On Fri, Sep 4, 2020 at 7:48 AM Tomasz Torcz <tomek@xxxxxxxxxxxxxx> wrote:
>
> On Fri, Sep 04, 2020 at 07:16:02AM -0400, Neal Gompa wrote:
> > On Fri, Sep 4, 2020 at 7:10 AM clime <clime@xxxxxxxxxxxxxxxxx> wrote:
> > >
> > > On Fri, 4 Sep 2020 at 12:59, clime <clime@xxxxxxxxxxxxxxxxx> wrote:
> > > >
> > > > On Fri, 4 Sep 2020 at 12:48, Aoife Moloney <amoloney@xxxxxxxxxx> wrote:
> > > > >
> > > > > However, the General Data Protection Regulation (GDPR) [3] and the California
> > > > > Consumer Privacy Act (CCPA) [4] basically makes the Fedora Infrastructure team
> > > > > (and thus Red Hat) responsible for the content hosted by any services running in
> > > > > our infrastructure. In other words, the Fedora Infrastructure team would be
> > > > > responsible to answer all GDPR/CCPA related requests and requirements for any
> > > > > and all services running in communishift (services that the team has 0 knowledge
> > > > > about, that's the whole goal of communishift).
> > >
> >
> > My read of this is that right now, there will be no way for the
> > community to run applications in Fedora Infrastructure in a way that
> > CPE can be divorced from it completely. That is because their goal of
> > running only OpenShift and then not caring about what's inside is
> > legally not possible.
>
>
> Hmm. But how, for example, cloud providers are able to provide
> infrastructure without taking responsibility for what's hosted?
I think that has to do with service agreements between the
provider and its customers, and the expectation that if provider is
made aware of a violation of one of its customers, it will cooperate
with (say EU) . Otherwise, the provider would have to be scanning the
contents of every single of its customers at all the times, which then
can in itself become a GDPR violation.
Take google for example: as I type this reply it is highlighting what
it considers to be spelling and grammatical errors as I type. That
means it is reading everything I am typing right now and probably
storing it somewhere to (at very least) improve its algorithm, and
more. If I have a file in google drive, chances are it is being
scanned. This is fundamentally different than just hosting the data
and not interfering with customer besides ensuring said customer is
not hogging the resources.
> I don't think GCP is handling any GPDR/CCPA requests for clients' stuff…
> I don't really expect an answer. From my experience, it's impossible
> to get straight, yes/no, binary answer from lawyers.
>
Also the wording on GDPR's regulations is intentionally vague.
CCPA is but an American/Californian response to GDPR but not as aimed
at protecting the individual since
1. The CCPA applies to any business which does business in California
(including data brokers), that satisfies at least one of the
thresholds :
1.1 Has annual gross revenues in excess of $25 million;
1.2. Buys, receives, or sells the personal information of 50,000 or
more consumers or households; or
1.3. Earns more than half of its annual revenue from selling
consumers' personal information.
1.4. Provides an opt-OUT *right* for sales of personal information
versus opt-IN *necessity* for GDPR
> --
> Tomasz Torcz Only gods can safely risk perfection,
> tomek@xxxxxxxxxxxxxx it's a dangerous thing for a man. — Alia
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
