data is processed? Or am I missing something?

Because realistically that is still a quite high bar for anyone who wants to understand how data is processed compared to requiring a privacy policy.

[–] freedomPusher@sopuli.xyz 2 points 3 days ago* (last edited 3 days ago)

Wait, are they saying that when hosting services

Is “they” me? Hosting services is not an issue because it’s a service, which means the hosting service has a GDPR obligation to express in plain language how data is processed. Code transparency does not matter in that regard.

When a controller pushes closed-source software onto data subjects who are expected to execute it on their own equipment, then the GDPR hole manifests. The controller has no obligation to tell you how your data is processed by their black box software. And worse, they go as far as to contractually block you from studying the code. In this case, your only hope for transparency is to use FOSS instead. And (as you say) that ad hoc privilege is only useful for those who can read code. But at least reviewers can explain in plain language to others what the code does.

If “they” is Google, Google is claiming closed source benefits data protection:

“Walker suggested that American companies could collaborate with European firms to implement measures ensuring data protection. Local management or servers located in Europe to store information are among the options.”