cross-posted from: https://jlai.lu/post/37085796

Sure, a Romanian marketplace did something bad, what do I care, you might think. But the problem here is two-fold: First, the ruling is written in a way that can be generalised beyond only Romanian online market places, and into pretty much all platforms that fall under GDPR and handle social data. Secondly, copying and publishing data on other websites is exactly what federation is. The function of open social networking protocols like ActivityPub and atproto at their core is to have social data be copied and published on other websites.

This is an uhhh, slight bit of a problem, when European legal rulings make it very unclear if federation itself is in compliance with GDPR.