💾 Archived View for rawtext.club › ~sloum › geminilist › 006796.gmi captured on 2023-09-28 at 16:39:05. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

GDPR and the protocol implications

Matthias Geier matthias.geier at antipod.de

Fri Jun 25 09:59:32 BST 2021

- - - - - - - - - - - - - - - - - - - 

Hello fellow developers

To say that upfront, I searched most of the archive, didn't find that topicin there

About gdpr and certificates. If I am not mistaken, before I even requestthe TLS certificate, I'd need to get a user consent, not to mention storingit.

On a capsule like station, you can ignore the certificate until you signup, but for instance if I want to prevent spam/DoS and check against acertification authority, I'd need to get permission for that first. Whichbeats the purpose partially

Is the manual opt-in to show a cert on a specific domain enough for gdpr(clients require you to set the cert for the domains)? I can't show a gdprwarning on the cert missing error, since the spec doesn't allow me to.

Not to mention other consent stuff for storing and processing information?

I am aware that the small internet won't be sued soon, because no onecares. However hosting a service in the EU as a private person has becomedangerous and you don't want to end up with a fine in the 10k range forinfringement

Any opinions, best practices, advice, discussion is welcome 🙃-------------- next part --------------An HTML attachment was scrubbed...URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210625/c6d0b941/attachment.htm>