Also forget about regulatory stuff for a minute. Regulation does not follow logic or common sense, so it doesn't make sense to think about it.
Discussion
Elizabeth Warren will be demanding to speak to the CEO of nostr later this year about the harmful conspiracy theories being spread on the platform.
It doesn’t have to make sense, it’s for show.
You think so? I do agree that it is always one (or more) steps behind technological progress, and it is also one or two steps removed from technical reality (as the people making the law struggle to understand and the legal tools are limited). But I do think it follows a logic and common sense. It works with an aim, that is here protect a certain fundamental right.
And leaving aside this more philosophical debate. Nostr and its clients will face regulatory reality after a critical mass. So did all social networks. Nostr is a protocol, yes, but for it to be usable, it needs to provide a fertile ground that considers at least the basics of these regulatory hurdles.
Anyhow, just my concern, loving it also without 😂⚡️
Sounds like someone wants GDPR on nostr. Should do a nip and see if people implement it.
Take the “want” out and don’t limit to “GDPR” :). We talking about a right to deletion, that exists or is going to exist globally. The goal here is to allow mass adoption, meaning overcoming more likely regulatory restriction (child protection on social media, right to self determine).
There is not personal preference in my arguments, just providing a critical opp to make things better.
Does GDPR also require for providers to send users an archive of all their messages?
If a request for access was requested, yes. All data.
You mean email provider? Than yes.
I mean for Nostr relays
It’s probably some grey area if relays count as data processors - I doubt they’re explicitly talked about in the legislation. A lot of companies struggle with this.
It requires that data holder be able to send all the data they hold (basically). My take - all EU relays will honour delete, ditto most others, and most will have a short store times anyway to keep overhead down.
Protocols cannot comply with GDPR. Businesses that collect PII do and this makes nostr GDPR that much harder if not impossible.
Yes, beautifully said. They can however “by design” allow business / operators of clients or relays to comply.
Lets also not call it GDPR :). Seeing such discussions in Japan and all over.
I’ll add this in the next update for the security and privacy guide. Users should know that GDPR does not apply and relays may not respect event deletion requests.
Good idea (it does apply though :)). This is not something you can determine by terms and conditions :).
does it apply to blockchains? has there been cases where a handful of validators for forced to delete blocks for obscure chains?
does it apply to people standing around when you yell out something? can you go up to them and force them to forget the sound vibrations you sent out?
First example is indeed a good one. But do we send out messages (notes)?
Second one less, I think, because that would not be in digital form, right? And lets say they use a device for that digitalizing everything and keeping a record. If that would be the case, especially if a company does it, then yes I humbly think.