Don’t forget we moved!
https://brandmu.day/
On the utility of Logs, Receipts, and Proof
-
-
@Rathenhope As a US citizen operating in the US, with no presence or operations in the European Union, actually no, the EU has no jurisdiction over me to enforce its GDPR.
The EU only has effect on US companies when they also have operations in the EU, which is common for very large businesses.
But a lone individual living outside the EU has no legal obligation at all to abide by EU law, and will suffer no consequences for doing so.
-
-
@Polk said in On the utility of Logs, Receipts, and Proof:
But a lone individual living outside the US has no legal obligation at all to abide by EU law, and will suffer no consequences for doing so.
This is probably true, but is something that will likely require a ruling from a court. Since a MU could be argued to be a product or service that is offered to EU citizens, the law technically does apply.
-
@Pavel No, it doesn’t. The European Union does not have extraterritorial jurisdiction on individuals who are not EU nationals.
They have no legal recourse to touch if you if they don’t like what you’re doing. If you were using a server in the EU, they could go after your server provider.
But if you have no EU presence whatsoever this is your answer to Brussels:
-
MU*s and forums and such would be excluded from GDPR under article 2c; “purely personal activity” which is further clarified in Recital 18 hope that helps.
-
@shit-piss-love said in On the utility of Logs, Receipts, and Proof:
MU*s and forums and such would be excluded from GDPR under article 2c; “purely personal activity” which is further clarified in Recital 18 hope that helps.
That’s highly debatable.
-
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A62001CJ0101 paragraph 47:
That exception must therefore be interpreted as relating only to activities which are carried out in the course of private or family life of individuals, which is clearly not the case with the processing of personal data consisting in publication on the internet so that those data are made accessible to an indefinite number of people.
While this related to the Data Protection Directive, the wording of the exception was the same and so should a similar case arise for the GDPR we might find the limits of what is considered a ‘purely personal’ activity.
Also yes while the EU has no jurisdiction over a US citizen, there are similar regulations in America, the California Consumer Privacy Act for example.
I’m fairly sure no one’s tested if a MU would count as an entity under any of these situations, especially as one of the distinguishing requirements is often ‘for profit’ which many MUs are not. My point was that by moving from a ‘log the access stuff’ to a ‘log everything my players type’ model has the potential, imperceptibly small as it may be, to fall foul of one of a million data protection regulations if someone was unhappy about how their data was used.
God, I hope no one takes a MU to court I don’t want my hobby splashed across the newspapers.
-
@Rathenhope said in On the utility of Logs, Receipts, and Proof:
God, I hope no one takes a MU to court I don’t want my hobby splashed across the newspapers.
I look forward to explaining exactly what I do online to my mother.
-
@Pavel said in On the utility of Logs, Receipts, and Proof:
@shit-piss-love said in On the utility of Logs, Receipts, and Proof:
MU*s and forums and such would be excluded from GDPR under article 2c; “purely personal activity” which is further clarified in Recital 18 hope that helps.
That’s highly debatable.
It is, and I’m gonna, because respectfully, that is incorrect. A MU* fails to meet the exemption threshold of “purely personal or household activity”. Let’s look at it.
1This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. 2Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities. 3However, this Regulation applies to controllers or processors which provide the means for processing personal data for such personal or household activities.
The 2003 definition of “purely personal or household activity” is referenced by the GDPR and codified by case law from Lindquist, and you can read more about it here.
TLDR, the exemption would apply if the site, app, or service was exclusively used in the commission of family or private (meaning you, alone) activity, but an MU* falls short of that because you don’t have a familial or even personal relationship with the data subjects. Please note that in the Lindquist case, being a member of the same church did not constitute this personal relationship, so it’s doubtful that your Discord buddy AxeMurderer#0772 that you invited to your game, or the eight people who came with them but “they’re cool, dude!” will surpass the threshold.
It’s also incorrect that GDPR can’t apply to you if you live outside the EU. GDPR doesn’t protect you, but it still applies to you unless you simply bar EU member residents from participating in your service.
It’s also worth pointing out that the GDPR doesn’t stipulate you be any kind of EU member citizen, or even a resident. If I take my laptop to Spain and login from a cafe, guess what? Oh that’s right baby. I’m protected by GDPR.
Could you get away with giving the finger and seeing if you get dragged to court anyway? Sure, but at the point that you get that notarized letter from the IOC, your ass in the fire and we’re in a weird place, because it would be absolutely crazypants to go after an MU*, but just because it would be weird as hell doesn’t mean that it cannot actually be done under the auspice of current law. It sure can. And stranger things have happened.
-
@Pax said in On the utility of Logs, Receipts, and Proof:
because you don’t have a familial
Does it count if most of the players act like children?
-
@Pavel said in On the utility of Logs, Receipts, and Proof:
Does it count if most of the players act like children?
he found the loophole!
-
@Pax said in On the utility of Logs, Receipts, and Proof:
@Pavel said in On the utility of Logs, Receipts, and Proof:
Does it count if most of the players act like children?
he found the loophole!
Nah, then I’d have to deal with COPPA.
-
Well I’m not a lawyer so my take re: personal/household exemption is only based on scuttlebutt at work where that’s a relevant discussion. If we wanted to really expand this thought experiment out I don’t think a MU* that doesn’t collect fees qualifies the GDPR remit of an “enterprise” and then there’s also an org size lower limit (around 200 iirc) for qualification as well. I think some of us are just flexing our big brains this morning (me included) which is fun and cool but if someone is legit concerned about whether they are exposed you should consult a real lawyer in an official capacity.
-
@Pavel said in On the utility of Logs, Receipts, and Proof:
You also get the Penistone/Scunthorpe problem.
One of my more glorious internet moments was when a forum turned what I wrote into something very like this:
You wouldn’t think so to look at them, but **** can fly, and are likely to spring into the air, swoop down and hit you hard in the face.
The censored word is “peacocks.”
-
I suggest you work instead on just establishing trust.
Be reliable – show up when you say you will, get stuff done when you say you will, if it is at all possible, warn people and apologize* when you’re going to be late or cancel.
Be accessible – Seriously. Establish a bullshit chat channel, encourage everybody to use it, and use it yourself. Take some time, regularly, to blether and joke around and talk about pie with the players. Give people a chance to get to know you. It’s also a good way to model standards of courtesy.
Si non confectus, non reficiat – If it ain’t broke, don’t fix it. Don’t take real freedoms or comforts from real players to fix potential problems. In that direction tyranny lies.
*edited to add: Apologize. Sincerely, with grace, and every frickin’ time you inconvenience somebody, hurt feelings, or just make an awkward mistake. It’s going to happen. If apologizing hurts and having people notice your mistakes is an affront, practice until you can do it, before you take on this project.
-
@Pavel said in On the utility of Logs, Receipts, and Proof:
@Rathenhope said in On the utility of Logs, Receipts, and Proof:
God, I hope no one takes a MU to court I don’t want my hobby splashed across the newspapers.
I look forward to explaining exactly what I do online to my mother.
I realize this is probably mostly facetious but I actually did have to explain this hobby to my mother recently, who is exactly the sort of person I was worried might find it strange. It took about fifteen minutes since she didn’t even have like a baseline for it, haha, but at the end she kinda just went “oh, ok. That’s not even close to the weirdest thing you could have told me you were doing online.”
The times, they are a’changin’!
-
I explain MU*s to people as “online collaborative writing” and they seem to get it.
-
I was obligated to go into more detail for reasons, but yeah I’ve boiled it down to that for curious friends before too.
-
@shit-piss-love said in On the utility of Logs, Receipts, and Proof:
I explain MU*s to people as “online collaborative writing” and they seem to get it.
I now have to explain “I’m a moderator on a forum devoted to drama in the online collaborative writing community.”